HCX Protocol
v0.9
v0.6v0.7v0.8v0.7.1v0.9
v0.9
v0.6v0.7v0.8v0.7.1v0.9
  • Summary*
  • Glossary*
  • Context
  • Introduction to HCX*
  • Technical Specifications
    • Open Protocol
      • Registries*
        • QR Code Specifications*
      • Claims Data Exchange (HCX) Protocol
        • Message Flows*
          • Primary Message Flow
          • Additional Message Flows
            • Redirect
            • Forward
            • Intra Cycle Communication*
              • Seeking Supporting Information
              • Seeking Beneficiary Consent
              • Seeking Account Information
            • Relay
            • Third party Information sharing
          • Notifications
            • Categories
            • List of key topics
        • Message Structure
        • API Specifications*
          • Registry APIs
          • Primary Flow APIs
          • Supporting APIs
          • Notification APIs
        • Error Handling
      • Data Security and Privacy
        • Transport Security
        • Message Security and Integrity
        • API Security*
      • Audit and Reporting
    • Digital Network Policies
  • Domain Specifications
    • Domain Data Models
      • Handling Attachments
      • Handling Processing Errors
    • Terminologies
    • Domain Specific Languages (DSLs)
    • FHIR Implementation Guide*
  • Business Policy Specifications
    • Access Control (Roles)*
    • Guidelines for Participant Onboarding*
      • Sandbox process
      • Production onboarding (Go live)*
      • Potential De-boarding scenarios
    • Guidelines for Grievance Redressal
      • Scope of disputes
      • Involved participants
      • Guideline process for dispute resolution
      • Guidelines for leveraging FTA
      • Next steps
    • Guidelines for SLAs and ecosystem satisfaction
    • Guidelines for Operating charges
    • Guidelines for Beneficiary Authentication by Providers/Payors
    • Guidelines for Event audits
    • Reference Templates
      • HCX - Terms of use
      • Payer-Provider addendum
      • Payer-Policyholder addendum
    • Next steps
  • Use cases*
    • OPD
      • Typical Workflows
        • Cashless
        • Reimbursement
      • Mapping to the HCX protocol
        • Cashless
        • Reimbursement
    • IPD
      • Typical Workflows
        • Cashless
        • Reimbursement
      • Mapping to the HCX protocol
        • Cashless
        • Reimbursement
    • Implementation Considerations
  • Contributing to the protocol
  • Future Focus Areas*
Powered by GitBook
On this page

Was this helpful?

Edit on GitHub
  1. Technical Specifications
  2. Open Protocol

Data Security and Privacy

Details of mechanisms to ensure data security and privacy

The HCX protocol is designed with a strong emphasis on safeguarding sensitive information exchanged during the claims process—such as personal identifiers and health-related data. In addition to facilitating secure data exchange, the Data Security and privacy measures in HCX align with key regulatory frameworks including India’s Personal Data Protection Bill (2019), the Information Technology Act (2000), and—where applicable—international standards like the GDPR.

While the responsibility for securing data at rest lies with the sender and receiver, in accordance with applicable local regulations, HCX defines a robust approach for data protection in transit, API-level security, and message integrity. These mechanisms not only meet present-day privacy and security expectations but also offer the flexibility to adapt to evolving data protection laws—ensuring continued compliance without compromising the confidentiality or integrity of sensitive health information.

A wide range of language-specific libraries are available to implement the necessary encryption, digital signing, and verification mechanismsrecommended in this protocol.

The subsequent sections detail the layered security model used in HCX:

  • Transport Layer Security (SSL/TLS): For securing communication channels.

  • API Security: Including token-based authentication and access control.

  • Payload Security and Message Integrity: Ensuring end-to-end confidentiality and tamper detection.

PreviousError HandlingNextTransport Security

Last updated 13 days ago

Was this helpful?