HCX Protocol
v0.9
v0.9
  • Summary*
  • Glossary*
  • Context
  • Introduction to HCX*
  • Technical Specifications
    • Open Protocol
      • Registries*
        • QR Code Specifications*
      • Claims Data Exchange (HCX) Protocol
        • Message Flows*
          • Primary Message Flow
          • Additional Message Flows
            • Redirect
            • Forward
            • Intra Cycle Communication*
              • Seeking Supporting Information
              • Seeking Beneficiary Consent
              • Seeking Account Information
            • Relay
            • Third party Information sharing
          • Notifications
            • Categories
            • List of key topics
        • Message Structure
        • API Specifications*
          • Registry APIs
          • Primary Flow APIs
          • Supporting APIs
          • Notification APIs
        • Error Handling
      • Data Security and Privacy
        • Transport Security
        • Message Security and Integrity
        • API Security*
      • Audit and Reporting
    • Digital Network Policies
  • Domain Specifications
    • Domain Data Models
      • Handling Attachments
      • Handling Processing Errors
    • Terminologies
    • Domain Specific Languages (DSLs)
    • FHIR Implementation Guide*
  • Business Policy Specifications
    • Access Control (Roles)*
    • Guidelines for Participant Onboarding*
      • Sandbox process
      • Production onboarding (Go live)*
      • Potential De-boarding scenarios
    • Guidelines for Grievance Redressal
      • Scope of disputes
      • Involved participants
      • Guideline process for dispute resolution
      • Guidelines for leveraging FTA
      • Next steps
    • Guidelines for SLAs and ecosystem satisfaction
    • Guidelines for Operating charges
    • Guidelines for Beneficiary Authentication by Providers/Payors
    • Guidelines for Event audits
    • Reference Templates
      • HCX - Terms of use
      • Payer-Provider addendum
      • Payer-Policyholder addendum
    • Next steps
  • Use cases*
    • OPD
      • Typical Workflows
        • Cashless
        • Reimbursement
      • Mapping to the HCX protocol
        • Cashless
        • Reimbursement
    • IPD
      • Typical Workflows
        • Cashless
        • Reimbursement
      • Mapping to the HCX protocol
        • Cashless
        • Reimbursement
    • Implementation Considerations
  • Contributing to the protocol
  • Future Focus Areas*
Powered by GitBook
On this page

Was this helpful?

Edit on GitHub
  1. Business Policy Specifications

Access Control (Roles)*

Roles and access control policies on Health Claims Exchange

PreviousBusiness Policy SpecificationsNextGuidelines for Participant Onboarding*

Last updated 1 year ago

Was this helpful?

Participating organisations in the the Health Claims information exchange ecosystem may possess one or more of the roles mentioned below. These roles are based on the base set of organisation roles defined in hl7 specifications . Name spaced coding is used to further qualify the role in the context of the claims exchange process.

This section has undergone significant enhancements to accommodate the scope and the requirements of , and streamlining action categories for clarity. The key changes include:

  1. Expansion of Provider Roles: The Provider role has been expanded to explicitly represent hospitals, clinics, practitioners, diagnostics, and pharmacies, aligning with the needs of OPD use cases. This expansion serves several following key purposes:

    1. Tailored Onboarding: Separating provider roles enables the possibility of tailored onboarding processes unique to each role. This approach fosters deeper trust in the participants joining the network.

    2. Adjudication Flexibility: The differentiation of roles allows for the application of distinct sets of adjudication rules based on provider and claim types, offering more precise control and compliance.

    3. Enhanced Visibility and Analytics: This separation provides a more granular view of network activities, thereby improving analytics and insights into the network's operations.

  2. Introduction of the BSP Role: A new role, BSP (Beneficiary Service Platform), has been introduced to accommodate digital platforms dedicated to assisting beneficiaries. This addition reflects the evolving landscape of healthcare services and ensures that the protocol remains adaptable to emerging beneficiary support systems.

  3. Categorisation of Actions into Access-Groups: To simplify the understanding of API usage on the HCX network, actions have been grouped into categories.

  1. provider - Health Service Provider (An entity that delivers care services) roles as below

    1. provider.hospital - Organised hospitals.

    2. provider.clinic - Independent clinics/ small care setups.

    3. provider.practitioner - Individual practitioners.

    4. provider.diagnosticsFacility - Diagnostic testing/laboratory services facility.

    5. provider.pharmacy - Pharmacies and drug stores.

  2. payer - Insurance service provider, an entity providing reimbursement, payment, or related services.

  3. agency.tpa - Third party administrator, entity acting on behalf of the payer. In the current version, this role is expected to behave like a payer from the data exchange perspective.

  4. agency.regulator - IRDAI and IIB like regulatory bodies.

  5. research - Research groups, etc.

  6. member.isnp - eCommerce platforms facilitating insurance adoption.

  7. agency.sponsor - Scheme owners of specific programs, e.g. NHA for. Ayushman Bharat.

  8. HIE/HIO.HCX - An entity that facilitates electronic clinical data exchange between entities, e.g. other HCXs.

  9. BSP - Beneficiary Service Platform, digital platforms dedicated to assisting beneficiaries.

Access Groups

To streamline the existing method of delineating access rights for various roles in HCX, we present the following essential access groups:

Claim Initiators

These roles are responsible for initiating claims on behalf of policyholders, including providers and BSPs. The table below enumerates the key APIs that are initiated and responded to by these roles.

APIs initiated
Apis responded

/coverageeligibility/check

/communication/request

/preauth/submit

/paymentnotice/request

/predetermination/submit

/claim/submit

/hcx/status

/notification

/registry/search

/eob/on_fetch

Claim Responders

These roles encompass entities that receive and process claims, such as payers and TPAs. The table below enumerates the key APIs that are initiated and responded to by these roles.

APIs initiated
APIs responded

/coverageeligibility/on_check

/coverageeligibility/check

/preauth/on_submit

/preauth/submit

/predetermination/on_submit

/predetermination/submit

/claim/on_submit

/claim/submit

/communication/request

/hcx/status

/paymentnotice/request

/eob/fetch

/hcx/on_status

/notification

/registry/search

/eob/on_fetch

Claim Observers

These roles, while not directly engaged in claim processing, monitor claims for various purposes. This category includes regulators, observers, sponsors, and more. The table below enumerates the key APIs that are initiated and responded to by these roles.

APIs initiated
APIs responded

/eob/fetch

/notification

Following section focuses on the participant onboarding requirement & processes on HCX.

Initial recommendations about onboarding policies of the new roles is included in the section.

here
OPD and Reimbursement use cases
Guidelines for Participant Onboarding