Access Control (Roles)*
Roles and access control policies on Health Claims Exchange
Participating organisations in the the Health Claims information exchange ecosystem may possess one or more of the roles mentioned below. These roles are based on the base set of organisation roles defined in hl7 specifications here. Name spaced coding is used to further qualify the role in the context of the claims exchange process.
This section has undergone significant enhancements to accommodate the scope and the requirements of OPD and Reimbursement use cases, and streamlining action categories for clarity. The key changes include:
Expansion of Provider Roles: The Provider role has been expanded to explicitly represent hospitals, clinics, practitioners, diagnostics, and pharmacies, aligning with the needs of OPD use cases. This expansion serves several following key purposes:
Tailored Onboarding: Separating provider roles enables the possibility of tailored onboarding processes unique to each role. This approach fosters deeper trust in the participants joining the network.
Adjudication Flexibility: The differentiation of roles allows for the application of distinct sets of adjudication rules based on provider and claim types, offering more precise control and compliance.
Enhanced Visibility and Analytics: This separation provides a more granular view of network activities, thereby improving analytics and insights into the network's operations.
Introduction of the BSP Role: A new role, BSP (Beneficiary Service Platform), has been introduced to accommodate digital platforms dedicated to assisting beneficiaries. This addition reflects the evolving landscape of healthcare services and ensures that the protocol remains adaptable to emerging beneficiary support systems.
Categorisation of Actions into Access-Groups: To simplify the understanding of API usage on the HCX network, actions have been grouped into categories.
provider - Health Service Provider (An entity that delivers care services) roles as below
provider.hospital - Organised hospitals.
provider.clinic - Independent clinics/ small care setups.
provider.practitioner - Individual practitioners.
provider.diagnosticsFacility - Diagnostic testing/laboratory services facility.
provider.pharmacy - Pharmacies and drug stores.
payer - Insurance service provider, an entity providing reimbursement, payment, or related services.
agency.tpa - Third party administrator, entity acting on behalf of the payer. In the current version, this role is expected to behave like a payer from the data exchange perspective.
agency.regulator - IRDAI and IIB like regulatory bodies.
research - Research groups, etc.
member.isnp - eCommerce platforms facilitating insurance adoption.
agency.sponsor - Scheme owners of specific programs, e.g. NHA for. Ayushman Bharat.
HIE/HIO.HCX - An entity that facilitates electronic clinical data exchange between entities, e.g. other HCXs.
BSP - Beneficiary Service Platform, digital platforms dedicated to assisting beneficiaries.
Initial recommendations about onboarding policies of the new roles is included in the Guidelines for Participant Onboarding section.
Access Groups
To streamline the existing method of delineating access rights for various roles in HCX, we present the following essential access groups:
Claim Initiators
These roles are responsible for initiating claims on behalf of policyholders, including providers and BSPs. The table below enumerates the key APIs that are initiated and responded to by these roles.
| APIs initiated | Apis responded |
|---|---|
/coverageeligibility/check | /communication/request |
/preauth/submit | /paymentnotice/request |
/predetermination/submit |
|
/claim/submit |
|
/hcx/status |
|
/notification |
|
/registry/search |
|
/eob/on_fetch |
Claim Responders
These roles encompass entities that receive and process claims, such as payers and TPAs. The table below enumerates the key APIs that are initiated and responded to by these roles.
| APIs initiated | APIs responded |
|---|---|
/coverageeligibility/on_check | /coverageeligibility/check |
/preauth/on_submit | /preauth/submit |
/predetermination/on_submit | /predetermination/submit |
/claim/on_submit | /claim/submit |
/communication/request | /hcx/status |
/paymentnotice/request | /eob/fetch |
/hcx/on_status |
|
/notification |
|
/registry/search |
|
/eob/on_fetch |
Claim Observers
These roles, while not directly engaged in claim processing, monitor claims for various purposes. This category includes regulators, observers, sponsors, and more. The table below enumerates the key APIs that are initiated and responded to by these roles.
| APIs initiated | APIs responded |
|---|---|
/eob/fetch |
|
/notification |
|
Following section focuses on the participant onboarding requirement & processes on HCX.
Last updated