📒
HCX Protocol
v0.6
v0.6
  • Context
  • Introduction to HCX
  • Open Specifications
    • Design Principles
    • Key Specifications
    • Governance
  • Technical Specifications
    • Open Protocol
      • Key Design Considerations
      • Registries
      • Health Claims Exchange (HCX) Protocol
      • Data Security and Privacy
        • Transport Security
        • Message Security and Integrity
        • API Security
        • Audit and Reporting
    • Appendix A - HCX Relay example
  • Domain Specifications
    • Domain Data Specifications
      • Domain Data Models
        • eObjects
        • Implementation Guide
      • Terminologies (Code sets or Metadata standards)
      • Domain Specific Languages (DSLs)
    • Healthcare Operations Policies
      • Access Control (Roles)
      • Guidelines for Participant Onboarding
      • Guidelines for Grievance Redressal
      • Guidelines for Event audits
      • Guidelines for Beneficiary Authentication by Providers/Payors
  • Future roadmap
  • How to submit responses?
Powered by GitBook
On this page
Export as PDF
  1. Domain Specifications
  2. Healthcare Operations Policies

Guidelines for Event audits

All events (claim request created, claim forwarded, data requested, authorisation, payment, etc) in the claims flow and corresponding system requests and responses between Provider TMS/Beneficiary apps, HCPs, and Payer TMS must be digitally signed and logged to ensure immutability, non-tamperability, and non-repudiability.

The HCX needs to persist the logs for a configurable (as prescribed by the law of the land) period of time so that they can be retrieved when necessary and this audit trail must be made transparently available to the customer. To ensure integrity, logs should be append-only and should not be allowed to be edited.

Next Steps

This section proposes a high-level approach that can be adopted for event audit policies for an HCX ecosystem. More deliberation is needed to arrive at model policies that can then be readily extended to be adopted by the ecosystem. Domain working groups will continue to work on developing a detailed approach for event audit policy formulation as well as a model policy for easy adoption. These documents will be released for public consultation in time for an initial pilot of the HCX ecosystem.

PreviousGuidelines for Grievance RedressalNextGuidelines for Beneficiary Authentication by Providers/Payors

Last updated 3 years ago