List of key types of specifications needed for Health Claims Data Exchange
Like HTTP or SMTP, open protocol for claims exchange will define the following key aspects:
Authentication (Payor, Provider, Regulator, Observer, ...)
Request/response message syntax - header and header attributes, optional body, mandatory vs optional, transport constraint on the messages, etc.
Supported methods (APIs)
Communication mode (synchronous or asynchronous nature of APIs)
Response codes
Data security and privacy considerations: Security, authenticity, and non-repudiability aspects of message exchange
Encryption of certain parts of message for transport security (beyond SSL on Health Claims data exchange)
Message signing protocol for verifiability and non-repudiation
Sequence of interactions
These will include the following policies for participation in the health claims data exchange:
Onboarding policies - How does any entity get on board on the data exchange? Adherence to protocol, the process for a compliance review, frequency of compliance review, etc
Deboarding policies: What makes an entity to be blocked or ejected from the data exchange. Things like adherence to technical SLAs, non-compliance with expected protocol versions, message security or privacy violations, etc.
Access control policies - Role-based, need for consent to access APIs, data attributes, etc.
Exchange operation policies
Key rotation requirements
Segregation of duties and responsibilities within various teams of exchange operators
Operational reports and dashboards
Audit checklist and frequency
Specifications about format and definition of domain data. A lot of these may be adopted from existing domain standards like FHIR, SNOMED, ICD-10-PCS. In the context of claims data exchange few key focus areas will be:
Domain data model - Schema definition of domain entities like Claims, Providers, Payors, Policies, etc. Please note that based on available DSLs some of these data models may be flexible, e.g. policy schema if Policy Markup Language (PML) is available.
Metadata specifications - Metadata is data about data, data associated with an object, a document, or a dataset for purposes of description, administration, technical functionality, and preservation. For the context of claims, this would mainly involve coding systems and suggested values for key claim attributes like disease codes, procedure codes, diagnostic codes, billing codes (e.g. room rent, ICU charges), etc.
Domain-Specific Language(s) - Usually known as DSL, these may be developed When the attributes of the entity are variable from use case to use case but need to adhere to some common constraints/characteristics like types of data element it can contain, the relationship between two data elements, number of occurrences of data elements, etc. Examples of such entities within a claims data exchange would be policies, bills, contracts. In such cases, defining a markup language (DSL) rather than the entity itself allows needed flexibility to the ecosystem to innovate on such entities. These can be thought of like HTML, where multiple flavours of web pages can be defined using the markup elements.
A thriving data exchange will also require clear rules of engagement to ensure trust from all actors. These specifications will involve guidelines around:
Access control (Data sharing) policies - which actor plays what role and gets to see which parts of the data. These policies will then affect the visibility and access to domain-specific attributes that will typically travel in the body of the data structures defined by the data exchange.
Business SLAs
Charges/Fees - these would be policies around charges various data exchange entities will be allowed to levy on others depending on the role they play
Dispute resolution policies
Onboarding
Defaulting/deboarding policies
Service rating policies - that would be the parameters and mechanisms to rate each type of actor on the data exchange.
Please comment on the comprehensiveness of key categories of the specifications mentioned and suggest any additional areas which will require open specifications for efficient working of the HCX ecosystem.
Instructions to send responses to the consultation questions are available here.