Access Control (Roles)
Roles on Health Claims Exchange
Participating systems in the Claims information exchange ecosystem may possess one or more of the following roles. These roles are based on the base set of organisation roles defined in hl7 specifications here. Namespaced coding is used to further qualify the role in the context of the claims exchange process.
provider: Health Service Provider
payer: Insurance service provider
agency.tpa: Third party administrator acting on behalf of the payer. In the current version, this role is expected to behave like a payer from the data exchange perspective.
agency.regulator: IRDAI and IIB like regulatory bodies.
research: Research groups, etc.
member.isnp: eCommerce platforms facilitating insurance adoption
agency.sponsor: Scheme owners of specific programs, e.g. NHA for Ayushman Bharat
HIE/HIO.HCX: Other HCXs
The following table shows typical scenarios and actions for the claims exchange process:
Role
Allowed actions
Comments
provider
Eligibility check
Send request
Receive response
Pre Auth
Send request
Receive response
Claims request
Send request
Receive response
Payment
Receive notice
Send Acknowledgement
Communication Request
Recieve request
Send response
Status
Make request
Recieve response
Providers can make search/status requests for multiple requests that originated from them.
payer/
agency.tpa
Eligibility check
Receive request
Send response
Pre Auth
Receive request
Send response
Claims request
Receive request
Send response
Payment
Send notice
Receive Acknowledgement
Communication Request
Send request
Receive response
Status
Receive request
Send response
EoB
Receive request
Send response
In case of "forward" payers/TPAs may also originate requets like coverage eligibility, pre auth and Claims to the party being forwarded.
agency.regulator
Fetch
EoB
Notifications
Send
Receive
Regulator would be able to raise fetch requests for Form 15C equivalent EoB, receive notifications as agreed with payers, and send certain category/type of notifications.
research
Eligibility check
Receive request
Send response
Fetch
EoB
Anonymised Data aggregates
Notifications
Send
Receive
All data exhausts for these roles would only have aggregate and anonymised data. Key aggregations for eligibility requests, preauthentication, claims and payments information will need to be further defined.
member.isnp
Eligibility check
Receive request
Send response
Fetch
EoBs - For patient information
Claims - Individual claims data as per beneficiary consent
As facilitators of insurance eCommerce, it is proposed to provide ISNPs access to the data available to research role as well as individual beneficiary queries (preauth, claims) based on beneficiary capabilities consent. This consent flow is expected to work with existing consent management infrastructure and ISNPs are expected to submit the acquired consent as part of the domain header.
agency.sponsor
As planners of the insurance schemes, sponsors are proposed to be given access equivalent to payer role.
HIE/HIO.HCX
As an HCX this participant is expected to play different roles as per the need of the use case. However, due to the data privacy and security measures prescribed in the Open Protocol, it will not be able to view the actual payload.
Last updated