spec-77:A subscription-based mechanism SHALL be used by the client to be informed of updates to the authorization.

spec-77:A subscription-based mechanism SHALL be used by the client to be informed of updates to the authorization.

spec-33:Each item returned on the PAS ClaimResponse SHALL echo the same item.sequence as that same item had on the Claim. The item.sequence element SHALL serve as the main tracing identifier of items throughout requests and responses.

spec-33:Each item returned on the PAS ClaimResponse SHALL echo the same item.sequence as that same item had on the Claim. The item.sequence element SHALL serve as the main tracing identifier of items throughout requests and responses.

A payer MAY request additional information from the provider to support a prior authorization request by responding to the X12 278 Request with an X12 278 Response that includes any of the following:

1. One or more codes in the PWK01 element
2. One or more of the approved LOINC codes Attachments – LOINC in the HI segment
3. A single 102089-0 LOINC code in the HI segment to request information via a payer’s specific questionnaire.

When a single LOINC code is used, the TRN at the X12 278 header or line level associated with the 102089-0 LOINC code SHALL be the DTR context ID used to retrieve the appropriate questionnaire.

The PAS task profile SHALL be used to convey PAS X12 278 Response information to CDex.

All of the additional information request codes SHOULD be used as input to a CDex task.

When the LOINC code 102089-0 is present, the associated TRNs SHALL also be exchange as Task.input.

A separate task SHALL be created for each of the above attachment request types (PWK01, LOINC, questionnaire).

Payers SHALL have a distinct endpoint for each different supported version (which are not inter-version compatible) of the PAS specification.

If a payer supports endpoint discovery, they SHALL have at most a single endpoint for each combination of version of the specification and coverage (e.g., Medicare, Medicaid, or commercial) they provide coverage under.

If a payer does not support endpoint discovery, they SHALL expose only one PAS endpoint of each supported version capable of handling all coverages.

PA Intermediary Systems SHALL be capable of processing all data elements that are marked as Must Support on the Claim Request and Claim Inquiry.

They SHALL NOT generate an error or cause the application to fail due the presence of any data element marked as Must Support.

PA Intermediary Systems SHALL be capable of returning resource instances containing any of the data elements that are marked as Must Support on the Claim Response and the Claim Inquiry Response.

PA Client Systems SHALL be capable of receiving all data elements that are marked as Must Support on the Claim Response and the Claim Inquiry Response.

They SHALL NOT generate an error or cause the application to fail when receiving any data element that is marked as Must Support.

PA Client Systems SHOULD NOT send any data elements that are not marked as Must Support.

If these data elements are included in a Claim Request or Claim Inquiry, the receiving PA Intermediary System MAY ignore those elements.

When processing prior auth requests and additional data submissions, PAS services SHALL NOT depend on or set expectations for the inclusion of resource instances not compliant with profiles defined in this guide, CRD, DTR, HRex, or US Core.

Similarly, they SHALL NOT depend on or set expectations for the inclusion of any data elements not marked as mandatory (min cardinality >= 1) or mustSupport in those profiles.

If the proposed change is adopted and published in the PAS continuous integration build or the CI build of one of its dependencies (e.g. US Core), implementations MAY, by mutual agreement, pre-adopt the use of those additional profiles and/or mustSupport data elements and not be considered in violation of #1 above.

2. Where cardinality and other constraints present in profiles allow data elements to be omitted, PAS compliant systems SHALL NOT treat the omission of those elements as a conformance error.

3. PAS clients and services SHALL use standard PAS data elements (i.e. elements found within PAS-defined or inherited profiles and marked as mandatory or mustSupport) to communicate needed data if such elements are intended to convey such information.

4. PAS implementing organizations SHALL NOT publish guidance setting expectations for where certain data elements are conveyed within PAS and inherited data structures, but MAY submit change requests to PAS, HRex, or US Core requesting that additional guidance be provided to implementers on data structure usage to increase consistency across implementations.

Each of these IGs recommends a set of metrics that SHOULD or MAY be collected by their respective implementations to facilitate the evaluation of adoption, functionality, processes, and improved outcomes.

PAS implementers SHOULD store information for each PAS call in a manner that would allow them to respond to measures based on this logical model.

Implementations SHALL permit provider review of data prior to transmission, but SHALL NOT require such review.

Payers who do not view the FHIR version of the transmitted information SHOULD be aware of the possibility of these limitations and ensure they have policies that enforce appropriate sharing constraints on data.

PAS Servers SHOULD support server-server OAuth and MAY support mutually authenticated TLS.

Each PAS Timing SHALL have at least one of:

1. count (with optional countMax)
2. frequency and period and periodUnit (with optional frequencyMax and periodMax)
3. calendarPattern extension
4. deliveryPattern extension

Each PAS Quantity SHALL have:**

1. a value
2. either a unit or a code and system.

The Claim instance of the update Bundle SHALL reference the updated Claim instance within the Claim.related.claim element. Note that the presence of this reference and the requirement that referenced instances be included in the submitted Bundle implies that the instance representing the prior version of the Claim SHALL be included in the update Bundle.

The Claim instance of the update Bundle SHALL contain within the Claim.item element each item requested in the updated claim and any prior versions of the claim, including requested items that have been added, modified, deleted, or left unchanged during this or previous updates.

The Claim instance of the update Bundle SHALL contain within the Claim.supportingInfo element each piece of supporting documentation submitted with the updated claim and any prior versions of claim, including supporting documentation that has been added, modified, deleted, or left unchanged during this or previous updates.

Each Claim.item entry that represents an item no longer being requested, whether removed in this update or a previous one, SHALL be flagged using the infoCancelledFlag modifierExtension and SHALL have the code 3 (Cancel) in the Certification Type extension.

Each Claim.supportingInfo entry that is no longer to be used when evaluating the request, whether removed in this update or a previous one, SHALL be flagged using the infoCancelledFlag modifierExtension.

Each Claim.item and Claim.supportingInfo entry that has been changed as a part of this most recent update, including removal, SHALL be flagged using the changed extension with a value of changed.

Each Claim.item and Claim.supportingInfo entry that has been added as a part of this most recent update, SHALL be flagged using the changed extension with a value of added.

If a code is present, it SHALL use the X12 quantity units.

Along with the profiles defined in the PAS implementation guide, implementations SHALL also support the US Core R4 profiles for Condition, Observation, and Procedure.

They SHOULD support any other profiles relevant to the types of prior authorizations they process.

Clients and Servers supporting this implementation guide SHOULD also comply with the Da Vinci Coverage Requirements Discovery (CRD) and Documentation Templates and Rules (DTR) implementation guides.

Every system claiming conformance to this IG SHALL comply with the Security and Privacy page in the Da Vinci HRex guide.

If a payer supports endpoint discovery, they SHALL have at most a single endpoint for each coverage (e.g., Medicare, Medicaid, or commercial) they provide coverage under.

If a payer does not support endpoint discovery, they SHALL expose only one PAS endpoint capable of handling all coverages.

All of this SHOULD happen synchronously with a maximum of 15 seconds between the user initiating the prior authorization request and seeing the resulting response - i.e. including network transmission time for request and response.

NOTE: The Claim Inquiry response does not include all of the information that can be returned in a request response, such as any request for additional information, so the inquire operation SHOULD NOT be used by the client while waiting for final results.

Provider and EHR Vendor organizations MAY leverage the payer registry developed by PDex (which will eventually fold into the national directory under FAST) as a means of determining which endpoints exist for which payers as candidates for configuration.

The Bundle SHALL be encoded in JSON.

The first entry in the Bundle SHALL be a Claim resource complying with the profile defined in this IG to ensure the content is sufficient to appropriately populate an X12N/005010X217 message.

Additional Bundle entries SHALL be populated with any resources referenced by the Claim resource (and any resources referenced by those resources, fully traversing all references and complying with all identified profiles).

Note that even if a given resource instance is referenced multiple times, it SHALL only appear in the Bundle once.

E.g., if the same Practitioner information is referenced in multiple places, only one Practitioner instance SHOULD be created - referenced from multiple places as appropriate.

Bundle.entry.fullUrl values SHALL be:

All GUIDs used SHALL be unique, including across independent prior authorization submissions - with the exception that the same resource instance being referenced in distinct prior authorization request Bundles can have the same GUID.

Relevant resources referenced by those "supporting information" resources SHALL also be included (e.g. prescriber Practitioner and Medication for a MedicationRequest).

Any such resource that has a US Core profile SHALL comply with the relevant US Core profiles.

All "supporting information" resources included in the Bundle SHALL be pointed to by the Claim resource using the Claim.supportingInfo.valueReference element.

To attach non-FHIR instance data such as PDFs, CDAs, JPGs, a DocumentReference instance SHOULD be used.

The Claim.supportingInfo.sequence for each entry SHALL be unique within the Claim.

All resources SHALL comply with their respective profiles.

FHIR elements not marked as 'must support' MAY be included in resources within the Bundle, but client systems SHOULD have no expectation of such elements being processed by the payer unless prior arrangements have been made.

Systems that do not process such elements SHALL ignore unsupported elements unless they are 'modifier' elements, in which case the system MAY treat the presence of the element as an error.

In addition, the system SHALL make the entire PAS FHIR Bundle available to the intended payer.

The method MAY be based on the X12 275 or another method that trading partners have agreed to use.

If the X12 275 is used for this purpose, the 275 BDS01 Filter ID Code element SHALL be set to "B64" and the CAT02 Attachment Information Format Code element SHALL be sent to "HL".

Translation/mapping systems SHOULD be aware that if the size of the attachments as part of a claims submission would exceed the size limitations of a particular recipient, the intermediary SHOULD split the attachments into separate 275s to remain within the overall limit.

The Bundle SHALL start with a ClaimResponse entry that contains information mapped from the 278 response.

When converting additional Bundle entries, the conversion process SHALL ensure that only one resource is created for a given combination of content.

E.g. if the same Practitioner information is referenced in multiple places, only one Practitioner instance SHOULD be created - referenced from multiple places as appropriate.

When echoing back resources that are the same as were present in the prior authorization request, the system SHALL ensure that the same fullUrl and resource identifiers are used in the response as appeared in the request.

In these instances, the receiving system SHALL return OperationOutcome instances that detail why the Bundle could not be processed and no ClaimResponse will be returned.

For instances where the authorized item is a modification of the requested item, the requested item SHALL be returned in the ClaimResponse.item with an adjudication status of A6 - 'Modified'.

The actual authorized item SHALL be returned in the ClaimResponse.addItem.

The new intent of this extension is to indicate what was authorized which SHOULD match what was requested since the ClaimResponse.item does not have this information.

If what has been authorized is different, then the ClaimResponse.addItem SHALL be used.

Recipients of the transactions SHOULD respond as indicated below and senders of the transaction SHOULD look for the following responses and then take appropriate actions.

All transactions in PAS are synchronous and SHALL require one of the following HTTP responses:

If an OperationOutcome is received, it may have information regarding errors that SHOULD be addressed in the future, but did not cause the transaction to fail.

NOTE: These errors SHOULD not be returned to the provider but SHOULD be reviewed and addressed by technical staff.

Although there are no constraints on the frequency of the query, clients SHOULD ensure that no repetitive inquiries do not happen so as not to stress payer systems.

To search for a specific claim, the Claim.identifier can be sent and it SHOULD be either the previously returned Administration Reference Number (REF-BB) or the Prior Authorization Number (REF-NT).

Intermediaries SHALL interpret the 'not-applicable' code as no product or service code.

This Claim Inquiry Response SHALL either reference a Claim or have a Data Absent Reason indicating why the Claim can not be referenced (eg. original claim received by fax).

The referenced Claim instance SHOULD be returned if there is information in the Response that needs to be present can not be returned in the Claim Response instance.

the returned ClaimResponse SHALL include the current results for all submitted items, including any items changed or canceled since the original authoriation request.

if a specific reference number (either the REF-NT or REF-BB) is submitted and is not the 'current' number (because subsequent additions/changes/cancellations have been made to the prior authorization request), the returned record SHALL be the current authorization response - even though it no longer has the same identifier.

I.e. If a search is for a 'replaced' prior authorization, the search result SHALL include the 'current' prior authorization response for the most recent replacing prior authorization request.

systems MAY withhold information about prior authorizations that are 'open' but are deemed to be not relevant to the provider (eg. prior authorization requests for sensitive care where the requesting provider is neither the ordering nor rendering provider) who is checking for the prior authorization status if not searching by a specific Claim identifier.

In such situations the response SHOULD include an OperationOutcome warning that some prior authorizations have been suppressed and provide an alternative mechanism (e.g. telephone number) to provide further information if needed.

To retrieve the response at a later point, implementers SHALL support subscriptions.

Servers SHALL permit access to the prior authorization response to systems other than the original submitter.

They SHALL require a match on the patient member or subscriber id (identifier on the Claim.patient) plus the ordering and/or rendering provider identifier, i.e. the provider's NPI.

Implementers SHALL support the R4 Subscriptions referenced in the Subscriptions for R5 Backport Implementation Guide.

This Subscription SHALL conform to the PAS Subscription profile.

The Subscription filter criteria SHALL be org-identifier = [sending system identifier].

Intermediaries SHALL ensure that subscriptions to monitor a particular sending system's prior authorizations are only created or modified by that sending system.

Servers supporting subscriptions SHALL expose this as part of the Server's CapabilityStatement

Servers SHALL support rest-hook

Once the subscription has been created, the Server SHALL send a notification over the requested channel indicating that a prior authorization response submitted by the requesting provider organization has changed.

Due to the inquiry not supporting all of the required information needed in a PAS response, PAS Clients and Intermediaries SHALL only support subscriptions with content='full-resource'.

When details of a submitted request change and a provider needs to request prior authorization of a different set of items, clients SHOULD submit an update to the previously submitted Claim.

Servers MAY reject updates and require that a new request is made by providing the appropriate X12 error code.

Systems SHALL communicate a cancellation of an item if the corresponding order is canceled and a final authorization determination has not yet been received for that item.

This is appropriate if the added items share the same context and SHOULD be evaluated in conjunction with the other items in the previously submitted authorization request.

The Claim Update Bundle SHALL contain the Claim Update instance as the first entry.

The Claim that is being updated SHALL be included in the Bundle.

If that Claim instance is itself a Claim Update, its referenced Claim SHALL NOT be included.

All other referenced resources SHALL be included in the Bundle.

PAS systems SHALL ensure that prior authorizations that were initially pended remain available for query for at least 6 months after the anticipated completion of the services whose authorization was requested.

The intermediary SHALL always exchange a FHIR bundle with the EHR (figure 2.3)

The intermediary SHALL convert the FHIR bundle to and from an X12 278 (and optionally to an X12 275) if necessary to meet the HIPAA transaction requirements

The intermediary MAY convert the X12 278 to and from a FHIR bundle and exchange it with a payer as long as the PA request and response are in an X12 278 format at some time between the exchange with the EHR and the payer

As well, EHRs SHOULD annotate their orders with the decisions contained in the PAS Response.

Prior to sending clinical data as part of the PAS exchange, the provider (or their designated agent) SHALL have the ability, but not an obligation, to review patient information and where appropriate amend or withhold the submission to comply with current regulations and relevant provider policies. The provider can choose to turn off the ability to review documentation. The vendor must allow them this option.

All exchanges SHOULD meet Federal and state regulations, including any HIPAA restrictions and restrictions on sensitive data.