Carequality Access

1. Maintain directory entries in both the Carequality Production and Stage (non-production) directories by requesting eHealth Exchange make these entries on your behalf.

• If your organization has not already done so, please email techsupport@sequoiaproject.org to request these directory entries.
• Please ensure your directory entries in the Carequality Stage directory (non-production) reasonably mirror your production setup.
• For additional information, see https://carequality.org/wp-content/uploads/2021/07/Query-Based-Document-Exchange-Implementation-Guide-v2.0-Published-07122021-1.pdf.

2. Authorize a response to any and all Carequality directory listings for any Carequality use case (e.g. Query-Based Document Exchange) in which your organization exchanges. ​

• If you deny requests to organizations not on a list of permitted identifiers (HCIDs), then in order to accomplish this goal, you will need to integrate with eHealth Exchange Extended directory via FHIR, once that directory is available circa Q1 2023.
• By consuming the eHealth Exchange Extended directory, you will be able to authorize each entry in the directory by the HCID of the entry.
• Until the eHealth Exchange Extended directory is released, the eHealth Exchange will provide a Carequality directory listing in a tabular format (Excel spreadsheet). Your organization should authorize a response to all the entries in this directory listing.

3. HIEs and similar non-providers must create sub-participant entries in the eHealth Exchange production directory that represent the providers and/or payers within your organization.

• Participants must populate the eHealth Exchange directory (which will in turn update the Carequality directory) with each of their locations that might be initiating/triggering a query and each of those locations must include a Home Community Identifier (HCID).
• Messages sent by HIEs must identify the entity that triggered the request using a home community ID (HCID or organization ID) for that entity instead of identifying the parent organization that joined the eHealth Exchange, unless the organization and triggering entity are actually one in the same.
  • For example, a provider entity named “Springfield Medical Center” triggers a request so the request should be identified using the HCID of “Springfield Medical Center” and not the parent HIE organization named “Montana HIE”.  In this scenario, “Montana HIE” is the parent organization that joined the eHealth Exchange and “Springfield Medical Center” is a provider that is a child of the parent organization. This is important as you can imagine for HIPAA auditing.

• There is no eHealth Exchange charge for these supplemental directory entries.

4. Adhere to the Carequality Connection Terms (https://carequality.org/resources)

• By not opting-out of exchange with Carequality, eHealth Exchange Operating Policy & Procedure 10 (section II, paragraph 3) binds your organization to adopt and flow-down the Carequality Connection Terms to be legally binding with your Participant Users. 

5. Maintain a test environment with an active certificate authority (CA) issued certificate.

• At least one synthetic patient with at least one synthetic CDA so the trusted Carequality community can test exchange with your organization at any time.
• More than one test patient is needed when one test patient is not sufficient to reasonably represent the data in your production environment.

Note: Separately, remember eHealth Exchange requires these non-production certificates be issued specifically by DirectTrust [or by Entrust as long as still permissible in 2021].

7. HIE and similar participants (“Candidate Implementers” in the Carequality world) must complete a Carequality Application Exhibit 1  form.

The Carequality Application Exhibit 1 is a survey designed to document the nature of your requests and responses for the Carequality community and how your share data with other organizations.  The form can be requested by contacting administer@ehealthexchange.org. For example:

• As an initiator, list the permitted purpose of uses and justification for each purpose of use. As a responder, which purpose of use values do you allow?
• Document external access to retrieved data
• Patient/consumer access to retrieve data
• What triggers your requests?
• How do you decide which Carequality organizations are targeted for requests?
• Patient selection approach – for example, patients targeted based on appointment check-in or ED arrival?
• Do your providers require additional terms and conditions to respond to requests? Do the terms and condition include any limitations to the purpose of use?

HIE participants choosing to exchange with Carequality should populate the Carequality Application Exhibit 1 form and email it to administrator@ehealthexchange.org.