Current through Register Vol. 63, No. 12, December 1, 2024
Section 943-120-0160 - Conduct of Transactions - EDI Transactions(1) EDI Submitter Obligations. An EDI submitter is responsible for the conduct of the EDI transactions registered on behalf of a trading partner, including the following: (a) EDI Transmission Accuracy. An EDI submitter shall take reasonable care to ensure that data and data transmissions are timely, complete, accurate, and secure; and shall take reasonable precautions to prevent unauthorized access to the information system, the data transmission, or the contents of an envelope which is transmitted either to or from the Authority. The Authority will not correct or modify an incorrect transaction prior to processing. The transaction may be rejected and an EDI submitter notified of the rejection.(b) Re-transmission of Indecipherable Transmissions. Where there is evidence that a data transmission is lost or indecipherable, the sending party must make best efforts to trace and re-transmit the original data transmission in a manner which allows it to be processed by the receiving party as soon as practicable.(c) Cost of Equipment. An EDI submitter and the Authority will pay for their own information system costs. An EDI submitter shall, at its own expense, obtain and maintain its own information system. An EDI submitter shall pay its own costs for all charges related to data transmission including, without limitation, charges for information system equipment, software and services, electronic mailbox maintenance, connect time, terminals, connections, telephones, modems, any applicable minimum use charges, and for translating, formatting, sending, and receiving communications over the electronic network to the electronic mailbox, if any, of the Authority. The Authority is not responsible for providing technical assistance in the processing of an EDI transaction.(d) Back-up Files. EDI submitters must maintain adequate data archives and back-up files or other means sufficient to re-create a data transmission in the event that re-creation becomes necessary for any purpose, within timeframes required by state and federal law, or by contractual agreement. Data archives or back-up files shall be subject to these rules to the same extent as the original data transmission.(e) Transmissions Format. Except as otherwise provided herein, EDI submitters must send and receive all data transmissions in the federally mandated format, or (if no federal standard has been promulgated) other formats as the Authority designates.(f) Testing. EDI submitters must, prior to the initial data transmission and throughout the term of a TPA, test and cooperate with the Authority in the testing of information systems as the Authority considers reasonably necessary to ensure the accuracy, timeliness, completeness, and confidentiality of each data transmission.(2) Security and Confidentiality. To protect security and confidentiality of transmitted data, EDI submitters must comply with the following: (a) Refrain from copying, reverse engineering, disclosing, publishing, distributing, or altering any data, data transmissions, or the contents of an envelope, except as necessary to comply with the terms of these rules or the TPA, or use the same for any purpose other than that which an EDI submitter was specifically given access and authorization by the Authority or a trading partner;(b) Refrain from obtaining access by any means to any data, data transmission, envelope, mailbox, or the Authority's information system for any purpose other than that which an EDI submitter has received express authorization. If an EDI submitter receives data or data transmissions from the Authority which clearly are not intended for an EDI submitter, an EDI submitter shall immediately notify the Authority and make arrangements to return or re-transmit the data or data transmission to the Authority. After re-transmission, an EDI submitter shall immediately delete the data contained in the data transmission from its information system;(c) Install necessary security precautions to ensure the security of the information systems or records relating to the information systems of either the Authority or an EDI submitter when the information system is not in active use by an EDI submitter;(d) Protect and maintain the confidentiality of security access codes issued by the Authority to an EDI submitter; and(e) Provide special protection for security and other purposes, where appropriate, by means of authentication, encryption, the use of passwords, or other means. Unless otherwise provided in these rules, the recipient of a protected data transmission must at least use the same level of protection for any subsequent transmission of the original data transmission.(3) Authority Obligations. The Authority shall: (a) Make available to an EDI submitter, by electronic media, those types of data and data transmissions which an EDI submitter is authorized to receive.(b) Inform an EDI submitter of acceptable formats in which data transmissions may be made and provide notification to an EDI submitter within reasonable time periods consistent with HIPAA transaction standards, if applicable, or at least 30 days prior by electronic notice of other changes in formats.(c) Provide an EDI submitter with security access codes that will allow an EDI submitter access to the Authority's information system. Security access codes are strictly confidential and EDI submitters must comply with all of the requirements of OAR 943-120-0170. The Authority may change the designated security access codes at any time and manner as the Authority, in its sole discretion, deems necessary. The release of security access codes shall be limited to authorized electronic data personnel of an EDI submitter and the Authority with a need to know.(4) Department of Consumer and Business Services (DCBS) submission standards Health insurers and health care entities in Oregon shall make all necessary actions required by the DCBS Oregon Companion Guides to comply with the Health Insurance Reform Administrative Streamlining and Simplification as specified in OAR 836-100-0100 to 836-100-0120.Or. Admin. Code § 943-120-0160
OHA 13-2011(Temp), f. & cert. ef. 7-1-11 thru 12-27-11; OHA 26-2011, f. 10-31-11, cert. ef. 11-1-11Stat. Auth.: ORS 413.042 &414.065
Stats. Implemented: ORS 413.042 & 414.065