Common use of Management Information Systems Clause in Contracts

Management Information Systems. ‌ The CHC-MCO must have a comprehensive, automated and integrated health MIS, including a test environment, that is capable of meeting the requirements listed below and throughout this Agreement. See the information provided on the DHS Internet at the following link: xxxx://xxx.xxx.xx.xxx/provider/busandtechstandards/index.htm. a. The CHC-MCO must have, at a minimum, the following MIS components or the capability to interface with other systems containing this information: Participants, Provider, Claims processing, Prior Authorization, and Reference. b. The CHC-MCO must have an MIS sufficient to support data reporting requirements specified in this Agreement. c. The Participant management system must have the capability to receive, update and maintain the CHC-MCO's Participant files consistent with information provided by the Department. The CHC- MCO must have the capability to provide daily updates of Participant information to subcontractors or Providers with responsibility for processing Claims or authorizing services based on Participant information. d. The CHC-MCO must maintain its Provider file with detailed information on each Provider sufficient to support Provider payment and meet the Department's reporting and Encounter Data requirements. The CHC- MCO must be able to cross-reference its internal Provider identification number to the correct MMIS Provider ID and the Provider’s NPI number in the Commonwealth’s MMIS for each location in which the Provider renders services for the CHC-MCO. The CHC-MCO must verify that each Network Provider service location is enrolled and active with MA. In addition, the CHC-MCO must maintain all service locations in its own system. The CHC-MCO must verify that each Network Provider’s license information is valid in the Commonwealth’s MMIS, and must outreach to Network Providers to stress the importance of maintaining up to date information in the Commonwealth’s MMIS. The CHC-MCO must require its Network Providers with a specific Provider type/specialty to have the same Provider type/specialty in the Commonwealth’s MMIS for each service location. e. The CHC-MCO’s Claims processing system must have the capability to process Claims consistent with timeliness and accuracy requirements identified in this Agreement. f. The CHC-MCO’s Prior Authorization system must be linked with the Claims processing component. g. The CHC-MCO’s MIS must be able to maintain Claims history with sufficient detail to meet all Department reporting and Encounter requirements. h. The CHC-MCO’s credentialing system must have the capability to store and report on Provider-specific data sufficient to meet the Provider credentialing requirements outlined in the framework provided by the Department as well as those listed in Exhibit F, Quality Management and Utilization Management Program Requirements. i. The CHC-MCO must have sufficient telecommunication capabilities, including electronic mail, to meet the requirements of this Agreement. j. The CHC-MCO must have the capability to electronically exchange data files with the Department and the IEB. The CHC-MCO must use a secure FTP product that is compatible with the Department’s data exchange standard within the Department’s Business and Technical Standards. k. The CHC-MCO’s MIS must be bidirectionally linked to the other operational systems listed in this Agreement, in order that data captured in Encounter records accurately matches data in Participant, Provider, Claims and authorization files, and in order to enable Encounter Data to be utilized for Participant profiling, Provider profiling, Claims validation, Fraud, Waste and Abuse monitoring activities, rate setting and any other research and reporting purposes defined by the Department. The Encounter Data system must have a mechanism in place to received, process, and reconcile the U277 and NCPDP response files; and to store the MMIS ICN claim identifier associated with each processed Encounter Data record returned on the files. l. The CHC-MCO must comply with all applicable business and technical standards at stated in Appendix 1, CHC RFP. The CHC-MCO must comply with the standards for connectivity to the Commonwealth’s network. The CHC-MCO’s MIS must be compatible with the Department’s MIS. The CHC-MCO must also comply with the Department’s Se-Government Data Exchange Standards. In addition, the CHC-MCO must comply with any changes made to the Commonwealth's Business and Technical Standards and demonstrate their capacity to manage all business transactions and performance requirements. Whenever possible, the Department will provide advance notice of at least sixty (60) days prior to the implementation of changes. For more complex changes, the Department will make every reasonable effort to provide additional notice. m. The CHC-MCO must have the ability to expand claims processing or MIS capacity should either or both be exceeded through the Enrollment of Participants. n. The CHC-MCO must designate appropriate staff to participate in Department-directed development and implementationactivities. o. The CHC-MCO must have formalized System Development Life Cycle processes, procedures, controls, and governance frameworks in place for management of its MIS and affiliated infrastructure; affiliated application, technology, and infrastructure roadmaps in place that outline the current capabilities and future direction of the MIS; and procedures for when CHC-MCO and DHS representatives will be engaged to address current and future business needs and requirements. p. The CHC-MCO must require subcontractors to meet the same MIS requirements as the CHC-MCO, and the CHC-MCO will be held responsible for MIS errors or noncompliance resulting from the action of a subcontractor. The CHC-MCO must provide its subcontractors with the appropriate files and information to meet this requirement (i.e., the Daily Eligibility File, Provider files, etc). q. The CHC-MCO's MIS shall be subject to review and approval during the Department's Readiness Review process. r. The CHC-MCO must maintain the security of Commonwealth data and information. This includes: compliance with all applicable Federal and State statutes and regulations regarding security standards; demonstration that specific controls are in place to safeguard MIS and Commonwealth data and information; and demonstration of procedures for mitigating data breaches. s. Prior to any major modifications to the CHC-MCO’s MIS system, including upgrades and/or new purchases, the CHC-MCO must inform the Department in writing of the potential changes at least sixty (60) days prior to the change. The CHC-MCO must include a work plan detailing recovery effort and use of parallel system testing. t. The CHC-MCO must accept and generate HIPAA-compliant transactions as required in the ASC X12 Implementation Guides. u. The Department will make reference files (Drug, Procedure Code, Diagnosis Code) available to the CHC-MCO on a routine basis that will allow it to effectively meet its obligation to provide services and record information consistent with requirements in this Agreement. If the CHC- MCO chooses not to use these files, it must use comparable files. Exhibit R, Data Support for the CHC-MCO, provides a listing of these files. Information about these files is available on the CHC Intranet. v. The Department will make available Provider informational files on a routine basis that will allow the CHC-MCO to effectively meet its obligation consistent with requirements in this Agreement. The CHC- MCO must use these files to record and provide Provider information, and to reconcile its Provider file with the Department’s Provider file on a regular basis. These files include the List of Active and Closed Providers (PRV-414 and/or PRV-415) file to meet the obligation to maintain valid MMIS Provider IDs; Managed Care Affiliations (PRV- 640Q) file to meet the obligation to provide updates on the MCO Provider File (PRV-640); Provider Revalidation File (PRV720) and NPI Crosswalk (PRV-430) file to provide all NPI records active with the Department. Exhibit R, Data Support for the CHC-MCO, provides a listing of these files. Information about these files is available on the Intranet supporting CHC. w. The CHC-MCO must have a disaster recovery plan in place and written policies and procedures documenting the disaster recovery plan, including information on system backup and recovery in the event of a disaster. The CHC-MCO must demonstrate its routine back-up and recovery mechanisms, processes, and procedures. x. In addition to the CHC-MCO reconciling the 834 daily and monthly Participants files against its internal Participant information as referenced in Section V.O.2. Participant Files, the CHC-MCO must reconcile the 820 capitation payment file against its internal Participant information, and report any discrepancies to the Department with thirty (30) days.

Management Information Systems. ‌ The CHCPH-MCO must have a comprehensive, automated and integrated health management information system (MIS, including a test environment, ) that is capable of meeting the requirements listed below and throughout this Agreement. See Management Information System and System Performance Review Standards for MIS and Systems Performance Review (SPR) Standards provided by the information provided Department on the DHS Internet at the following link: xxxx://xxx.xxx.xx.xxx/provider/busandtechstandards/index.htmHealthChoices and ACCESS Plus Intranet. a. The CHCPH-MCO must have, have at a minimum, minimum the following components to its MIS components or the capability to interface with link to other systems containing this information: ParticipantsMembership, Provider, Claims processing, Prior Authorization, and Referencereference. b. The CHCPH-MCO must have an MIS sufficient to support data reporting requirements specified in this Agreement. c. The Participant membership management system must have the capability to receive, update and maintain the CHCPH-MCO's Participant membership files consistent with information provided by the Department. The CHC- PH-MCO must have the capability to provide daily updates of Participant membership information to subcontractors or Providers with responsibility for processing Claims or authorizing services based on Participant membership information. d. The CHCPH-MCO must maintain its MCO’s Provider file must be maintained with detailed information on each Provider sufficient to support Provider payment and also meet the Department's reporting and Encounter Data requirements. The CHC- PH-MCO must also be able to cross-reference its their internal Provider identification number to the correct MMIS PROMISe™ Provider ID and and/or the Provider’s NPI number in the Commonwealth’s MMIS for each location in which the Provider renders services for the CHC-MCO. The CHC-MCO must verify that each Network Provider service location is enrolled and active with MA. In addition, the CHC-MCO must maintain all service locations in its own system. The CHC-MCO must verify that each Network Provider’s license information is valid in the Commonwealth’s MMIS, and must outreach to Network Providers to stress the importance of maintaining up to date information in the Commonwealth’s MMIS. The CHC-MCO must require its Network Providers with a specific Provider type/specialty to have the same Provider type/specialty in the Commonwealth’s MMIS for each service locationnumber. e. The CHCPH-MCO’s Claims processing system must have the capability to process Claims consistent with timeliness and accuracy requirements identified in this Agreement. f. The CHCPH-MCO’s Prior Authorization system must be linked with the Claims processing component. g. The CHCPH-MCO’s MIS must be able to maintain its Claims history with sufficient detail to meet all Department reporting and Encounter requirements. h. The CHCPH-MCO’s credentialing system must have the capability to store and report on Provider-Provider specific data sufficient to meet the Provider credentialing requirements outlined in the framework provided by the Department as well as those listed in Exhibit FM(1), Quality Management and Utilization Management Program Requirements, of this Agreement. i. The CHCPH-MCO must have sufficient telecommunication capabilities, including electronic mail, to meet the requirements of this Agreement. j. The CHCPH-MCO must have the capability to electronically exchange transfer data files with the Department Department, the EAP contractor, and the IEBPROMISe™ contractor. The CHCPH-MCO must use a secure FTP product that is compatible with the Department’s data exchange standard within the Department’s Business and Technical Standardsproduct. k. The CHCPH-MCO’s MIS must be bidirectionally bi-directionally linked to the other operational systems listed in this Agreement, in order to ensure that data captured in Encounter records accurately matches data in ParticipantMember, Provider, Claims and authorization Authorization files, and in order to enable Encounter Data to be utilized for Participant Member profiling, Provider profiling, Claims validation, Fraud, Waste Fraud and Abuse monitoring activities, rate setting and any other research and reporting purposes defined by the Department. The Encounter Data system must have a mechanism in place to received, process, receive and reconcile process the U277 and NCPDP response files; and to store the MMIS PROMISe ICN claim identifier associated with each processed Encounter Data record returned on the files. l. The CHCPH-MCO must comply with all applicable business and technical information technology standards at stated as defined in Appendix 1, CHC RFPthe Department’s Information Resource Management (IRM) Standards (formerly known as POSNet or H-Net standards). The CHC-MCO must comply This includes compliance with the standards IRM Business Partner Network Connectivity Provisioning Standards for connectivity to the Commonwealth’s network. The CHCcurrent IRM Standards are available to the PH-MCO via a secured Internet site. The PH-MCO’s MIS must be compatible with the Department’s MIS. The CHCPH-MCO must also comply with the Department’s Se-Government Data Exchange Standards as defined in the IRM Standards. In addition, the CHCPH-MCO must comply with any changes made to the Commonwealth's Business and Technical Standards and demonstrate their capacity to manage all business transactions and performance requirementsIRM Standards. Whenever possible, the Department will provide advance notice of at least sixty (60) days prior to the implementation of MIS or IRM changes. For more complex changes, the Department every effort will make every reasonable effort be made to provide additional notice. m. The CHCPH-MCO must have the be prepared to document its ability to expand claims Claims processing or MIS capacity should either or both be exceeded through the Enrollment of Participantsprogram Members. n. The CHCPH-MCO must designate appropriate staff to participate in Department-DPW directed development and implementationactivitiesimplementation activities. o. The CHC-MCO Subcontractors must have formalized System Development Life Cycle processes, procedures, controls, and governance frameworks in place for management of its MIS and affiliated infrastructure; affiliated application, technology, and infrastructure roadmaps in place that outline the current capabilities and future direction of the MIS; and procedures for when CHC-MCO and DHS representatives will be engaged to address current and future business needs and requirements. p. The CHC-MCO must require subcontractors to meet the same MIS requirements as the CHCPH-MCO, MCO and the CHCPH-MCO will be held responsible for MIS errors or noncompliance resulting from the action of a subcontractor. The CHCPH-MCO must provide its subcontractors subcontactors with the appropriate files and information to meet this requirement (i.e.i.e. the daily eligibility file, the Daily Eligibility File, Provider provider files, etc.). q. p. The CHCPH-MCO's MIS shall be subject to review and approval during the Department's HealthChoices Readiness Review processprocess as referenced in Section VI of this Agreement, Program Outcomes and Deliverables. r. The CHC-MCO must maintain the security of Commonwealth data and information. This includes: compliance with all applicable Federal and State statutes and regulations regarding security standards; demonstration that specific controls are in place to safeguard MIS and Commonwealth data and information; and demonstration of procedures for mitigating data breaches. s. q. Prior to any major modifications to the CHCPH-MCO’s MIS information system, including upgrades and/or new purchases, the CHCPH-MCO must inform the Department in writing of the potential changes at least sixty (60) days prior to the changechanges. The CHC-MCO must include a A work plan detailing recovery effort and use of parallel system testingtesting must be included. t. r. The CHCPH-MCO must be able to accept and generate HIPAA-HIPAA compliant transactions as required in requested by Providers or the ASC X12 Implementation GuidesDepartment. u. s. The Department will make reference files (Drug, Procedure Code, Diagnosis Code) available to the CHCPH-MCO on a routine basis that will allow it to effectively meet its obligation to provide services and record information consistent with requirements in this Agreement. If the CHC- PH-MCO chooses not to use these files, it must is required to use comparable filesfiles to meet its obligation with this Agreement. Exhibit RCC, Data Support for the CHCPH-MCOMCOs, provides a listing of these files. Information about these files is available on the CHC IntranetHealthChoices and ACCESS Plus Intranet site. v. t. The Department will make available Provider provider informational files on a routine basis that will allow the CHC-MCO it to effectively meet its obligation consistent with requirements in this Agreement. The CHC- MCO Contractor must use these files to record and provide Provider provider information, and to reconcile its Provider their provider file with the Department’s Provider provider file on a regular basis. These files include the List of Active and Closed Providers (PRV-414 and/or PRV-415) file to meet the obligation to maintain valid MMIS PROMISe Provider IDs; Managed Care Affiliations (PRV- 640Q) file to meet the obligation to provide updates on the MCO Provider File (PRV-640); Provider Revalidation File (PRV720) and NPI Crosswalk (PRV-430) file to provide all NPI records active with the Department. Exhibit R, Data Support for the CHC-MCO, provides a listing of these files. Information about these files is available on the Intranet supporting CHC.PRV- w. u. The CHCPH-MCO must have a disaster recovery plan in place place, and written policies and procedures documenting the disaster recovery plan, plan including information on system backup and recovery in the event of a disaster. The CHC-MCO must demonstrate its routine back-up and recovery mechanisms, processes, and procedures. x. In addition to the CHC-MCO reconciling the 834 daily and monthly Participants files against its internal Participant information as referenced in Section V.O.2. Participant Files, the CHC-MCO must reconcile the 820 capitation payment file against its internal Participant information, and report any discrepancies to the Department with thirty (30) days.

Management Information Systems. ‌ The CHC-MCO must have a comprehensive, automated and integrated health MIS, including MIS that includes a test environment, that environment and is capable of meeting the requirements listed below and throughout this Agreement. See the information provided Information on Business and Technical Standards is available on the DHS Internet at the following link: xxxx://xxx.xxx.xx.xxx/provider/busandtechstandards/index.htmwebsite. a. The CHC-MCO must have, at have a minimum, minimum of the following MIS components or the capability to interface with other systems containing this information: ParticipantsParticipant, Provider, Claims processing, Prior Authorization, and ReferenceReference data. b. The CHC-MCO must have an MIS sufficient to support data reporting requirements specified in this Agreement. c. The CHC-MCO’s Participant management system must have the capability to receive, update and maintain the CHC-MCO's Participant files consistent with information specifications provided by the Department. The CHC- CHC-MCO must have the capability to provide daily updates of Participant information to subcontractors Subcontractors or Providers with who have responsibility for processing Claims or authorizing services based on Participant information. d. The CHC-MCO MCO’s Provider database must maintain its Provider file be maintained with detailed information on each Provider sufficient to support Provider payment and meet the Department's reporting and Encounter Data requirements. The CHC- CHC-MCO must be able to cross-reference its internal Provider identification number to the correct MMIS Provider ID and the Provider’s NPI number in the CommonwealthDepartment’s MMIS for each location in at which the Provider renders services for the CHC-MCO. The CHC-MCO must verify that each Network Provider service location is enrolled and active with MA. In addition, the CHC-MCO must maintain MA and that information for all service locations is maintained in its own system. The CHC-MCO must verify that each Network Provider’s license information is valid in the CommonwealthDepartment’s MMIS, MMIS and must outreach to Network Providers to stress the importance of maintaining up to date information in the CommonwealthDepartment’s MMIS. The CHC-MCO must require its that Network Providers with a specific Provider type/specialty to types and specialties have the same Provider type/specialty types and specialties in the CommonwealthDepartment’s MMIS for each service location. e. The CHC-MCO’s Claims processing Processing system must have the capability to process Claims consistent with timeliness and accuracy requirements identified in this Agreement. f. The CHC-MCO’s Prior Authorization system must be linked with the its Claims processing Processing component. g. The CHC-MCO’s MIS must be able to maintain Claims history with sufficient detail to meet all Department reporting and Encounter Data requirements. h. The CHC-MCO’s credentialing system must have the capability to store and report on Provider-specific data sufficient to meet the Provider Department’s credentialing requirements outlined in the framework provided by the Department as well as and those listed in Exhibit F, Quality Management and Utilization Management Program Requirements. i. The CHC-MCO must have sufficient telecommunication capabilities, including electronic mailemail, to meet the requirements of this Agreement. j. The CHC-MCO must have the capability to electronically exchange transfer data files with the Department and the IEB. The CHC-MCO must use a secure FTP product that is compatible with the Department’s data exchange standard within the Department’s Business and Technical Standardsproduct. k. The CHC-MCO’s MIS must be bidirectionally linked to the other all operational systems listed in this Agreement, in order so that data captured in Encounter records accurately matches data in Participant, Provider, Claims and authorization Prior Authorization files, and in order to enable . Encounter Data to will be utilized for for: • Participant profiling, and Provider profiling, • Claims validation, • Fraud, Waste Waste, and Abuse monitoring activities, rate setting • Rate setting, and any • Any other research and reporting purposes defined by the Department. The Encounter Data system must have a mechanism in place to received, process, and reconcile the U277 and NCPDP response files; and to store the MMIS ICN claim identifier associated with each processed Encounter Data record returned on the files. l. The CHC-MCO must comply with all applicable business the Department’s Business and technical standards at stated in Appendix 1, CHC RFPTechnical Standards including connectivity to the Commonwealth’s network for Extranet access. The CHC-MCO must also comply with any changes made to these Standards. The CHC-MCO must comply with the standards for connectivity to the CommonwealthDepartment’s networkSe-Government Data Exchange Standards. The CHC-MCO’s MIS must be compatible with the Department’s MIS. The CHC-MCO must also comply with the Department’s Se-Government Data Exchange Standards. In addition, the CHC-MCO must comply with any changes made to the Commonwealth's Business and Technical Standards and demonstrate their capacity to manage all business transactions and performance requirementsMMIS. Whenever possible, the Department will provide advance notice of at least sixty (60) days prior to the implementation of changes. For more complex changes, the Department will make every reasonable effort to provide additional notice. m. The CHC-MCO must have the be prepared to document its ability to expand claims processing or MIS capacity should either or both be exceeded through the Enrollment of Participants. n. The CHC-MCO must designate appropriate staff to participate in Department-directed development and implementationactivitiesimplementation activities. o. The CHC-MCO must have formalized System Development Life Cycle processes, procedures, controls, and governance frameworks in place for management of its MIS and affiliated infrastructure; affiliated application, technology, and infrastructure roadmaps in place that outline the current capabilities and future direction of the MIS; and procedures for when CHC-MCO and DHS representatives will be engaged to address current and future business needs and requirements. p. The CHC-MCO Subcontractors must require subcontractors to meet the same MIS requirements as the CHC-CHC- MCO, and the CHC-MCO will be held responsible for MIS errors or noncompliance resulting from the action of a subcontractorSubcontractor. The CHC-MCO must provide its subcontractors Subcontractors with the appropriate files and information to meet this requirement (i.e.e.g., the 834 Daily Eligibility File, Provider files, etc). q. The CHC-MCO's MIS shall be subject to review and approval during the Department's Readiness Review process. r. The CHC-MCO must maintain the security of Commonwealth data and information. This includesinformation including: compliance • Compliance with all applicable Federal and State statutes and regulations regarding security standards; demonstration , • Demonstration that specific controls are in place to safeguard MIS and Commonwealth data and information; , and demonstration • Demonstration of procedures for mitigating data breaches. s. Prior to any major modifications to the CHC-MCO’s MIS system, including upgrades and/or and new purchases, the CHC-MCO must inform the Department in writing of the potential changes at least sixty six (606) days months prior to the change. The CHC-MCO must include provide a work plan detailing recovery effort efforts and the use of parallel system testing. t. The CHC-MCO must be able to accept and generate HIPAA-compliant transactions as required in the ASC X12 Implementation Guides. u. The Department will make reference files (Drug, Procedure Code, and Diagnosis Code) Code reference files available to the CHC-MCO on a routine basis that will to allow it to effectively meet its obligation to provide services and record information consistent with requirements in this Agreement. Information about these files is available on the Pennsylvania HealthChoices Extranet. If the CHC- CHC-MCO chooses not to use these files, it must document the use of comparable files. Exhibit R, Data Support for the CHC-MCO, provides a listing of these files. Information about these files is available on the CHC Intranetto meet its obligation with this Agreement. v. The Department will make available supply Provider informational files on a routine basis that will to allow the CHC-MCO it to effectively meet its obligation to provide services and record information consistent with requirements in this Agreement. The CHC- MCO must use these files to record and provide Provider information, and to reconcile its Provider file with the Department’s Provider file on a regular basis. These files include the include: • List of Active and Closed Providers (PRV-414 and/or PRV-415PRV414 and PRV415) file to meet the obligation to maintain valid MMIS Provider IDs; Managed Care Affiliations • NPI Crosswalk (PRV- 640QPRV430) file to meet the obligation to provide updates on the MCO Provider File (PRV-640); • Provider Revalidation File (PRV720) and NPI Crosswalk • Special Indicators (PRV-430PRV435) file to provide all NPI records active • Network Provider File (Managed Care Affiliates, PRV640Q) The CHC-MCO must use the PRV414 or PRV415 files with the DepartmentPRV430 on a monthly basis to reconcile its Provider database with that of the Department to confirm: • All participating Providers are enrolled in MA for all service locations as defined by MA enrollment rules, • Participating Provider license information is valid, • Provider Types and Specialties match, and • Each Provider’s NPI, taxonomy, and nine-digit zip code for each service location match. Exhibit R, Data Support for the CHC-MCO, provides a listing of these files. Information about these files is available MCOs must use the PRV640Q to reconcile Provider information previously submitted on the Intranet supporting CHCNetwork Provider file (PRV640M). w. The CHC-MCO must have a disaster recovery plan in place and with written policies and procedures documenting the disaster recovery plan, including containing information on system backup and recovery in the event of a disaster. The CHC-MCO must demonstrate its routine back-up and recovery mechanisms, processes, and procedures. x. In addition to the CHC-MCO reconciling the 834 daily and monthly Participants files against its internal Participant information as referenced in Section V.O.2. Participant Files, the The CHC-MCO must reconcile the 820 capitation payment Capitation Payment file against with its internal Participant information, membership information and report any discrepancies to the Department with within thirty (30) days. y. To support the CHC-MCO in meeting the requirements of this agreement, the Department will provide access to the following systems: • The Department’s MMIS • Pennsylvania HealthChoices Extranet • Client Information System (CIS) • Docushare

Management Information Systems. ‌ The CHC-MCO must have a comprehensive, automated and integrated health MIS, including a test environment, MIS that is capable of meeting the requirements listed below and throughout this Agreementagreement. See the information provided on the DHS Internet at the following link: xxxx://xxx.xxx.xx.xxx/provider/busandtechstandards/index.htm. a. The CHC-MCO must have, have at a minimum, minimum the following MIS components or the capability to interface with other systems containing this information: Participants, Provider, Claims processing, Prior Authorization, and Reference. b. The CHC-MCO must have an MIS sufficient to support data reporting requirements specified in this Agreementthisagreement. c. The Participant management system must have the capability to receive, update and maintain the CHC-MCO's Participant files consistent with information provided by the Department. The CHC- MCO must have the capability to provide daily updates of Participant information to subcontractors or Providers with responsibility for processing Claims or authorizing services based on Participant information. d. The CHC-MCO must maintain its Provider file with detailed information on each Provider sufficient to support Provider payment and meet the Department's reporting and Encounter Data requirements. The CHC- CHC-MCO must be able to cross-reference its internal Provider identification number to the correct MMIS PROMISe™ Provider ID and and/or the Provider’s NPI number in the Commonwealth’s MMIS PROMISe™ for each location in which the Provider renders services for the CHC-MCO. The CHC-MCO must verify that each Network Provider service location is enrolled and active with MA. In addition, the CHC-MCO must maintain all service locations in its their own system. The CHC-CHC- MCO must verify that each Network Provider’s license information is valid in the Commonwealth’s MMISPROMISe, and must outreach to Network Providers to stress the importance of maintaining up to date information in the Commonwealth’s MMISPROMISe. The CHC-MCO must require its Network Providers with a specific Provider type/specialty to have the same Provider type/specialty in the Commonwealth’s MMIS PROMISe for each service location. e. The CHC-MCO’s Claims processing system must have the capability to process Claims consistent with timeliness and accuracy requirements identified in this Agreementthisagreement. f. The CHC-MCO’s Prior Authorization system must be linked with the Claims processing component. g. The CHC-MCO’s MIS must be able to maintain Claims history with sufficient detail to meet all Department reporting and Encounter requirements. h. The CHC-MCO’s credentialing system must have the capability to store and report on Provider-Provider specific data sufficient to meet the Provider credentialing requirements outlined in the framework provided by the Department as well as those listed in Exhibit FK(1), Quality Management and Utilization Management Program Requirements. i. The CHC-MCO must have sufficient telecommunication capabilities, including electronic mail, to meet the requirements of this Agreement. j. The CHC-MCO must have the capability to electronically exchange data files with the Department and the IEBIEE. The CHC-MCO must use a secure FTP product that is compatible with the Department’s data exchange standard within the Department’s Business and Technical Standards. k. The CHC-MCO’s MIS must be bidirectionally linked to the other operational systems listed in this Agreementagreement, in order that data captured in Encounter records accurately matches data in Participant, Provider, Claims and authorization files, and in order to enable Encounter Data to be utilized for Participant profiling, Provider profiling, Claims validation, Fraud, Waste Fraud and Abuse monitoring activities, rate setting and any other research and reporting purposes defined by the Department. The Encounter Data system must have a mechanism in place to received, process, receive and reconcile process the U277 and NCPDP response files; and to store the MMIS PROMISe™ ICN claim identifier associated with each processed Encounter Data record returned on the files. l. The CHC-MCO must comply with all applicable business and technical standards at stated in Appendix 1, CHC RFP. The CHC-MCO must comply with the standards for connectivity to the Commonwealth’s network. The CHC-MCO’s MIS must be compatible with the Department’s MIS. The CHC-MCO must also comply with the Department’s Se-Government Data Exchange Standards. In addition, the CHC-MCO must comply with any changes made to the Commonwealth's Business and Technical Standards and demonstrate their capacity to manage all business transactions and performance requirements. Whenever possible, the Department will provide advance notice of at least sixty (60) days prior to the implementation of changes. For more complex changes, the Department will make every reasonable effort to provide additional notice. m. The CHC-MCO must have the ability to expand claims processing or MIS capacity should either or both be exceeded through the Enrollment of Participants. n. The CHC-MCO must designate appropriate staff to participate in Department-DHS directed development and implementationactivitiesimplementation activities. o. The CHC-MCO must have formalized System Development Life Cycle processes, procedures, controls, and governance frameworks in place for management of its MIS and affiliated infrastructure; affiliated application, technology, and infrastructure roadmaps in place that outline outlines the current capabilities and future direction of the MIS; and procedures for when CHC-MCO and DHS representatives will be engaged to address current and future business needs and requirements. p. The CHC-MCO must require subcontractors to meet the same MIS requirements as the CHC-MCO, MCO and the CHC-MCO will be held responsible for MIS errors or noncompliance resulting from the action of a subcontractor. The CHC-MCO must provide its subcontractors with the appropriate files and information to meet this requirement (i.e., i.e. the Daily Eligibility File, Provider files, etc.). q. The CHC-MCO's MIS shall be subject to review and approval during the Department's Readiness Review process. r. The CHC-MCO must maintain the security of Commonwealth data and information. This includes: ; compliance with all applicable Federal federal and State statutes state laws and regulations regarding security standards; demonstration that specific controls are in place to safeguard MIS and Commonwealth data and information; and demonstration of procedures for mitigating data breaches.; s. Prior to any major modifications to the CHC-MCO’s MIS system, including upgrades and/or new purchases, the CHC-MCO must inform the Department in writing of the potential changes at least sixty (60) 60 days prior to the change. The CHC-MCO must include a work plan detailing recovery effort and use of parallel system testing. t. The CHC-MCO must accept and generate HIPAA-HIPAA compliant transactions as required in the ASC X12 Implementation Guides. u. The Department will make reference files (Drug, Procedure Code, Diagnosis Code) available to the CHC-MCO on a routine basis that will allow it to effectively meet its obligation to provide services and record information consistent with requirements in this Agreement. If the CHC- CHC-MCO chooses not to use these files, it must use comparable files. Exhibit RQ, Data Support for the CHC-MCOMCOs, provides a listing of these files. Information about these files is available on the CHC Intranet. v. The Department will make available Provider informational files on a routine basis that will allow the CHC-MCO to effectively meet its obligation consistent with requirements in this Agreement. The CHC- MCO must use these files to record and provide Provider information, and to reconcile its their Provider file with the Department’s Provider file on a regular basis. These files include the List of Active and Closed Providers (PRV-414 and/or PRV-415) file to meet the obligation to maintain valid MMIS PROMISe Provider IDs; Managed Care Affiliations (PRV- 640QPRV-640Q) file to meet the obligation to provide updates on the MCO Provider File (PRV-640); Provider Revalidation File (PRV720) and NPI Crosswalk (PRV-430) file to provide all NPI records active with the Department. Exhibit RQ, Data Support for the CHC-MCOMCOs, provides a listing of these files. Information about these files is available on the Intranet supporting CHC. w. The CHC-MCO must have a disaster recovery plan in place place, and written policies and procedures documenting the disaster recovery plan, plan including information on system backup and recovery in the event of a disaster. The CHC-MCO must demonstrate its their routine back-up and recovery mechanisms, processes, and procedures. x. In addition to the CHC-MCO reconciling the 834 daily and monthly Participants files against its internal Participant information as referenced in Section V.O.2V.O.1. Participant Files, the CHC-MCO must reconcile the 820 capitation payment file against its internal Participant information, and report any discrepancies to the Department with thirty (30) days.

Management Information Systems. ‌ The CHC-MCO must have a comprehensive, automated and integrated health MIS, including a test environment, that is capable of meeting the requirements listed below and throughout this Agreement. See the information provided on the DHS Internet at the following link: xxxx://xxx.xxx.xx.xxx/provider/busandtechstandards/index.htm. a. The CHC-MCO must have, at a minimum, the following MIS components or the capability to interface with other systems containing this information: Participants, Provider, Claims processing, Prior Authorization, and Reference. b. The CHC-MCO must have an MIS sufficient to support data reporting requirements specified in this Agreement. c. The Participant management system must have the capability to receive, update and maintain the CHC-MCO's Participant files consistent with information provided by the Department. The CHC- MCO must have the capability to provide daily updates of Participant information to subcontractors or Providers with responsibility for processing Claims or authorizing services based on Participant information. d. The CHC-MCO must maintain its Provider file with detailed information on each Provider sufficient to support Provider payment and meet the Department's reporting and Encounter Data requirements. The CHC- MCO must be able to cross-reference its internal Provider identification number to the correct MMIS Provider ID and the Provider’s NPI number in the Commonwealth’s MMIS for each location in which the Provider renders services for the CHC-MCO. The CHC-MCO must verify that each Network Provider service location is enrolled and active with MA. In addition, the CHC-MCO must maintain all service locations in its own system. The CHC-MCO must verify that each Network Provider’s license information is valid in the Commonwealth’s MMIS, and must outreach to Network Providers to stress the importance of maintaining up to date information in the Commonwealth’s MMIS. The CHC-MCO must require its Network Providers with a specific Provider type/specialty to have the same Provider type/specialty in the Commonwealth’s MMIS for each service location. e. The CHC-MCO’s Claims processing system must have the capability to process Claims consistent with timeliness and accuracy requirements identified in this Agreement. f. The CHC-MCO’s Prior Authorization system must be linked with the Claims processing component. g. The CHC-MCO’s MIS must be able to maintain Claims history with sufficient detail to meet all Department reporting and Encounter requirements. h. The CHC-MCO’s credentialing system must have the capability to store and report on Provider-specific data sufficient to meet the Provider credentialing requirements outlined in the framework provided by the Department as well as those listed in Exhibit F, Quality Management and Utilization Management Program Requirements. i. The CHC-MCO must have sufficient telecommunication capabilities, including electronic mail, to meet the requirements of this Agreement. j. The CHC-MCO must have the capability to electronically exchange data files with the Department and the IEB. The CHC-MCO must use a secure FTP product that is compatible with the Department’s data exchange standard within the Department’s Business and Technical Standards. k. The CHC-MCO’s MIS must be bidirectionally linked to the other operational systems listed in this Agreement, in order that data captured in Encounter records accurately matches data in Participant, Provider, Claims and authorization files, and in order to enable Encounter Data to be utilized for Participant profiling, Provider profiling, Claims validation, Fraud, Waste and Abuse monitoring activities, rate setting and any other research and reporting purposes defined by the Department. The Encounter Data system must have a mechanism in place to received, process, and reconcile the U277 and NCPDP response files; and to store the MMIS ICN claim identifier associated with each processed Encounter Data record returned on the files. l. The CHC-MCO must comply with all applicable business and technical standards at stated in Appendix 1, CHC RFP. The CHC-MCO must comply with the standards for connectivity to the Commonwealth’s network. The CHC-MCO’s MIS must be compatible with the Department’s MIS. The CHC-MCO must also comply with the Department’s Se-Government Data Exchange Standards. In addition, the CHC-MCO must comply with any changes made to the Commonwealth's Business and Technical Standards and demonstrate their capacity to manage all business transactions and performance requirements. Whenever possible, the Department will provide advance notice of at least sixty (60) days prior to the implementation of changes. For more complex changes, the Department will make every reasonable effort to provide additional notice. m. The CHC-MCO must have the ability to expand claims processing or MIS capacity should either or both be exceeded through the Enrollment of Participants. n. The CHC-MCO must designate appropriate staff to participate in Department-directed development and implementationactivitiesimplementation activities. o. The CHC-MCO must have formalized System Development Life Cycle processes, procedures, controls, and governance frameworks in place for management of its MIS and affiliated infrastructure; affiliated application, technology, and infrastructure roadmaps in place that outline the current capabilities and future direction of the MIS; and procedures for when CHC-MCO and DHS representatives will be engaged to address current and future business needs and requirements. p. The CHC-MCO must require subcontractors to meet the same MIS requirements as the CHC-MCO, and the CHC-MCO will be held responsible for MIS errors or noncompliance resulting from the action of a subcontractor. The CHC-MCO must provide its subcontractors with the appropriate files and information to meet this requirement (i.e., the Daily Eligibility File, Provider files, etc). q. The CHC-MCO's MIS shall be subject to review and approval during the Department's Readiness Review process. r. The CHC-MCO must maintain the security of Commonwealth data and information. This includes: compliance with all applicable Federal and State statutes and regulations regarding security standards; demonstration that specific controls are in place to safeguard MIS and Commonwealth data and information; and demonstration of procedures for mitigating data breaches. s. Prior to any major modifications to the CHC-MCO’s MIS system, including upgrades and/or new purchases, the CHC-MCO must inform the Department in writing of the potential changes at least sixty (60) days prior to the change. The CHC-MCO must include a work plan detailing recovery effort and use of parallel system testing. t. The CHC-MCO must accept and generate HIPAA-compliant transactions as required in the ASC X12 Implementation Guides. u. The Department will make reference files (Drug, Procedure Code, Diagnosis Code) available to the CHC-MCO on a routine basis that will allow it to effectively meet its obligation to provide services and record information consistent with requirements in this Agreement. If the CHC- MCO chooses not to use these files, it must use comparable files. Exhibit R, Data Support for the CHC-MCO, provides a listing of these files. Information about these files is available on the CHC Intranet. v. The Department will make available Provider informational files on a routine basis that will allow the CHC-MCO to effectively meet its obligation consistent with requirements in this Agreement. The CHC- MCO must use these files to record and provide Provider information, and to reconcile its Provider file with the Department’s Provider file on a regular basis. These files include the List of Active and Closed Providers (PRV-414 and/or PRV-415) file to meet the obligation to maintain valid MMIS Provider IDs; Managed Care Affiliations (PRV- 640Q) file to meet the obligation to provide updates on the MCO Provider File (PRV-640); Provider Revalidation File (PRV720) and NPI Crosswalk (PRV-430) file to provide all NPI records active with the Department. Exhibit R, Data Support for the CHC-MCO, provides a listing of these files. Information about these files is available on the Intranet supporting CHC. w. The CHC-MCO must have a disaster recovery plan in place and written policies and procedures documenting the disaster recovery plan, including information on system backup and recovery in the event of a disaster. The CHC-MCO must demonstrate its routine back-up and recovery mechanisms, processes, and procedures. x. In addition to the CHC-MCO reconciling the 834 daily and monthly Participants files against its internal Participant information as referenced in Section V.O.2. Participant Files, the CHC-MCO must reconcile the 820 capitation payment file against its internal Participant information, and report any discrepancies to the Department with thirty (30) days.

Management Information Systems. ‌ The CHC-MCO must have a comprehensive, automated and integrated health MIS, including a test environment, MIS that is capable of meeting the requirements listed below and throughout this Agreementagreement. See the information provided on the DHS Internet at the following link: xxxx://xxx.xxx.xx.xxx/provider/busandtechstandards/index.htm. a. The CHC-MCO must have, have at a minimum, minimum the following MIS components or the capability to interface with other systems containing this information: Participants, Provider, Claims processing, Prior Authorization, and Reference. b. The CHC-MCO must have an MIS sufficient to support data reporting requirements specified in this Agreementagreement. c. The Participant management system must have the capability to receive, update and maintain the CHC-MCO's Participant files consistent with information provided by the Department. The CHC- MCO must have the capability to provide daily updates of Participant information to subcontractors or Providers with responsibility for processing Claims or authorizing services based on Participant information. d. The CHC-MCO must maintain its Provider file with detailed information on each Provider sufficient to support Provider payment and meet the Department's reporting and Encounter Data requirements. The CHC- CHC-MCO must be able to cross-reference its internal Provider identification number to the correct MMIS PROMISe™ Provider ID and and/or the Provider’s NPI number in the Commonwealth’s MMIS PROMISe™ for each location in which the Provider renders services for the CHC-MCO. The CHC-MCO must verify that each Network Provider service location is enrolled and active with MA. In addition, the CHC-MCO must maintain all service locations in its their own system. The CHC-CHC- MCO must verify that each Network Provider’s license information is valid in the Commonwealth’s MMISPROMISe, and must outreach to Network Providers to stress the importance of maintaining up to date information in the Commonwealth’s MMISPROMISe. The CHC-MCO must require its Network Providers with a specific Provider type/specialty to have the same Provider type/specialty in the Commonwealth’s MMIS PROMISe for each service location. e. The CHC-MCO’s Claims processing system must have the capability to process Claims consistent with timeliness and accuracy requirements identified in this Agreementagreement. f. The CHC-MCO’s Prior Authorization system must be linked with the Claims processing component. g. The CHC-MCO’s MIS must be able to maintain Claims history with sufficient detail to meet all Department reporting and Encounter requirements. h. The CHC-MCO’s credentialing system must have the capability to store and report on Provider-Provider specific data sufficient to meet the Provider credentialing requirements outlined in the framework provided by the Department as well as those listed in Exhibit FK(1), Quality Management and Utilization Management Program Requirements. i. The CHC-MCO must have sufficient telecommunication capabilities, including electronic mail, to meet the requirements of this Agreement. j. The CHC-MCO must have the capability to electronically exchange data files with the Department and the IEBIEE. The CHC-MCO must use a secure FTP product that is compatible with the Department’s data exchange standard within the Department’s Business and Technical Standards. k. The CHC-MCO’s MIS must be bidirectionally linked to the other operational systems listed in this Agreementagreement, in order that data captured in Encounter records accurately matches data in Participant, Provider, Claims and authorization files, and in order to enable Encounter Data to be utilized for Participant profiling, Provider profiling, Claims validation, Fraud, Waste Fraud and Abuse monitoring activities, rate setting and any other research and reporting purposes defined by the Department. The Encounter Data system must have a mechanism in place to received, process, receive and reconcile process the U277 and NCPDP response files; and to store the MMIS PROMISe™ ICN claim identifier associated with each processed Encounter Data record returned on the files. l. The CHC-MCO must comply with all applicable business and technical standards at stated in Appendix 1Xxxxxxxx 0, CHC XXX RFP. The CHC-MCO must comply with the standards for connectivity to the Commonwealth’s network. The CHC-MCO’s MIS must be compatible with the Department’s MIS. The CHC-MCO must also comply with the Department’s Se-Government Data Exchange Standards. In addition, the CHC-MCO must comply with any changes made to the Commonwealth's Business and Technical Standards and demonstrate their capacity to manage all business transactions and performance requirements. Whenever possible, the Department will provide advance notice of at least sixty (60) days prior to the implementation of changes. For more complex changes, the Department will make every reasonable effort to provide additional notice. m. The CHC-MCO must have the ability to expand claims processing or MIS capacity should either or both be exceeded through the Enrollment of Participants. n. The CHC-MCO must designate appropriate staff to participate in Department-DHS directed development and implementationactivitiesimplementation activities. o. The CHC-MCO must have formalized System Development Life Cycle processes, procedures, controls, and governance frameworks in place for management of its MIS and affiliated infrastructure; affiliated application, technology, and infrastructure roadmaps in place that outline outlines the current capabilities and future direction of the MIS; and procedures for when CHC-MCO and DHS representatives will be engaged to address current and future business needs and requirements. p. The CHC-MCO must require subcontractors to meet the same MIS requirements as the CHC-MCO, MCO and the CHC-MCO will be held responsible for MIS errors or noncompliance resulting from the action of a subcontractor. The CHC-MCO must provide its subcontractors with the appropriate files and information to meet this requirement (i.e., i.e. the Daily Eligibility File, Provider files, etc.). q. The CHC-MCO's MIS shall be subject to review and approval during the Department's Readiness Review process. r. The CHC-MCO must maintain the security of Commonwealth data and information. This includes: ; compliance with all applicable Federal federal and State statutes state laws and regulations regarding security standards; demonstration that specific controls are in place to safeguard MIS and Commonwealth data and information; and demonstration of procedures for mitigating data breaches.; s. Prior to any major modifications to the CHC-MCO’s MIS system, including upgrades and/or new purchases, the CHC-MCO must inform the Department in writing of the potential changes at least sixty (60) 60 days prior to the change. The CHC-MCO must include a work plan detailing recovery effort and use of parallel system testing. t. The CHC-MCO must accept and generate HIPAA-HIPAA compliant transactions as required in the ASC X12 Implementation Guides. u. The Department will make reference files (Drug, Procedure Code, Diagnosis Code) available to the CHC-MCO on a routine basis that will allow it to effectively meet its obligation to provide services and record information consistent with requirements in this Agreement. If the CHC- CHC-MCO chooses not to use these files, it must use comparable files. Exhibit RQ, Data Support for the CHC-MCOMCOs, provides a listing of these files. Information about these files is available on the CHC Intranet. v. The Department will make available Provider informational files on a routine basis that will allow the CHC-MCO to effectively meet its obligation consistent with requirements in this Agreement. The CHC- MCO must use these files to record and provide Provider information, and to reconcile its their Provider file with the Department’s Provider file on a regular basis. These files include the List of Active and Closed Providers (PRV-414 and/or PRV-415) file to meet the obligation to maintain valid MMIS PROMISe Provider IDs; Managed Care Affiliations (PRV- 640QPRV-640Q) file to meet the obligation to provide updates on the MCO Provider File (PRV-640); Provider Revalidation File (PRV720) and NPI Crosswalk (PRV-430) file to provide all NPI records active with the Department. Exhibit RQ, Data Support for the CHC-MCOMCOs, provides a listing of these files. Information about these files is available on the Intranet supporting CHC. w. The CHC-MCO must have a disaster recovery plan in place place, and written policies and procedures documenting the disaster recovery plan, plan including information on system backup and recovery in the event of a disaster. The CHC-MCO must demonstrate its their routine back-up and recovery mechanisms, processes, and procedures. x. In addition to the CHC-MCO reconciling the 834 daily and monthly Participants files against its internal Participant information as referenced in Section V.O.2V.O.1. Participant Files, the CHC-MCO must reconcile the 820 capitation payment file against its internal Participant information, and report any discrepancies to the Department with thirty (30) days.

Management Information Systems. ‌ The CHCPH-MCO must have a comprehensive, automated and integrated health MIS, including MIS that includes a test environment, that and is capable of meeting the requirements listed below and throughout this Agreement. See the information provided on the DHS Internet at the following link: xxxx://xxx.xxx.xx.xxx/provider/busandtechstandards/index.htm.xxxx://xxx.xxx.xx.xxx/provider/busandtechstandards/appii/index.htm a. The CHCPH-MCO must have, have at a minimum, minimum the following components to its MIS components or the capability to interface with link to other systems containing this information: ParticipantsMembership, Provider, Claims processing, Prior Authorization, and Reference. b. The CHCPH-MCO must have an MIS sufficient to support data reporting requirements specified in this Agreement. c. The Participant PH-MCO’s membership management system must have the capability to receive, update and maintain the CHCPH-MCO's Participant membership files consistent with information provided by the Department. The CHC- PH-MCO must have the capability to provide daily updates of Participant membership information to subcontractors Subcontractors or Providers with responsibility for processing Claims or authorizing services based on Participant membership information. d. The CHCPH-MCO MCO’s Provider database must maintain its Provider file be maintained with detailed information on each Provider sufficient to support Provider payment and also meet the Department's reporting and Encounter Data requirements. The CHC- PH-MCO must also be able to cross-reference its internal Provider identification number to the correct MMIS PROMISe™ Provider ID and and/or the Provider’s NPI number in the Commonwealth’s MMIS PROMISe™ for each location in which the Provider renders services for the CHCPH-MCO. The CHCPH-MCO must verify ensure that each Network Provider provider service location is enrolled and active with MAMedical Assistance. In addition, the CHCPH-MCO must maintain all service locations in its their own system. The CHCPH-MCO must verify ensure that each Network Providerprovider’s license information is kept valid in the Commonwealth’s MMISPROMISe™, and must outreach to Network Providers their providers to stress the importance of maintaining up to date information in PROMISe™. Additionally, the Commonwealth’s MMIS. The CHCPH-MCO must require its Network Providers ensure that providers enrolled in their network with a specific Provider provider type/specialty to have the same Provider provider type/specialty in the Commonwealth’s MMIS PROMISe™ for each service location. e. The CHCPH-MCO’s Claims processing system must have the capability to process Claims consistent with timeliness and accuracy requirements identified in this Agreement. f. The CHCPH-MCO’s Prior Authorization system must be linked with the Claims processing component. g. The CHCPH-MCO’s MIS must be able to maintain its Claims history with sufficient detail to meet all Department reporting and Encounter Data requirements. h. The CHCPH-MCO’s credentialing system must have the capability to store and report on Provider-Provider specific data sufficient to meet the Provider credentialing requirements outlined in the framework provided by the Department as well as those listed in Exhibit FM(1), Quality Management and Utilization Management Program Requirements, of this Agreement. i. The CHCPH-MCO must have sufficient telecommunication capabilities, including electronic mail, to meet the requirements of this Agreement. j. The CHCPH-MCO must have the capability to electronically exchange transfer data files with the Department and the IEBEAP broker. The CHCPH-MCO must use a secure FTP product that is compatible with the Department’s data exchange standard within the Department’s Business and Technical Standardsproduct. k. The CHCPH-MCO’s MIS must be bidirectionally bi-directionally linked to the other operational systems listed in this Agreement, in order that data captured in Encounter records accurately matches data in ParticipantMember, Provider, Claims and authorization Authorization files, and in order to enable Encounter Data to be utilized for Participant Member profiling, Provider profiling, Claims validation, Fraud, Waste Fraud and Abuse monitoring activities, rate setting and any other research and reporting purposes defined by the Department. The Encounter Data system must have a mechanism in place to received, process, and reconcile the U277 and NCPDP response files; and to store the MMIS ICN claim identifier associated with each processed Encounter Data record returned on the files. l. The CHCPH-MCO must comply with all applicable business and technical standards available on the DHS Internet site at stated in Appendix 1, CHC RFPthe following link: xxxx://xxx.xxx.xx.xxx/provider/busandtechstandards/index. The CHC-MCO must comply htm. This includes compliance with the standards for connectivity to the Commonwealth’s network. The CHC-PH­ MCO’s MIS must be compatible with the Department’s MIS. The CHCPH-MCO must also comply with the Department’s Se-Se- Government Data Exchange Standards. In addition, the CHC-PH­ MCO must comply with any changes made to the Commonwealth's Business and Technical Standards and demonstrate their capacity to manage all business transactions and performance requirementsStandards. Whenever possible, the Department will provide advance notice of at least sixty (60) days prior to the implementation of changes. For more complex changes, the Department every effort will make every reasonable effort be made to provide additional notice. m. The CHCPH-MCO must have the be prepared to document its ability to expand claims processing or MIS capacity should either or both be exceeded through the Enrollment enrollment of ParticipantsMembers. n. The CHCPH-MCO must designate appropriate staff to participate in Department-DHS directed development and implementationactivitiesimplementation activities. o. The CHC-MCO Subcontractors must have formalized System Development Life Cycle processes, procedures, controls, and governance frameworks in place for management of its MIS and affiliated infrastructure; affiliated application, technology, and infrastructure roadmaps in place that outline the current capabilities and future direction of the MIS; and procedures for when CHC-MCO and DHS representatives will be engaged to address current and future business needs and requirements. p. The CHC-MCO must require subcontractors to meet the same MIS requirements as the CHCPH-MCO, MCO and the CHCPH-MCO will be held responsible for MIS errors or noncompliance resulting from the action of a subcontractorSubcontractor. The CHCPH-MCO must provide its subcontractors Subcontractors with the appropriate files and information to meet this requirement (i.e.i.e. the daily eligibility file, the Daily Eligibility File, Provider provider files, etc.). q. p. The CHCPH-MCO's MIS shall be subject to review and approval during the Department's HealthChoices Readiness Review processprocess as referenced in Section VI of this Agreement, Program Outcomes and Deliverables. r. The CHC-MCO must maintain the security of Commonwealth data and information. This includes: compliance with all applicable Federal and State statutes and regulations regarding security standards; demonstration that specific controls are in place to safeguard MIS and Commonwealth data and information; and demonstration of procedures for mitigating data breaches. s. q. Prior to any major modifications to the CHCPH-MCO’s MIS information system, including upgrades and/or new purchases, the CHC-PH­ MCO must inform the Department in writing of the potential changes at least sixty (60) 60 days prior to the change. The CHCPH-MCO must include a work plan detailing recovery effort and use of parallel system testing. t. r. The CHCPH-MCO must be able to accept and generate HIPAA-HIPAA compliant transactions as required in the ASC X12 Implementation Guides. u. s. The Department will make reference files (Drug, Procedure Code, Diagnosis Code) available to the CHCPH-MCO on a routine basis that will allow it to effectively meet its obligation to provide services and record information consistent with requirements in this Agreement. If the CHC- PH-MCO chooses not to use these files, it must use comparable files to meet its obligation with this Agreement. Information about these files is available on the HealthChoices Intranet site. t. The Department will make available provider informational files on a routine basis that will allow the PH-MCO to effectively meet its obligation consistent with requirements in this Agreement. These files include: List of Active and Closed Providers (PRV414 and PRV415) file; NPI Crosswalk (PRV430) file; Special Indicators (PR435) file; and Provider Revalidation File (PRV720). The PH-MCO must use these files to record provider information, and to reconcile their provider file with the Department’s provider file. The PRV414 and/or PRV415 file, in coordination with the PRV430 file, must be used monthly to reconcile the PH-MCO’s provider file against the provider information listed in PROMISe™ to include the following: • Confirm all participating providers are enrolled in MA for all service locations as defined by MA enrollment rules. • Confirm participating provider license information is valid in PROMISe™. • Confirm the PT/Specialty is the same in PROMISe™. • Confirm that NPI/Taxonomy/Nine-digit Zip matches PROMISe™ for each service location. Any provider that does not enroll with MA cannot be enrolled as a participating provider in the PH-MCO. Discrepancies must be addressed with the provider. The PRV640Q file must be used to reconcile what had been previously sent on the PRV640 files. Exhibit RCC, Data Support for the CHCPH-MCOMCOs, provides a listing of these files. Information about these files is available on the CHC IntranetHealthChoices Intranet site. v. u. The Department will make available Provider informational files on a routine basis that will allow the CHC-MCO to effectively meet its obligation consistent with requirements in this Agreement. The CHC- MCO must use these files to record and provide Provider information, and to reconcile its Provider file with the Department’s Provider file on a regular basis. These files include the List of Active and Closed Providers (PRV-414 and/or PRV-415) file to meet the obligation to maintain valid MMIS Provider IDs; Managed Care Affiliations (PRV- 640Q) file to meet the obligation to provide updates on the MCO Provider File (PRV-640); Provider Revalidation File (PRV720) and NPI Crosswalk (PRV-430) file to provide all NPI records active with the Department. Exhibit R, Data Support for the CHC-MCO, provides a listing of these files. Information about these files is available on the Intranet supporting CHC. w. The CHCPH-MCO must have a disaster recovery plan in place place, and written policies and procedures documenting the disaster recovery plan, plan including information on system backup and recovery in the event of a disaster. The CHC-MCO must demonstrate its routine back-up and recovery mechanisms, processes, and procedures. x. v. In addition to the CHCPH-MCO reconciling the 834 daily and monthly Participants membership files against its internal Participant membership information as referenced in Section V.O.2. Participant FilesV.F.10 of this Agreement, the CHCPH-MCO must also reconcile the 820 capitation payment file against its internal Participant membership information, and report any discrepancies to the Department with thirty (30) days. w. To support the PH-MCOs in meeting the requirements of this agreement, the Department will provide access to the following systems: • Client Information System (CIS) • HealthChoices Intranet • PROMISe™ Intranet • PROMISe™ Internet • Docushare Access to these systems is in addition to the various files that PH-MCOs will receive via secure file transfer. For more information on gaining access to CIS, PROMISe™, Intranet, and Docushare, please refer to the HealthChoices Intranet at the following link: xxxxx://xxxxxxxx.xxx.xxxxx.xx.xx/HealthChoices/custom/genera l/forms/security.asp.

Management Information Systems. ‌ The CHC-MCO must have a comprehensive, automated automated, and integrated health MIS, including MIS that includes a test environment, that environment and is capable of meeting the requirements listed below and throughout this Agreement. See the information provided Information on Business and Technical Standards is available on the DHS Internet at the following link: xxxx://xxx.xxx.xx.xxx/provider/busandtechstandards/index.htmwebsite. a. The CHC-MCO must have, at have a minimum, minimum of the following MIS components or the capability to interface with other systems containing this information: ParticipantsParticipant, Provider, Claims processing, Prior Authorization, and ReferenceReference data. b. The CHC-MCO must have an a sufficient MIS sufficient to support data reporting requirements specified in this Agreement. c. The CHC-MCO’s Participant management system must have the capability to receive, update and maintain the CHC-MCO's Participant files consistent with information specifications provided by the Department. The CHC- CHC-MCO must have the capability to provide daily updates of Participant information to subcontractors or Subcontractors and Providers with who have responsibility for processing Claims or authorizing services based on Participant information. d. The CHC-MCO MCO’s Provider database must maintain its Provider file be maintained with detailed information on each Provider sufficient to support Provider payment and meet the Department's reporting and Encounter Data requirements. The CHC- CHC-MCO must be able to cross-reference its internal Provider identification number to the correct MMIS Provider ID and the Provider’s NPI number in the CommonwealthDepartment’s MMIS for each location in at which the Provider renders services for the CHC-MCO. The CHC-MCO must verify that each Network Provider service location is enrolled and active with MA. In addition, the CHC-MCO must maintain and that information for all service locations is maintained in its own system. The CHC-MCO must verify that each Network Provider’s license information is valid in the CommonwealthDepartment’s MMIS, MMIS and must outreach to Network Providers to stress the importance of maintaining up to date information in the CommonwealthDepartment’s MMIS. The CHC-MCO must require its Network Providers with a specific Provider type/specialty to types and specialties have the same Provider type/specialty types and specialties in the CommonwealthDepartment’s MMIS for each service location. e. The CHC-MCO’s Claims processing Processing system must have the capability to process Claims consistent with timeliness and accuracy requirements identified in this Agreement. f. The CHC-MCO’s Prior Authorization system must be linked with the its Claims processing Processing component. g. The CHC-MCO’s MIS must be able to maintain its Claims history with sufficient detail to meet all Department reporting and Encounter Data requirements. h. The CHC-MCO’s credentialing system must have the capability to store and report on Provider-specific data sufficient to meet the Provider Department’s credentialing requirements outlined in the framework provided by the Department as well as and those listed in Exhibit F, Quality Management and Utilization Management Program Requirements. i. The CHC-MCO must have sufficient telecommunication capabilities, including electronic mailemail, to meet the requirements of this Agreement. j. The CHC-MCO must have the capability to electronically exchange data files with the Department and the IEB. The CHC-MCO must use a secure FTP product that is compatible with the Department’s data exchange standard within the Department’s Business and Technical Standardsproduct. k. The CHC-MCO’s MIS must be bidirectionally linked to the other operational systems listed in this Agreement, in order that data captured in Encounter records accurately matches data in Participant, Provider, Claims and authorization files, and in order to enable Encounter Data to be utilized for Participant profiling, Provider profiling, Claims validation, Fraud, Waste and Abuse monitoring activities, rate setting and any other research and reporting purposes defined by the Department. The Encounter Data system must have a mechanism in place to received, process, and reconcile the U277 and NCPDP response files; and to store the MMIS ICN claim identifier associated with each processed Encounter Data record returned on the files. l. The CHC-MCO must comply with all applicable business and technical standards at stated in Appendix 1, CHC RFP. The CHC-MCO must comply with the standards for connectivity to the Commonwealth’s network. The CHC-MCO’s MIS must be compatible with the Department’s MIS. The CHC-MCO must also comply with the Department’s Se-Government Data Exchange Standards. In addition, the CHC-MCO must comply with any changes made to the Commonwealth's Business and Technical Standards and demonstrate their capacity to manage all business transactions and performance requirements. Whenever possible, the Department will provide advance notice of at least sixty (60) days prior to the implementation of changes. For more complex changes, the Department will make every reasonable effort to provide additional notice. m. The CHC-MCO must have the ability to expand claims processing or MIS capacity should either or both be exceeded through the Enrollment of Participants. n. The CHC-MCO must designate appropriate staff to participate in Department-directed development and implementationactivities. o. The CHC-MCO must have formalized System Development Life Cycle processes, procedures, controls, and governance frameworks in place for management of its MIS and affiliated infrastructure; affiliated application, technology, and infrastructure roadmaps in place that outline the current capabilities and future direction of the MIS; and procedures for when CHC-MCO and DHS representatives will be engaged to address current and future business needs and requirements. p. The CHC-MCO must require subcontractors to meet the same MIS requirements as the CHC-MCO, and the CHC-MCO will be held responsible for MIS errors or noncompliance resulting from the action of a subcontractor. The CHC-MCO must provide its subcontractors with the appropriate files and information to meet this requirement (i.e., the Daily Eligibility File, Provider files, etc). q. The CHC-MCO's MIS shall be subject to review and approval during the Department's Readiness Review process. r. The CHC-MCO must maintain the security of Commonwealth data and information. This includes: compliance with all applicable Federal and State statutes and regulations regarding security standards; demonstration that specific controls are in place to safeguard MIS and Commonwealth data and information; and demonstration of procedures for mitigating data breaches. s. Prior to any major modifications to the CHC-MCO’s MIS system, including upgrades and/or new purchases, the CHC-MCO must inform the Department in writing of the potential changes at least sixty (60) days prior to the change. The CHC-MCO must include a work plan detailing recovery effort and use of parallel system testing. t. The CHC-MCO must accept and generate HIPAA-compliant transactions as required in the ASC X12 Implementation Guides. u. The Department will make reference files (Drug, Procedure Code, Diagnosis Code) available to the CHC-MCO on a routine basis that will allow it to effectively meet its obligation to provide services and record information consistent with requirements in this Agreement. If the CHC- MCO chooses not to use these files, it must use comparable files. Exhibit R, Data Support for the CHC-MCO, provides a listing of these files. Information about these files is available on the CHC Intranet. v. The Department will make available Provider informational files on a routine basis that will allow the CHC-MCO to effectively meet its obligation consistent with requirements in this Agreement. The CHC- MCO must use these files to record and provide Provider information, and to reconcile its Provider file with the Department’s Provider file on a regular basis. These files include the List of Active and Closed Providers (PRV-414 and/or PRV-415) file to meet the obligation to maintain valid MMIS Provider IDs; Managed Care Affiliations (PRV- 640Q) file to meet the obligation to provide updates on the MCO Provider File (PRV-640); Provider Revalidation File (PRV720) and NPI Crosswalk (PRV-430) file to provide all NPI records active with the Department. Exhibit R, Data Support for the CHC-MCO, provides a listing of these files. Information about these files is available on the Intranet supporting CHC. w. The CHC-MCO must have a disaster recovery plan in place and written policies and procedures documenting the disaster recovery plan, including information on system backup and recovery in the event of a disaster. The CHC-MCO must demonstrate its routine back-up and recovery mechanisms, processes, and procedures. x. In addition to the CHC-MCO reconciling the 834 daily and monthly Participants files against its internal Participant information as referenced in Section V.O.2. Participant Files, the CHC-MCO must reconcile the 820 capitation payment file against its internal Participant information, and report any discrepancies to the Department with thirty (30) days.operational

Management Information Systems. ‌ The CHC-MCO must have a comprehensive, automated and integrated health MIS, including a test environment, MIS that is capable of meeting the requirements listed below and throughout this Agreementagreement. See the information provided on the onthe DHS Internet at the following link: xxxx://xxx.xxx.xx.xxx/provider/busandtechstandards/index.htm.(added at a later time).‌ a. The CHC-MCO must have, have at a minimum, minimum the following components to its MIS components or the capability to interface with link to other systems containing this information: Participants, Provider, Claims processing, Prior Authorization, and Reference.Reference.‌ b. The CHC-MCO must have an MIS sufficient to support data reporting requirements specified in this Agreement.agreement.‌ c. The Participant management system must have the capability to receive, update and maintain the CHC-MCO's Participant files consistent with information provided by the Department. The CHC- CHC-MCO must have the capability to provide daily updates of Participant information to subcontractors or Providers with responsibility for processing Claims or authorizing services based on Participant information.information.‌ d. The CHC-MCO must maintain its MCO’s Provider file must be maintained with detailed information on each Provider sufficient to support Provider payment and also meet the Department's reporting and Encounter Data requirements. The CHC- CHC-MCO must also be able to cross-reference its internal Provider identification number to the correct MMIS PROMISe™ Provider ID and and/or the Provider’s NPI number in the Commonwealth’s MMIS PROMISe™ for each location in which the Provider renders services for the CHC-MCO. The CHC-MCO must verify ensure that each Network Provider provider service location is enrolled and active with MAMedical Assistance. In addition, the CHC-MCO must maintain all service locations in its their own system. The CHC-MCO must verify ensure that each Network Provider’s license information is kept valid in the Commonwealth’s MMISPROMISe, and must outreach to Network their Providers to stress the importance of maintaining up to date information in PROMISe. Additionally, the Commonwealth’s MMIS. The CHC-MCO must require its Network ensure that Providers enrolled in their‌ network with a specific Provider type/specialty to have the same Provider type/specialty in the Commonwealth’s MMIS PROMISe for each service location.location.‌‌ e. The CHC-MCO’s Claims processing system must have the capability to process Claims consistent with timeliness and accuracy requirements identified in this Agreement.agreement.‌ f. The CHC-MCO’s Prior Authorization system must be linked with the Claims processing component.component.‌ g. The CHC-MCO’s MIS must be able to maintain its Claims history with sufficient detail to meet all Department reporting and Encounter requirements.requirements.‌ h. The CHC-MCO’s credentialing system must have the capability to store and report on Provider-Provider specific data sufficient to meet the Provider credentialing requirements outlined in the framework provided by the Department as well as those listed in Exhibit FM(1), Quality Management and Utilization Management Program Requirements., of this agreement.‌ i. The CHC-MCO must have sufficient telecommunication capabilities, including electronic mail, to meet the requirements of this Agreement.agreement.‌ j. The CHC-MCO must have the capability to electronically exchange transfer data files with the Department and the IEBIEE. The CHC-MCO must use a secure FTP product that is compatible with the Department’s data exchange standard within the Department’s Business and Technical Standards.product.‌ k. The CHC-MCO’s MIS must be bidirectionally linked to the other operational systems listed in this Agreementagreement, in order that data captured in Encounter records accurately matches data in Participant, Provider, Claims and authorization files, and in order to enable Encounter Data to be utilized for Participant profiling, Provider profiling, Claims validation, Fraud, Waste Fraud and Abuse monitoring activities, rate setting and any other research and reporting purposes defined by the Department. The Encounter Data system must have a mechanism in place to received, process, receive and reconcile process the U277 and NCPDP response files; and to store the MMIS PROMISe™ ICN claim identifier associated with each processed Encounter Data record returned on the files.files.‌ l. The CHC-MCO must comply with all applicable business and technical standards available on the DHS Internet site at stated in Appendix 1, CHC RFPthe following link: xxxx://xxx.xxx.xxxxx.xx.xx/cs/groups/webcontent/document s/communication/p_031942.pdf. The CHC-MCO must comply This includes compliance with the standards for connectivity to the Commonwealth’s network. The CHC-MCO’s MIS must be compatible with with‌‌‌‌ the Department’s MIS. The CHC-MCO must also comply with the Department’s Se-Government Data Exchange Standards. In addition, the CHC-MCO must comply with any changes made to the Commonwealth's Business and Technical Standards and demonstrate their capacity to manage all business transactions and performance requirementsStandards. Whenever possible, the Department will provide advance notice of at least sixty (60) days prior to the implementation of changes. For more complex changes, the Department every effort will make every reasonable effort be made to provide additional notice.notice.‌ m. The CHC-MCO must have the be prepared to document its ability to expand claims processing or MIS capacity should either or both be exceeded through the Enrollment of Participants.Participants.‌ n. The CHC-MCO must designate appropriate staff to participate in Department-DHS directed development and implementationactivities.implementation activities.‌ o. The CHC-MCO Subcontractors must have formalized System Development Life Cycle processes, procedures, controls, and governance frameworks in place for management of its MIS and affiliated infrastructure; affiliated application, technology, and infrastructure roadmaps in place that outline the current capabilities and future direction of the MIS; and procedures for when CHC-MCO and DHS representatives will be engaged to address current and future business needs and requirements. p. The CHC-MCO must require subcontractors to meet the same MIS requirements as the CHC-MCO, MCO and the CHC-MCO will be held responsible for MIS errors or noncompliance resulting from the action of a subcontractor. The CHC-MCO must provide its subcontractors with the appropriate files and information to meet this requirement (i.e., i.e. the Daily Eligibility Filedaily eligibility file, Provider files, etc).etc.)‌ q. p. The CHC-MCO's MIS shall be subject to review and approval during the Department's Community HealthChoices Readiness Review process.process as referenced in Section VI of this agreement, Program Outcomes and Deliverables.‌ r. The CHC-MCO must maintain the security of Commonwealth data and information. This includes: compliance with all applicable Federal and State statutes and regulations regarding security standards; demonstration that specific controls are in place to safeguard MIS and Commonwealth data and information; and demonstration of procedures for mitigating data breaches. s. q. Prior to any major modifications to the CHC-MCO’s MIS information system, including upgrades and/or new purchases, the CHC-MCO must inform the Department in writing of the potential changes at least sixty (60) 60 days prior to the change. The CHC-MCO must include a work plan detailing recovery effort and use of parallel system testing.testing.‌ t. r. The CHC-MCO must be able to accept and generate HIPAA-HIPAA compliant transactions as required in the ASC X12 Implementation Guides.Guides.‌ u. s. The Department will make reference files (Drug, Procedure Code, Diagnosis Code) available to the CHC-MCO on a routine basis that will allow it to effectively meet its obligation to provide services and record information consistent with requirements in this Agreementagreement. If the CHC- CHC-MCO chooses not to use these files, it must use comparable filesfiles to meet its obligation with this agreement. Exhibit RCC, Data Support for the CHC-MCOMCOs, provides a listing of these files. Information about these files is available on the CHC Intranet.Intranet supporting CHC.‌ v. t. The Department will make available Provider informational files on a routine basis that will allow the CHC-MCO to effectively meet its obligation consistent with requirements in this Agreementagreement. The CHC- CHC-MCO must use these files to record and provide Provider information, and to reconcile its their Provider file with the Department’s Provider file on a regular basis. These files include the List of Active and Closed Providers (PRV-414 and/or PRV-415) file to meet the obligation to maintain valid MMIS PROMISe Provider IDs; Managed Care Affiliations (PRV- 640QPRV-640Q) file to meet the obligation to provide updates on the MCO Provider File (PRV-640); Provider Revalidation File (PRV720) and NPI Crosswalk (PRV-430) file to provide all NPI records active with the Department. Exhibit RCC, Data Support for the CHC-MCOCHC- MCOs, provides a listing of these files. Information about these files is available on the Intranet supporting CHC. w. u. The CHC-MCO must have a disaster recovery plan in place place, and written policies and procedures documenting the disaster recovery plan, plan including information on system backup and recovery in the event of a disaster. The CHC-MCO must demonstrate its routine back-up and recovery mechanisms, processes, and procedures.disaster.‌ x. v. In addition to the CHC-MCO reconciling the 834 daily and monthly Participants files against its internal Participant information as referenced in Section V.O.2. Participant FilesV.F.10 of this agreement, the CHC-MCO must also reconcile the 820 capitation payment file against its internal Participant information, and report any discrepancies to the Department with thirty (30) days.days.‌

Management Information Systems. ‌ The CHCCHIP-MCO must have a comprehensive, automated automated, and integrated health MIS, including MIS that includes a test environment, that and is capable of meeting the requirements listed below and throughout this Agreement. See the information provided Information on Business and Technical Standards is available on the DHS Internet at the following link: xxxx://xxx.xxx.xx.xxx/provider/busandtechstandards/index.htmwebsite. a. The CHCCHIP-MCO must have, at have a minimum, minimum of the following MIS components or the capability to interface with other data systems containing this informationcontaining: ParticipantsMembership, Provider, Claims processingProcessing, Prior Authorization, and Reference. b. The CHCCHIP-MCO must have an MIS sufficient to support data reporting requirements specified in this Agreement. c. The Participant CHIP-MCO’s enrollment management system must have the capability to receive, update and maintain the CHC-MCO's Participant enrollment files consistent with information specifications provided by the Department. The CHC- CHIP-MCO must have the capability to provide daily updates of Participant membership information to subcontractors or Subcontractors and Providers with who have responsibility for processing Claims or and authorizing services based on Participant enrollment information. d. The CHCCHIP-MCO MCO’s Provider database must maintain its Provider file be maintained with detailed information on each Provider sufficient to support Provider payment and meet the Department's reporting and Encounter Data requirements. The CHC- CHIP-MCO must be able to cross-reference its internal Provider identification number to the correct MMIS Provider ID and the Provider’s Provider NPI number in the CommonwealthDepartment’s MMIS for each location in at which the Provider renders services for the CHCCHIP-MCO. The CHCCHIP-MCO must verify ensure that each Network Provider service location is enrolled and active with MA. In addition, the CHC-MCO must maintain MA or CHIP and that information for all service locations is maintained in its own system. The CHCCHIP-MCO must verify that each Network Provider’s license information is valid in the CommonwealthDepartment’s MMIS, MMIS and must outreach to Network Providers to stress the importance of maintaining up to date information in the CommonwealthDepartment’s MMIS. The CHCCHIP-MCO must require its Network Providers with a specific Provider type/specialty to types and specialties have the same Provider type/specialty types and specialties in the CommonwealthDepartment’s MMIS for each service location. e. The CHCCHIP-MCO’s Claims processing system must have the capability to process Claims consistent with timeliness and accuracy requirements identified in this Agreement. f. The CHCCHIP-MCO’s Prior Authorization system must be linked with the its Claims processing component. g. The CHCCHIP-MCO’s MIS must be able to maintain its Claims history with sufficient detail to meet all Department reporting and Encounter Data requirements. h. The CHCCHIP-MCO’s credentialing system must have the capability to store and report on Provider-Provider specific data sufficient to meet the Provider Department’s credentialing requirements outlined in the framework provided by the Department as well as and those listed in Exhibit FG, Quality Management and Utilization Management Program Requirements. i. The CHCCHIP-MCO must have sufficient telecommunication capabilities, including electronic mailemail, to meet the requirements of this Agreement. j. The CHCCHIP-MCO must have the capability to electronically exchange data files with the Department and the IEBEAP broker. The CHCCHIP-MCO must use a secure FTP product that is compatible with the Department’s data exchange standard within the Department’s Business and Technical Standardsproduct. k. The CHCCHIP-MCO’s MIS must be bidirectionally bi-directionally linked to the other all operational systems listed in this Agreement, in order so that data captured in Encounter records accurately matches data in ParticipantMember, Provider, Claims and authorization Prior Authorization files, and in order to enable . Encounter Data to will be utilized for Participant profiling, for: • Member and Provider profiling, profiling • Claims validation, Fraud, Waste validation • Fraud and Abuse monitoring activities, rate activities • Rate setting and any • Any other research and reporting purposes defined by the Department. The Encounter Data system must have a mechanism in place to received, process, and reconcile the U277 and NCPDP response files; and to store the MMIS ICN claim identifier associated with each processed Encounter Data record returned on the files. l. The CHC-MCO must comply with all applicable business and technical standards at stated in Appendix 1, CHC RFP. The CHCCHIP-MCO must comply with the standards for Department’s Business and Technical Standards including connectivity to the Commonwealth’s networknetwork for Extranet access. The CHC-MCO’s MIS must be compatible with the Department’s MIS. The CHCCHIP-MCO must also comply with any changesmade to these standards. CHIP-MCOs must comply with the Department’s Se-Se- Government Data Exchange Standards. In addition, the CHC-MCO must comply with any changes made to the Commonwealth's Business and Technical Standards and demonstrate their capacity to manage all business transactions and performance requirements. Whenever possible, the Department will provide advance notice of at least sixty (60) days prior to the implementation of changes. For more complex changes, the Department will make every reasonable effort to provide additional notice. m. The CHCCHIP-MCO must have the be prepared to document its ability to expand claims processing or MIS capacity should either or both be exceeded through the Enrollment enrollment of ParticipantsEnrollees. n. The CHCCHIP-MCO must designate appropriate staff to participate in Department-DHS directed development and implementationactivitiesimplementation activities. o. The CHC-MCO Subcontractors must have formalized System Development Life Cycle processes, procedures, controls, and governance frameworks in place for management of its MIS and affiliated infrastructure; affiliated application, technology, and infrastructure roadmaps in place that outline the current capabilities and future direction of the MIS; and procedures for when CHC-MCO and DHS representatives will be engaged to address current and future business needs and requirements. p. The CHC-MCO must require subcontractors to meet the same MIS requirements as the CHCCHIP-MCO, MCO and the CHCCHIP-MCO will be held responsible for MIS errors or noncompliance resulting from the action of a subcontractorSubcontractor. The CHCCHIP-MCO must provide its subcontractors Subcontractors with the appropriate files and information to meet this requirement (i.e.e.g., the Daily Monthly 834 Eligibility File, . Provider files, etc). q. p. The CHCCHIP-MCO's MIS shall be subject to review and approval during the Department's CHIP Readiness Review processprocess as referenced in Section VI of this Agreement, Program Outcomes and Deliverables. r. The CHC-MCO must maintain the security of Commonwealth data and information. This includes: compliance with all applicable Federal and State statutes and regulations regarding security standards; demonstration that specific controls are in place to safeguard MIS and Commonwealth data and information; and demonstration of procedures for mitigating data breaches. s. q. Prior to any major modifications to the CHCCHIP-MCO’s MIS systemMIS, including upgrades and/or and new purchases, the CHCCHIP-MCO must inform the Department in writing of the potential changes at least sixty six (606) days months prior to the change. The CHCCHIP-MCO must include provide a work plan workplan detailing recovery effort efforts and the use of parallel system systems testing. t. r. The CHCCHIP-MCO must be able to accept and generate HIPAA-HIPAA compliant transactions as required in the ASC X12 Implementation Guides. u. s. The Department will make reference files (Drug, Procedure Code, and Diagnosis Code) Code reference files available to the CHCCHIP-MCO on a routine basis that will to allow it to effectively meet its obligation to provide services and record information consistent with requirements in this Agreement. Information about these files is available on the Pennsylvania HealthChoices Extranet site If the CHC- CHIP-MCO chooses not to use these files, it must document the use of comparable files. Exhibit R, Data Support for the CHC-MCO, provides a listing of these files. Information about these files is available on the CHC Intranetto meet its obligation with this Agreement. v. t. The Department will make available supply Provider informational files on a routine basis that will to allow the CHCCHIP-MCO to effectively meet its obligation consistent with requirements in this Agreement. The CHC- MCO must use these files to record and provide Provider information, and to reconcile its Provider file with the Department’s Provider file on a regular basis. These files include the include: • List of Active and Closed Providers (PRV-414 and/or PRV-415) file to meet the obligation to maintain valid MMIS Provider IDs; Managed Care Affiliations (PRV- 640Q) file to meet the obligation to provide updates on the MCO Provider File (PRV-640PRV414 and PRV415); • NPI Crosswalk (PRV430); • Special Indicators (PR435); • Provider Revalidation File (PRV720). • Quarterly Network Provider File (Managed Care Affiliates, PRV640Q) The CHIP-MCO must use the PRV414 or PRV415 file with the PRV430 on a monthly basis to reconcile its Provider database with that of the Department to confirm: • All participating providers are enrolled in MA for all service locations as defined by MA enrollment rules. • Participating provider license information is valid. • Provider Types and NPI Crosswalk (PRV-430) Specialties match. • Each Provider’s NPI, Taxonomy, and Nine-digit Zip code for each service location match. Any provider that does not enroll with CHIP or MA cannot be enrolled as a participating provider in the CHIP-MCO. Discrepancies must be addressed with the provider. CHIP-MCOs must use the PRV640Q file to provide all NPI records active with reconcile Provider information previously submitted on the Department. Exhibit R, Data Support for the CHC-MCO, provides a listing of these filesNetwork Provider File (PRV640M). Information about these files is available on the Intranet supporting CHCPennsylvania HealthChoices Extranet site. w. u. The CHCCHIP-MCO must have a disaster recovery plan in place and with written policies and procedures documenting the disaster recovery plan, including containing information on system backup and recovery in the event of a disaster. The CHC-MCO must demonstrate its routine back-up and recovery mechanisms, processes, and procedures. x. In addition to the CHC-MCO reconciling the 834 daily and monthly Participants files against its internal Participant information as referenced in Section V.O.2. Participant Files, the CHCv. The CHIP-MCO must reconcile the 820 capitation payment Capitation Payment file against with its internal Participant information, enrollment information and report any discrepancies to the Department with within thirty (30) days. w. To support CHIP-MCOs in meeting the requirements of this agreement, the Department will provide access to the following systems: • Client Information System (CIS/eCIS); • Pennsylvania HealthChoices Extranet; • The Department’s MMIS; • Docushare; and • CHIP Collaboration Room. Access to these systems is in addition to the various files that CHIP-MCOs will receive via secure file transfer. Information on obtaining access to these resources is on the Pennsylvania HealthChoices Extranet.

Management Information Systems. ‌ The CHCPH-MCO must have a comprehensive, automated and integrated health management information system (MIS, including a test environment, ) that is capable of meeting the requirements listed below and throughout this Agreement. See Management Information System and System Performance Review Standards for MIS and Systems Performance Review (SPR) Standards provided by the information provided Department on the DHS Internet at the following link: xxxx://xxx.xxx.xx.xxx/provider/busandtechstandards/index.htmHealthChoices and ACCESS Plus Intranet. a. The CHCPH-MCO must have, have at a minimum, minimum the following components to its MIS components or the capability to interface with link to other systems containing this information: ParticipantsMembership, Provider, Claims processing, Prior Authorization, and Referencereference. b. The CHCPH-MCO must have an MIS sufficient to support data reporting requirements specified in this Agreement. c. The Participant membership management system must have the capability to receive, update and maintain the CHCPH-MCO's Participant membership files consistent with information provided by the Department. The CHC- PH-MCO must have the capability to provide daily updates of Participant membership information to subcontractors or Providers with responsibility for processing Claims or authorizing services based on Participant membership information. d. The CHCPH-MCO must maintain its MCO’s Provider file must be maintained with detailed information on each Provider sufficient to support Provider payment and also meet the Department's reporting and Encounter Data requirements. The CHC- PH-MCO must also be able to cross-reference its their internal Provider identification number to the correct MMIS PROMISe™ Provider ID and and/or the Provider’s NPI number in the Commonwealth’s MMIS for each location in which the Provider renders services for the CHC-MCO. The CHC-MCO must verify that each Network Provider service location is enrolled and active with MA. In addition, the CHC-MCO must maintain all service locations in its own system. The CHC-MCO must verify that each Network Provider’s license information is valid in the Commonwealth’s MMIS, and must outreach to Network Providers to stress the importance of maintaining up to date information in the Commonwealth’s MMIS. The CHC-MCO must require its Network Providers with a specific Provider type/specialty to have the same Provider type/specialty in the Commonwealth’s MMIS for each service locationnumber. e. The CHCPH-MCO’s Claims processing system must have the capability to process Claims consistent with timeliness and accuracy requirements identified in this Agreement. f. The CHCPH-MCO’s Prior Authorization system must be linked with the Claims processing component. g. The CHCPH-MCO’s MIS must be able to maintain its Claims history with sufficient detail to meet all Department reporting and Encounter requirements. h. The CHCPH-MCO’s credentialing system must have the capability to store and report on Provider-Provider specific data sufficient to meet the Provider credentialing requirements outlined in the framework provided by the Department as well as those listed in Exhibit FM(1), Quality Management and Utilization Management Program Requirements, of this Agreement. i. The CHCPH-MCO must have sufficient telecommunication capabilities, including electronic mail, to meet the requirements of this Agreement. j. The CHCPH-MCO must have the capability to electronically exchange transfer data files with the Department Department, the EAP contractor, and the IEBPROMISe™ contractor. The CHCPH-MCO must use a secure FTP product that is compatible with the Department’s data exchange standard within the Department’s Business and Technical Standardsproduct. k. The CHCPH-MCO’s MIS must be bidirectionally bi-directionally linked to the other operational systems listed in this Agreement, in order to ensure that data captured in Encounter records accurately matches data in ParticipantMember, Provider, Claims and authorization Authorization files, and in order to enable Encounter Data to be utilized for Participant Member profiling, Provider profiling, Claims validation, Fraud, Waste Fraud and Abuse monitoring activities, rate setting and any other research and reporting purposes defined by the Department. The Encounter Data system must have a mechanism in place to received, process, receive and reconcile process the U277 and NCPDP response files; and to store the MMIS PROMISe ICN claim identifier associated with each processed Encounter Data record returned on the files. l. The CHCPH-MCO must comply with all applicable business and technical information technology standards at stated as defined in Appendix 1, CHC RFPthe Department’s Information Resource Management (IRM) Standards (formerly known as POSNet or H-Net standards). The CHC-MCO must comply This includes compliance with the standards IRM Business Partner Network Connectivity Provisioning Standards for connectivity to the Commonwealth’s network. The CHCcurrent IRM Standards are available to the PH-MCO via a secured Internet site. The PH-MCO’s MIS must be compatible with the Department’s MIS. The CHCPH-MCO must also comply with the Department’s Se-Government Data Exchange Standards as defined in the IRM Standards. In addition, the CHCPH-MCO must comply with any changes made to the Commonwealth's Business and Technical Standards and demonstrate their capacity to manage all business transactions and performance requirementsIRM Standards. Whenever possible, the Department will provide advance notice of at least sixty (60) days prior to the implementation of MIS or IRM changes. For more complex changes, the Department every effort will make every reasonable effort be made to provide additional notice. m. The CHCPH-MCO must have the be prepared to document its ability to expand claims Claims processing or MIS capacity should either or both be exceeded through the Enrollment of Participantsprogram Members. n. The CHCPH-MCO must designate appropriate staff to participate in Department-DPW directed development and implementationactivitiesimplementation activities. o. The CHC-MCO Subcontractors must have formalized System Development Life Cycle processes, procedures, controls, and governance frameworks in place for management of its MIS and affiliated infrastructure; affiliated application, technology, and infrastructure roadmaps in place that outline the current capabilities and future direction of the MIS; and procedures for when CHC-MCO and DHS representatives will be engaged to address current and future business needs and requirements. p. The CHC-MCO must require subcontractors to meet the same MIS requirements as the CHCPH-MCO, MCO and the CHCPH-MCO will be held responsible for MIS errors or noncompliance resulting from the action of a subcontractor. The CHCPH-MCO must provide its subcontractors subcontactors with the appropriate files and information to meet this requirement (i.e.i.e. the daily eligibility file, the Daily Eligibility File, Provider provider files, etc.). q. p. The CHCPH-MCO's MIS shall be subject to review and approval during the Department's HealthChoices Readiness Review processprocess as referenced in Section VI of this Agreement, Program Outcomes and Deliverables. r. The CHC-MCO must maintain the security of Commonwealth data and information. This includes: compliance with all applicable Federal and State statutes and regulations regarding security standards; demonstration that specific controls are in place to safeguard MIS and Commonwealth data and information; and demonstration of procedures for mitigating data breaches. s. q. Prior to any major modifications to the CHCPH-MCO’s MIS information system, including upgrades and/or new purchases, the CHCPH-MCO must inform the Department in writing of the potential changes at least sixty (60) days prior to the changechanges. The CHC-MCO must include a A work plan detailing recovery effort and use of parallel system testingtesting must be included. t. r. The CHCPH-MCO must be able to accept and generate HIPAA-HIPAA compliant transactions as required in requested by Providers or the ASC X12 Implementation GuidesDepartment. u. s. The Department will make reference files (Drug, Procedure Code, Diagnosis Code) available to the CHCPH-MCO on a routine basis that will allow it to effectively meet its obligation to provide services and record information consistent with requirements in this Agreement. If the CHC- PH-MCO chooses not to use these files, it must is required to use comparable filesfiles to meet its obligation with this Agreement. Exhibit RCC, Data Support for the CHCPH-MCOMCOs, provides a listing of these files. Information about these files is available on the CHC IntranetHealthChoices and ACCESS Plus Intranet site. v. t. The Department will make available Provider provider informational files on a routine basis that will allow the CHC-MCO it to effectively meet its obligation consistent with requirements in this Agreement. The CHC- MCO Contractor must use these files to record and provide Provider provider information, and to reconcile its Provider their provider file with the Department’s Provider provider file on a regular basis. These files include the List of Active and Closed Providers (PRV-414 and/or PRV-415) file to meet the obligation to maintain valid MMIS PROMISe Provider IDs; Managed Care Affiliations (PRV- 640Q) file to meet the obligation to provide updates on the MCO Provider File (PRV-640); Provider Revalidation File (PRV720) and NPI Crosswalk (PRV-430) file to provide all NPI records active with the Department. Exhibit R, Data Support for the CHC-MCO, provides a listing of these files. Information about these files is available on the Intranet supporting CHC. w. The CHC-MCO must have a disaster recovery plan in place and written policies and procedures documenting the disaster recovery plan, including information on system backup and recovery in the event of a disaster. The CHC-MCO must demonstrate its routine back-up and recovery mechanisms, processes, and procedures. x. In addition to the CHC-MCO reconciling the 834 daily and monthly Participants files against its internal Participant information as referenced in Section V.O.2. Participant Files, the CHC-MCO must reconcile the 820 capitation payment file against its internal Participant information, and report any discrepancies to the Department with thirty (30) days.PRV-

Management Information Systems. ‌ The CHC-MCO PCO must have a comprehensive, automated and integrated health management information system (MIS, including a test environment, ) that is capable of meeting the requirements listed below and throughout this Agreement. See The PCO must comply with Management Information System and System Performance Review Standards for MIS and Systems Performance Review (SPR) Standards provided by the information provided Department on the DHS Internet at the following link: xxxx://xxx.xxx.xx.xxx/provider/busandtechstandards/index.htmDepartment’s Intranet. a. The CHC-MCO PCO must have, have at a minimum, minimum the following components to its MIS components or the capability to interface with link to other systems containing this information: ParticipantsMembership, Provider, Claims processing, Prior Authorization, and Referencereference files. b. The CHC-MCO PCO must have an MIS sufficient to support data reporting requirements specified in this Agreement. c. The Participant membership management system must have the capability to receive, update and maintain the CHC-MCO's Participant files consistent with information provided by the Department. The CHC- MCO must have the capability to provide daily updates of Participant information to subcontractors or Providers with responsibility for processing Claims or authorizing services based on Participant information.PCO's d. The CHC-MCO must maintain its PCO’s Provider file must be maintained with detailed information on each Provider sufficient to support Provider payment and also meet the Department's reporting and Encounter Data requirements. The CHC- MCO must be able to cross-reference its internal Provider identification number to the correct MMIS Provider ID and the Provider’s NPI number in the Commonwealth’s MMIS for each location in which the Provider renders services for the CHC-MCO. The CHC-MCO must verify that each Network Provider service location is enrolled and active with MA. In addition, the CHC-MCO must maintain all service locations in its own system. The CHC-MCO must verify that each Network Provider’s license information is valid in the Commonwealth’s MMIS, and must outreach to Network Providers to stress the importance of maintaining up to date information in the Commonwealth’s MMIS. The CHC-MCO must require its Network Providers with a specific Provider type/specialty to have the same Provider type/specialty in the Commonwealth’s MMIS for each service location. e. The CHC-MCOPCO’s Claims processing system must have the capability to process Claims consistent with timeliness and accuracy requirements identified in this Agreementrequired by law. f. The CHC-MCOPCO’s Prior Authorization system must be linked with the Claims processing component. g. The CHC-MCOPCO’s MIS must be able to maintain its Claims history with sufficient detail to meet all Department reporting and Encounter requirements. h. The CHC-MCO’s credentialing system must have the capability to store and report on Provider-specific data sufficient to meet the Provider credentialing requirements outlined in the framework provided by the Department as well as those listed in Exhibit F, Quality Management and Utilization Management Program Requirements. i. The CHC-MCO PCO must have sufficient telecommunication capabilities, including secured electronic mail, to meet the requirements of this Agreement. j. i. The CHC-MCO PCO must have the capability to electronically exchange transfer data files with the Department and the IEBEAP contractor. The CHC-MCO PCO must use a secure FTP product that is compatible with the Department’s data exchange standard within the Department’s Business and Technical Standardsproduct. k. j. The CHC-MCOPCO’s MIS must be bidirectionally bi-directionally linked to the other Department operational systems listed in this Agreement, in order to ensure that data captured in Encounter records accurately matches data in ParticipantMember, Provider, Claims and authorization Authorization files, and in order to enable Encounter Data to be utilized for Participant Member profiling, Provider profiling, Claims validation, Fraud, Waste Fraud and Abuse monitoring activities, rate setting and any other research and reporting purposes defined by the Department. The Encounter Data system must have a mechanism in place to received, process, receive and reconcile process the U277 and NCPDP response files; and to store the MMIS PROMISe ICN claim identifier associated with each processed Encounter Data record returned on the files. l. k. The CHC-MCO PCO must comply with all applicable business and technical information technology standards at stated as defined in Appendix 1, CHC RFPthe Department’s Information Resource Management (IRM) Standards. The CHC-MCO must comply This includes compliance with the standards IRM Business Partner Network Connectivity Provisioning Standards for connectivity to the Commonwealth’s network. The CHC-MCOcurrent IRM Standards are available to the PCO via a secured Internet site. The PCO’s MIS must be compatible with the Department’s MIS. The CHC-MCO PCO must also comply with the Department’s Se-Se- Government Data Exchange Standards as defined in the IRM Standards. In addition, the CHC-MCO PCO must comply with any changes made to the Commonwealth's Business and Technical Standards and demonstrate their capacity to manage all business transactions and performance requirementsIRM Standards. Whenever possible, the Department will provide advance notice of at least sixty (60) days prior to sixty l. At the implementation of changes. For more complex changesDepartment’s request, the Department will make every reasonable effort PCO must be able to provide additional noticedocument its ability to expand Claims processing or MIS capacity as Member enrollment increases. m. The CHC-MCO PCO must have the ability designate staff with appropriate skill level and experience to expand claims processing or MIS capacity should either or both be exceeded through the Enrollment of Participantsparticipate in DPW directed development and implementation activities. n. The CHC-MCO Subcontractors must designate appropriate staff to participate in Department-directed development and implementationactivities. o. The CHC-MCO must have formalized System Development Life Cycle processes, procedures, controls, and governance frameworks in place for management of its MIS and affiliated infrastructure; affiliated application, technology, and infrastructure roadmaps in place that outline the current capabilities and future direction of the MIS; and procedures for when CHC-MCO and DHS representatives will be engaged to address current and future business needs and requirements. p. The CHC-MCO must require subcontractors to meet the same MIS requirements as the CHC-MCO, PCO and the CHC-MCO PCO will be held responsible for MIS errors or noncompliance resulting from the action of a subcontractor. The CHC-MCO PCO must provide its subcontractors with the appropriate files and information to meet this requirement (i.e., the Daily Eligibility File, Provider files, etc)requirement. q. o. The CHC-MCOPCO's MIS shall be subject to review and approval during the Department's Healthy Pennsylvania Readiness Review processprocess as referenced in Section VI of this Agreement, Program Outcomes and Deliverables. r. The CHC-MCO must maintain the security of Commonwealth data and information. This includes: compliance with all applicable Federal and State statutes and regulations regarding security standards; demonstration that specific controls are in place to safeguard MIS and Commonwealth data and information; and demonstration of procedures for mitigating data breaches. s. p. Prior to any major modifications to the CHC-MCOPCO’s MIS systemMIS, including upgrades and/or new purchases, the CHC-MCO PCO must inform the Department in writing of the potential changes at least sixty (60) days prior to the changechanges. The CHC-MCO PCO must include a work plan detailing recovery effort and use of parallel system testing. t. q. The CHC-MCO PCO must be able to accept and generate HIPAA-HIPAA compliant transactions as required in requested by Providers or the ASC X12 Implementation GuidesDepartment. u. r. The Department will make reference files (Drug, Procedure Code, Diagnosis Code) available to the CHC-MCO on a routine basis that will allow it to effectively meet its obligation to provide services and record information consistent with requirements in this Agreement. If the CHC- MCO chooses not to use these files, it must use comparable files. Exhibit R, Data Support for the CHC-MCO, provides a listing of these files. Information about these files is available on the CHC Intranet. v. The Department will make available Provider informational files on a routine basis that will allow the CHC-MCO to effectively meet its obligation consistent with requirements in this Agreement. The CHC- MCO must use these files to record and provide Provider information, and to reconcile its Provider file with the Department’s Provider file on a regular basis. These files include the List of Active and Closed Providers (PRV-414 and/or PRV-415) file to meet the obligation to maintain valid MMIS Provider IDs; Managed Care Affiliations (PRV- 640Q) file to meet the obligation to provide updates on the MCO Provider File (PRV-640); Provider Revalidation File (PRV720) and NPI Crosswalk (PRV-430) file to provide all NPI records active with the Department. Exhibit R, Data Support for the CHC-MCO, provides a listing of these files. Information about these files is available on the Intranet supporting CHC. w. The CHC-MCO PCO must have a disaster recovery plan in place place, and written policies and procedures documenting the disaster recovery plan, plan including information on system backup and recovery in the event of a disaster. The CHC-MCO must demonstrate its routine back-up and recovery mechanisms, processes, and procedures. x. In addition to the CHC-MCO reconciling the 834 daily and monthly Participants files against its internal Participant information as referenced in Section V.O.2. Participant Files, the CHC-MCO must reconcile the 820 capitation payment file against its internal Participant information, and report any discrepancies s. The PCO shall make all collected MIS data available to the Department with thirty (30) daysand upon request, to CMS.

Management Information Systems. ‌ The CHC-MCO PCO must have a comprehensive, automated and integrated health management information system (MIS, including a test environment, ) that is capable of meeting the requirements listed below and throughout this Agreement. See The PCO must comply with Management Information System Standards provided by the information provided Department on the DHS Internet at the following link: xxxx://xxx.xxx.xx.xxx/provider/busandtechstandards/index.htmDepartment’s Intranet. a. The CHC-MCO PCO must have, have at a minimum, minimum the following components to its MIS components or the capability to interface with link to other systems containing this information: ParticipantsMembership, Provider, Claims processing, Prior Authorization, and Referencereference files. b. The CHC-MCO PCO must have an MIS sufficient to support data reporting requirements specified in this Agreement. c. The Participant membership management system must have the capability to receive, update and maintain the CHC-MCOPCO's Participant membership files consistent with information provided by the Department. The CHC- MCO PCO must have the capability to provide daily updates of Participant membership information to subcontractors or Providers with responsibility for processing Claims or authorizing services based on Participant membership information. d. The CHC-MCO must maintain its PCO’s Provider file must be maintained with detailed information on each Provider sufficient to support Provider payment and also meet the Department's reporting and Encounter Data requirements. The CHC- MCO must be able to cross-reference its internal Provider identification number to the correct MMIS Provider ID and the Provider’s NPI number in the Commonwealth’s MMIS for each location in which the Provider renders services for the CHC-MCO. The CHC-MCO must verify that each Network Provider service location is enrolled and active with MA. In addition, the CHC-MCO must maintain all service locations in its own system. The CHC-MCO must verify that each Network Provider’s license information is valid in the Commonwealth’s MMIS, and must outreach to Network Providers to stress the importance of maintaining up to date information in the Commonwealth’s MMIS. The CHC-MCO must require its Network Providers with a specific Provider type/specialty to have the same Provider type/specialty in the Commonwealth’s MMIS for each service location. e. The CHC-MCOPCO’s Claims processing system must have the capability to process Claims consistent with timeliness and accuracy requirements identified in this Agreementrequired by law. f. The CHC-MCOPCO’s Prior Authorization system must be linked with the Claims processing component. g. The CHC-MCOPCO’s MIS must be able to maintain its Claims history with sufficient detail to meet all Department reporting and Encounter requirements. h. The CHC-MCO’s credentialing system must have the capability to store and report on Provider-specific data sufficient to meet the Provider credentialing requirements outlined in the framework provided by the Department as well as those listed in Exhibit F, Quality Management and Utilization Management Program Requirements. i. The CHC-MCO PCO must have sufficient telecommunication capabilities, including secured electronic mail, to meet the requirements of this Agreement. j. i. The CHC-MCO PCO must have the capability to electronically exchange transfer data files with the Department and the IEBEAP contractor. The CHC-MCO PCO must use a secure FTP product that is compatible with the Department’s data exchange standard within the Department’s Business and Technical Standardsproduct. k. j. The CHC-MCOPCO’s MIS must be bidirectionally bi-directionally linked to the other Department operational systems listed in this Agreement, in order to ensure that data captured in Encounter records accurately matches data in ParticipantMember, Provider, Claims and authorization Authorization files, and in order to enable Encounter Data to be utilized for Participant Member profiling, Provider profiling, Claims validation, Fraud, Waste Fraud and Abuse monitoring activities, rate setting and any other research and reporting purposes defined by the Department. The Encounter Data system must have a mechanism in place to received, process, receive and reconcile process the U277 and NCPDP response files; and to store the MMIS ICN claim identifier associated with each processed Encounter Data record returned on the files.the l. k. The CHC-MCO PCO must comply with all applicable business and technical information technology standards at stated as defined in Appendix 1, CHC RFPthe Department’s Information Resource Management (IRM) Standards. The CHC-MCO must comply This includes compliance with the standards IRM Business Partner Network Connectivity Provisioning Standards for connectivity to the Commonwealth’s network. The CHC-MCOcurrent IRM Standards are available to the PCO via a secured Internet site. The PCO’s MIS must be compatible with the Department’s MIS. The CHC-MCO PCO must also comply with the Department’s Se-Government Data Exchange Standards as defined in the IRM Standards. In addition, the CHC-MCO PCO must comply with any changes made to the Commonwealth's Business and Technical Standards and demonstrate their capacity to manage all business transactions and performance requirementsIRM Standards. Whenever possible, the Department will provide advance notice of at least sixty (60) days prior to the implementation of MIS or IRM changes. For more complex changes, the Department every effort will make every reasonable effort be made to provide additional notice. m. The CHC-MCO l. At the Department’s request, the PCO must have the be able to document its ability to expand claims Claims processing or MIS capacity should either or both be exceeded through the Enrollment of Participantsas Member enrollment increases. m. The PCO must designate staff with appropriate skill level and experience to participate in DPW directed development and implementation activities. n. The CHC-MCO Subcontractors must designate appropriate staff to participate in Department-directed development and implementationactivities. o. The CHC-MCO must have formalized System Development Life Cycle processes, procedures, controls, and governance frameworks in place for management of its MIS and affiliated infrastructure; affiliated application, technology, and infrastructure roadmaps in place that outline the current capabilities and future direction of the MIS; and procedures for when CHC-MCO and DHS representatives will be engaged to address current and future business needs and requirements. p. The CHC-MCO must require subcontractors to meet the same MIS requirements as the CHC-MCO, PCO and the CHC-MCO PCO will be held responsible for MIS errors or noncompliance resulting from the action of a subcontractor. The CHC-MCO PCO must provide its subcontractors with the appropriate files and information to meet this requirement (i.e., the Daily Eligibility File, Provider files, etc)requirement. q. o. The CHC-MCOPCO's MIS shall be subject to review and approval during the Department's Healthy Pennsylvania Readiness Review processprocess as referenced in Section VI of this Agreement, Program Outcomes and Deliverables. r. The CHC-MCO must maintain the security of Commonwealth data and information. This includes: compliance with all applicable Federal and State statutes and regulations regarding security standards; demonstration that specific controls are in place to safeguard MIS and Commonwealth data and information; and demonstration of procedures for mitigating data breaches. s. p. Prior to any major modifications to the CHC-MCOPCO’s MIS systemMIS, including upgrades and/or new purchases, the CHC-MCO PCO must inform the Department in writing of the potential changes at least sixty (60) days prior to the changechanges. The CHC-MCO PCO must include a work plan detailing recovery effort and use of parallel system testing. t. q. The CHC-MCO PCO must be able to accept and generate HIPAA-HIPAA compliant transactions as required in requested by Providers or the ASC X12 Implementation GuidesDepartment. u. r. The Department will make reference files (Drug, Procedure Code, Diagnosis Code) available to the CHC-MCO on a routine basis that will allow it to effectively meet its obligation to provide services and record information consistent with requirements in this Agreement. If the CHC- MCO chooses not to use these files, it must use comparable files. Exhibit R, Data Support for the CHC-MCO, provides a listing of these files. Information about these files is available on the CHC Intranet. v. The Department will make available Provider informational files on a routine basis that will allow the CHC-MCO to effectively meet its obligation consistent with requirements in this Agreement. The CHC- MCO must use these files to record and provide Provider information, and to reconcile its Provider file with the Department’s Provider file on a regular basis. These files include the List of Active and Closed Providers (PRV-414 and/or PRV-415) file to meet the obligation to maintain valid MMIS Provider IDs; Managed Care Affiliations (PRV- 640Q) file to meet the obligation to provide updates on the MCO Provider File (PRV-640); Provider Revalidation File (PRV720) and NPI Crosswalk (PRV-430) file to provide all NPI records active with the Department. Exhibit R, Data Support for the CHC-MCO, provides a listing of these files. Information about these files is available on the Intranet supporting CHC. w. The CHC-MCO PCO must have a disaster recovery plan in place place, and written policies and procedures documenting the disaster recovery plan, plan including information on system backup and recovery in the event of a disaster. . s. The CHC-MCO must demonstrate its routine back-up and recovery mechanisms, processesPCO shall make all collected MIS data available to the Department, and proceduresupon request, to CMS. x. In addition to the CHC-MCO reconciling the 834 daily t. The PCO MIS shall collect Encounter Data that is verified and monthly Participants files against its internal Participant information as referenced screened for accuracy in Section V.O.2. Participant Files, the CHC-MCO must reconcile the 820 capitation payment file against its internal Participant information, and report any discrepancies to the Department accordance with thirty (30) days.42 C.F.R.

Management Information Systems. ‌ The CHCPH-MCO must have a comprehensive, automated and integrated health MIS, including a test environment, MIS that is capable of meeting the requirements listed below and throughout this Agreement. See the information provided on the DHS Internet at the following link: xxxx://xxx.xxx.xx.xxx/provider/busandtechstandards/index.htmxxxx://xxx.xxx.xx.xxx/provider/busandtechstandards/appii/index.htm . a. The CHCPH-MCO must have, have at a minimum, minimum the following components to its MIS components or the capability to interface with link to other systems containing this information: ParticipantsMembership, Provider, Claims processing, Prior Authorization, and Reference. b. The CHCPH-MCO must have an MIS sufficient to support data reporting requirements specified in this Agreement. c. The Participant membership management system must have the capability to receive, update and maintain the CHCPH-MCO's Participant membership files consistent with information provided by the Department. The CHC- PH-MCO must have the capability to provide daily updates of Participant membership information to subcontractors or Providers with responsibility for processing Claims or authorizing services based on Participant membership information. d. The CHCPH-MCO must maintain its MCO’s Provider file must be maintained with detailed information on each Provider sufficient to support Provider payment and also meet the Department's reporting and Encounter Data requirements. The CHC- PH-MCO must also be able to cross-reference its internal Provider identification number to the correct MMIS PROMISe™ Provider ID and and/or the Provider’s NPI number in the Commonwealth’s MMIS PROMISe™ for each location in which the Provider renders services for the CHCPH-MCO. The CHCPH-MCO must verify ensure that each Network Provider provider service location is enrolled and active with MAMedical Assistance. In addition, the CHCPH-MCO must maintain all service locations in its their own system. The CHCPH-MCO must verify ensure that each Network Providerprovider’s license information is kept valid in the Commonwealth’s MMISPROMISe, and must outreach to Network Providers their providers to stress the importance of maintaining up to date information in PROMISe. Additionally, the Commonwealth’s MMIS. The CHCPH-MCO must require its Network Providers ensure that providers enrolled in their network with a specific Provider provider type/specialty to have the same Provider provider type/specialty in the Commonwealth’s MMIS PROMISe for each service location. e. The CHCPH-MCO’s Claims processing system must have the capability to process Claims consistent with timeliness and accuracy requirements identified in this Agreement. f. The CHCPH-MCO’s Prior Authorization system must be linked with the Claims processing component. g. The CHCPH-MCO’s MIS must be able to maintain its Claims history with sufficient detail to meet all Department reporting and Encounter requirements. h. The CHCPH-MCO’s credentialing system must have the capability to store and report on Provider-Provider specific data sufficient to meet the Provider credentialing requirements outlined in the framework provided by the Department as well as those listed in Exhibit FM(1), Quality Management and Utilization Management Program Requirements, of this Agreement. i. The CHCPH-MCO must have sufficient telecommunication capabilities, including electronic mail, to meet the requirements of this Agreement. j. The CHCPH-MCO must have the capability to electronically exchange transfer data files with the Department and the IEBEAP broker. The CHCPH-MCO must use a secure FTP product that is compatible with the Department’s data exchange standard within the Department’s Business and Technical Standardsproduct. k. The CHCPH-MCO’s MIS must be bidirectionally bi-directionally linked to the other operational systems listed in this Agreement, in order that data captured in Encounter records accurately matches data in ParticipantMember, Provider, Claims and authorization Authorization files, and in order to enable Encounter Data to be utilized for Participant Member profiling, Provider profiling, Claims validation, Fraud, Waste Fraud and Abuse monitoring activities, rate setting and any other research and reporting purposes defined by the Department. The Encounter Data system must have a mechanism in place to received, process, receive and reconcile process the U277 and NCPDP response files; and to store the MMIS PROMISe™ ICN claim identifier associated with each processed Encounter Data record returned on the files. l. The CHCPH-MCO must comply with all applicable business and technical standards available on the DHS Internet site at stated in Appendix 1, CHC RFPthe following link: xxxx://xxx.xxx.xx.xxx/provider/busandtechstandards/index. The CHC-MCO must comply htm. This includes compliance with the standards for connectivity to the Commonwealth’s network. The CHC-PH- MCO’s MIS must be compatible with the Department’s MIS. The CHCPH-MCO must also comply with the Department’s Se-Se- Government Data Exchange Standards. In addition, the CHC-PH- MCO must comply with any changes made to the Commonwealth's Business and Technical Standards and demonstrate their capacity to manage all business transactions and performance requirementsStandards. Whenever possible, the Department will provide advance notice of at least sixty (60) days prior to the implementation of changes. For more complex changes, the Department every effort will make every reasonable effort be made to provide additional notice. m. The CHCPH-MCO must have the be prepared to document its ability to expand claims processing or MIS capacity should either or both be exceeded through the Enrollment enrollment of ParticipantsMembers. n. The CHCPH-MCO must designate appropriate staff to participate in Department-DHS directed development and implementationactivitiesimplementation activities. o. The CHC-MCO Subcontractors must have formalized System Development Life Cycle processes, procedures, controls, and governance frameworks in place for management of its MIS and affiliated infrastructure; affiliated application, technology, and infrastructure roadmaps in place that outline the current capabilities and future direction of the MIS; and procedures for when CHC-MCO and DHS representatives will be engaged to address current and future business needs and requirements. p. The CHC-MCO must require subcontractors to meet the same MIS requirements as the CHCPH-MCO, MCO and the CHCPH-MCO will be held responsible for MIS errors or noncompliance resulting from the action of a subcontractor. The CHCPH-MCO must provide its subcontractors with the appropriate files and information to meet this requirement (i.e.i.e. the daily eligibility file, the Daily Eligibility File, Provider provider files, etc.). q. p. The CHCPH-MCO's MIS shall be subject to review and approval during the Department's HealthChoices Readiness Review processprocess as referenced in Section VI of this Agreement, Program Outcomes and Deliverables. r. The CHC-MCO must maintain the security of Commonwealth data and information. This includes: compliance with all applicable Federal and State statutes and regulations regarding security standards; demonstration that specific controls are in place to safeguard MIS and Commonwealth data and information; and demonstration of procedures for mitigating data breaches. s. q. Prior to any major modifications to the CHCPH-MCO’s MIS information system, including upgrades and/or new purchases, the CHCPH-MCO must inform the Department in writing of the potential changes at least sixty (60) 60 days prior to the change. The CHCPH-MCO must include a work plan detailing recovery effort and use of parallel system testing. t. r. The CHCPH-MCO must be able to accept and generate HIPAA-HIPAA compliant transactions as required in the ASC X12 Implementation Guides. u. s. The Department will make reference files (Drug, Procedure Code, Diagnosis Code) available to the CHCPH-MCO on a routine basis that will allow it to effectively meet its obligation to provide services and record information consistent with requirements in this Agreement. If the CHC- PH-MCO chooses not to use these files, it must use comparable filesfiles to meet its obligation with this Agreement. Exhibit RCC, Data Support for the CHCPH-MCOMCOs, provides a listing of these files. Information about these files is available on the CHC IntranetHealthChoices Intranet site. v. t. The Department will make available Provider informational files on a routine basis that will allow the CHCPH-MCO to effectively meet its obligation consistent with requirements in this Agreement. The CHC- PH-MCO must use these files to record and provide Provider provider information, and to reconcile its Provider their provider file with the Department’s Provider provider file on a regular basis. These files include the List of Active and Closed Providers (PRV-414 and/or PRV-415) file to meet the obligation to maintain valid MMIS PROMISe Provider IDs; Managed Care Affiliations (PRV- 640QPRV-640Q) file to meet the obligation to provide updates on the MCO Provider File (PRV-640); Provider Revalidation File (PRV720) and NPI Crosswalk (PRV-430) file to provide all NPI records active with the Department. Exhibit RCC, Data Support for the CHCPH-MCOMCOs, provides a listing of these files. Information about these files is available on the HealthChoices Intranet supporting CHCsite. w. u. The CHCPH-MCO must have a disaster recovery plan in place place, and written policies and procedures documenting the disaster recovery plan, plan including information on system backup and recovery in the event of a disaster. The CHC-MCO must demonstrate its routine back-up and recovery mechanisms, processes, and procedures. x. v. In addition to the CHCPH-MCO reconciling the 834 daily and monthly Participants membership files against its internal Participant membership information as referenced in Section V.O.2. Participant FilesV.F.10 of this Agreement, the CHCPH-MCO must also reconcile the 820 capitation payment file against its internal Participant membership information, and report any discrepancies to the Department with thirty (30) days. w. The PH-MCO’s Provider File must maintain screening and risk levels for Medicaid providers that are set by the Department and have the capability to adjust risk levels.