Common use of Management Information Systems Clause in Contracts

Management Information Systems. The PCO must have a comprehensive, automated and integrated health management information system (MIS) that is capable of meeting the requirements listed below and throughout this Agreement. The PCO must comply with Management Information System Standards provided by the Department on the Department’s Intranet. a. The PCO must have at a minimum the following components to its MIS or the capability to link to other systems containing this information: Membership, Provider, Claims processing, Authorization, reference files. b. The PCO must have an MIS sufficient to support data reporting requirements specified in this Agreement. c. The membership management system must have the capability to receive, update and maintain the PCO's membership files consistent with information provided by the Department. The PCO must have the capability to provide daily updates of membership information to subcontractors or Providers with responsibility for processing Claims or authorizing services based on membership information. d. The PCO’s Provider file must be maintained with detailed information on each Provider sufficient to support Provider payment and also meet the Department's reporting and Encounter Data requirements. e. The PCO’s Claims processing system must have the capability to process Claims consistent with timeliness and accuracy requirements required by law. f. The PCO’s Authorization system must be linked with the Claims processing component. g. The PCO’s MIS must be able to maintain its Claims history with sufficient detail to meet all Department reporting and Encounter requirements. h. The PCO must have sufficient telecommunication capabilities, including secured electronic mail, to meet the requirements of this Agreement. i. The PCO must have the capability to electronically transfer data files with the Department and the EAP contractor. The PCO must use a secure FTP product that is compatible with the Department’s product. j. The PCO’s MIS must be bi-directionally linked to the other Department operational systems in order to ensure that data captured in Encounter records accurately matches data in Member, Provider, Claims and Authorization files, and in order to enable Encounter Data to be utilized for Member profiling, Provider profiling, Claims validation, Fraud and Abuse monitoring activities, and any other research and reporting purposes defined by the Department. The Encounter Data system must have a mechanism in place to receive and process the U277 and NCPDP response files; and to store the k. The PCO must comply with all applicable information technology standards as defined in the Department’s Information Resource Management (IRM) Standards. This includes compliance with the IRM Business Partner Network Connectivity Provisioning Standards for connectivity to the Commonwealth’s network. The current IRM Standards are available to the PCO via a secured Internet site. The PCO’s MIS must be compatible with the Department’s MIS. The PCO must also comply with the Department’s Se-Government Data Exchange Standards as defined in the IRM Standards. In addition, the PCO must comply with any changes made to the IRM Standards. Whenever possible, the Department will provide advance notice of at least sixty (60) days prior to the implementation of MIS or IRM changes. For more complex changes, every effort will be made to provide additional notice. l. At the Department’s request, the PCO must be able to document its ability to expand Claims processing or MIS capacity as Member enrollment increases. m. The PCO must designate staff with appropriate skill level and experience to participate in DPW directed development and implementation activities. n. Subcontractors must meet the same MIS requirements as the PCO and the PCO will be held responsible for MIS errors or noncompliance resulting from the action of a subcontractor. The PCO must provide its subcontractors with the appropriate files and information to meet this requirement. o. The PCO's MIS shall be subject to review and approval during the Department's Healthy Pennsylvania Readiness Review process as referenced in Section VI of this Agreement, Program Outcomes and Deliverables. p. Prior to any major modifications to the PCO’s MIS, including upgrades and/or new purchases, the PCO must inform the Department in writing of the potential changes. The PCO must include a work plan detailing recovery effort and use of parallel system testing. q. The PCO must be able to accept and generate HIPAA compliant transactions as requested by Providers or the Department. r. The PCO must have a disaster recovery plan in place, and written policies and procedures documenting the disaster recovery plan including information on system backup and recovery in the event of a disaster. s. The PCO shall make all collected MIS data available to the Department, and upon request, to CMS. t. The PCO MIS shall collect Encounter Data that is verified and screened for accuracy in accordance with 42 C.F.R.

Management Information Systems. ‌ The PCO CHC-MCO must have a comprehensive, automated and integrated health management information system (MIS) MIS that is capable of meeting the requirements listed below and throughout this Agreementagreement. The PCO must comply with Management Information System Standards See the information provided by onthe DHS Internet at the Department on the Department’s Intranet.following link: (added at a later time).‌ a. The PCO CHC-MCO must have at a minimum the following components to its MIS or the capability to link to other systems containing this information: MembershipParticipants, Provider, Claims processing, Prior Authorization, reference files.Reference.‌ b. The PCO CHC-MCO must have an MIS sufficient to support data reporting requirements specified in this Agreement.agreement.‌ c. The membership Participant management system must have the capability to receive, update and maintain the PCOCHC-MCO's membership Participant files consistent with information provided by the Department. The PCO CHC-MCO must have the capability to provide daily updates of membership Participant information to subcontractors or Providers with responsibility for processing Claims or authorizing services based on membership information.Participant information.‌ d. The PCOCHC-MCO’s Provider file must be maintained with detailed information on each Provider sufficient to support Provider payment and also meet the Department's reporting and Encounter Data requirements.. The CHC-MCO must also be able to cross-reference its internal Provider identification number to the correct PROMISe™ Provider ID and/or the Provider’s NPI number in PROMISe™ for each location in which the Provider renders services for the CHC-MCO. The CHC-MCO must ensure that each provider service location is enrolled and active with Medical Assistance. In addition, the CHC-MCO must maintain all service locations in their own system. The CHC-MCO must ensure that each Provider’s license information is kept valid in PROMISe, and must outreach to their Providers to stress the importance of maintaining up to date information in PROMISe. Additionally, the CHC-MCO must ensure that Providers enrolled in their‌ network with a specific Provider type/specialty have the same Provider type/specialty in PROMISe for each service location.‌‌ e. The PCOCHC-MCO’s Claims processing system must have the capability to process Claims consistent with timeliness and accuracy requirements required by law.identified in this agreement.‌ f. The PCOCHC-MCO’s Prior Authorization system must be linked with the Claims processing component.component.‌ g. The PCOCHC-MCO’s MIS must be able to maintain its Claims history with sufficient detail to meet all Department reporting and Encounter requirements.requirements.‌ h. The PCO CHC-MCO’s credentialing system must have the capability to store and report on Provider specific data sufficient to meet the Provider credentialing requirements listed in Exhibit M(1), Quality Management and Utilization Management Program Requirements, of this agreement.‌ i. The CHC-MCO must have sufficient telecommunication capabilities, including secured electronic mail, to meet the requirements of this Agreement.agreement.‌ i. j. The PCO CHC-MCO must have the capability to electronically transfer data files with the Department and the EAP contractorIEE. The PCO CHC-MCO must use a secure FTP product that is compatible with the Department’s product.product.‌ j. k. The PCOCHC-MCO’s MIS must be bi-directionally bidirectionally linked to the other Department operational systems listed in this agreement, in order to ensure that data captured in Encounter records accurately matches data in MemberParticipant, Provider, Claims and Authorization authorization files, and in order to enable Encounter Data to be utilized for Member Participant profiling, Provider profiling, Claims validation, Fraud and Abuse monitoring activities, rate setting and any other research and reporting purposes defined by the Department. The Encounter Data system must have a mechanism in place to receive and process the U277 and NCPDP response files; and to store thethe PROMISe™ ICN associated with each processed Encounter Data record returned on the files.‌ k. l. The PCO CHC-MCO must comply with all applicable information technology business and technical standards as defined in available on the Department’s Information Resource Management (IRM) StandardsDHS Internet site at the following link: xxxx://xxx.xxx.xxxxx.xx.xx/cs/groups/webcontent/document s/communication/p_031942.pdf. This includes compliance with the IRM Business Partner Network Connectivity Provisioning Standards standards for connectivity to the Commonwealth’s network. The current IRM Standards are available to the PCO via a secured Internet site. The PCOCHC-MCO’s MIS must be compatible with with‌‌‌‌ the Department’s MIS. The PCO CHC-MCO must also comply with the Department’s Se-Government Data Exchange Standards as defined in the IRM Standards. In addition, the PCO CHC-MCO must comply with any changes made to the IRM Commonwealth's Business and Technical Standards. Whenever possible, the Department will provide advance notice of at least sixty (60) days prior to the implementation of MIS or IRM changes. For more complex changes, every effort will be made to provide additional notice.notice.‌ l. At the Department’s request, the PCO m. The CHC-MCO must be able prepared to document its ability to expand Claims claims processing or MIS capacity as Member enrollment increases.should either or both be exceeded through the Enrollment of Participants.‌ m. n. The PCO CHC-MCO must designate appropriate staff with appropriate skill level and experience to participate in DPW DHS directed development and implementation activities.activities.‌ n. o. Subcontractors must meet the same MIS requirements as the PCO CHC-MCO and the PCO CHC-MCO will be held responsible for MIS errors or noncompliance resulting from the action of a subcontractor. The PCO CHC-MCO must provide its subcontractors with the appropriate files and information to meet this requirement.requirement (i.e. the daily eligibility file, Provider files, etc.)‌ o. p. The PCOCHC-MCO's MIS shall be subject to review and approval during the Department's Healthy Pennsylvania Community HealthChoices Readiness Review process as referenced in Section VI of this Agreementagreement, Program Outcomes and Deliverables.Deliverables.‌ p. q. Prior to any major modifications to the PCOCHC-MCO’s MISinformation system, including upgrades and/or new purchases, the PCO CHC-MCO must inform the Department in writing of the potential changeschanges at least 60 days prior to the change. The PCO CHC-MCO must include a work plan detailing recovery effort and use of parallel system testing.testing.‌ q. r. The PCO CHC-MCO must be able to accept and generate HIPAA compliant transactions as requested by Providers or required in the ASC X12 Implementation Guides.‌ s. The Department will make reference files (Drug, Procedure Code, Diagnosis Code) available to the CHC-MCO on a routine basis that will allow it to effectively meet its obligation to provide services and record information consistent with requirements in this agreement. If the CHC-MCO chooses not to use these files, it must use comparable files to meet its obligation with this agreement. Exhibit CC, Data Support for CHC-MCOs, provides a listing of these files. Information about these files is available on the Intranet supporting CHC.‌ t. The Department will make available Provider informational files on a routine basis that will allow the CHC-MCO to effectively meet its obligation consistent with requirements in this agreement. The CHC-MCO must use these files to record and provide Provider information, and to reconcile their Provider file with the Department’s Provider file on a regular basis. These files include the List of Active and Closed Providers (PRV-414 and/or PRV-415) file to meet the obligation to maintain valid PROMISe Provider IDs; Managed Care Affiliations (PRV-640Q) file to meet the obligation to provide updates on the MCO Provider File (PRV-640); and NPI Crosswalk (PRV-430) file to provide all NPI records active with the Department. Exhibit CC, Data Support for CHC- MCOs, provides a listing of these files. Information about these files is available on the Intranet supporting CHC. r. u. The PCO CHC-MCO must have a disaster recovery plan in place, and written policies and procedures documenting the disaster recovery plan including information on system backup and recovery in the event of a disaster.disaster.‌ s. The PCO shall make all collected MIS data available v. In addition to the DepartmentCHC-MCO reconciling the 834 daily and monthly Participants files against its internal Participant information as referenced in Section V.F.10 of this agreement, the CHC-MCO must also reconcile the 820 capitation payment file against its internal Participant information, and upon request, report any discrepancies to CMS. t. The PCO MIS shall collect Encounter Data that is verified and screened for accuracy in accordance the Department with 42 C.F.R.thirty (30) days.‌

Management Information Systems. The PCO CHIP-MCO must have a comprehensive, automated automated, and integrated health management information system (MIS) MIS that includes a test environment, and is capable of meeting the requirements listed below and throughout this Agreement. The PCO must comply with Management Information System on Business and Technical Standards provided by the Department is available on the Department’s IntranetDHS website. a. The PCO CHIP-MCO must have at a minimum of the following MIS components to its MIS or the capability to link to interface with other data systems containing this informationcontaining: Membership, Provider, Claims processingProcessing, Prior Authorization, reference filesand Reference. b. The PCO CHIP-MCO must have an MIS sufficient to support data reporting requirements specified in this Agreement. c. The membership CHIP-MCO’s enrollment management system must have the capability to receive, update and maintain the PCO's membership enrollment files consistent with information specifications provided by the Department. The PCO CHIP-MCO must have the capability to provide daily updates of membership information to subcontractors or Subcontractors and Providers with who have responsibility for processing Claims or and authorizing services based on membership enrollment information. d. The PCOCHIP-MCO’s Provider file database must be maintained with detailed information on each Provider sufficient to support Provider payment and also meet the Department's reporting and Encounter Data requirements. The CHIP-MCO must be able to cross-reference its internal Provider identification number to the correct MMIS Provider ID and Provider NPI number in the Department’s MMIS for each location at which the Provider renders services for the CHIP-MCO. The CHIP-MCO must ensure that each Network Provider service location is enrolled and active with MA or CHIP and that information for all service locations is maintained in its own system. The CHIP-MCO must verify that each Network Provider’s license information is valid in the Department’s MMIS and must outreach to Network Providers to stress the importance of maintaining up to date information in the Department’s MMIS. The CHIP-MCO must require Network Providers with specific Provider types and specialties have the same Provider types and specialties in the Department’s MMIS for each service location. e. The PCOCHIP-MCO’s Claims processing system must have the capability to process Claims consistent with timeliness and accuracy requirements required by lawidentified in this Agreement. f. The PCOCHIP-MCO’s Prior Authorization system must be linked with the its Claims processing component. g. The PCOCHIP-MCO’s MIS must be able to maintain its Claims history with sufficient detail to meet all Department reporting and Encounter Data requirements. h. The PCO CHIP-MCO’s credentialing system must have the capability to store and report on Provider specific data sufficient to meet the Department’s credentialing requirements and those listed in Exhibit G, Quality Management and Utilization Management Program Requirements. i. The CHIP-MCO must have sufficient telecommunication capabilities, including secured electronic mailemail, to meet the requirements of this Agreement. i. j. The PCO CHIP-MCO must have the capability to electronically transfer data exchange files with the Department and the EAP contractorbroker. The PCO CHIP-MCO must use a secure FTP product that is compatible with the Department’s product. j. k. The PCOCHIP-MCO’s MIS must be bi-directionally linked to the other Department all operational systems listed in order to ensure this Agreement, so that data captured in Encounter records accurately matches data in Member, Provider, Claims and Prior Authorization files, and in order to enable . Encounter Data to will be utilized for for: • Member profiling, and Provider profiling, profiling • Claims validation, validation • Fraud and Abuse monitoring activities, and any activities • Rate setting • Any other research and reporting purposes defined by the Department. . l. The Encounter Data system must have a mechanism in place to receive and process the U277 and NCPDP response files; and to store the k. The PCO CHIP-MCO must comply with all applicable information technology standards as defined in the Department’s Information Resource Management (IRM) Standards. This includes compliance with the IRM Business Partner Network Connectivity Provisioning and Technical Standards for including connectivity to the Commonwealth’s networknetwork for Extranet access. The current IRM Standards are available to the PCO via a secured Internet site. The PCO’s MIS must be compatible with the Department’s MIS. The PCO CHIP-MCO must also comply with any changesmade to these standards. CHIP-MCOs must comply with the Department’s Se-Se- Government Data Exchange Standards as defined in the IRM Standards. In addition, the PCO must comply with any changes made to the IRM Standards. Whenever possible, the Department will provide advance notice of at least sixty (60) days prior to the implementation of MIS or IRM changes. For more complex changes, the Department will make every reasonable effort will be made to provide additional notice. l. At the Department’s request, the PCO m. The CHIP-MCO must be able prepared to document its ability to expand Claims claims processing or MIS capacity as Member should either be exceeded through the enrollment increasesof Enrollees. m. n. The PCO CHIP-MCO must designate appropriate staff with appropriate skill level and experience to participate in DPW DHS directed development and implementation activities. n. o. Subcontractors must meet the same MIS requirements as the PCO CHIP-MCO and the PCO CHIP-MCO will be held responsible for MIS errors or noncompliance resulting from the action of a subcontractorSubcontractor. The PCO CHIP-MCO must provide its subcontractors Subcontractors with the appropriate files and information to meet this requirementrequirement (e.g., Monthly 834 Eligibility File. Provider files). o. p. The PCOCHIP-MCO's MIS shall be subject to review and approval during the Department's Healthy Pennsylvania CHIP Readiness Review process as referenced in Section VI of this Agreement, Program Outcomes and Deliverables. p. q. Prior to any major modifications to the PCOCHIP-MCO’s MIS, including upgrades and/or and new purchases, the PCO CHIP-MCO must inform the Department in writing of the potential changeschanges at least six (6) months prior to the change. The PCO CHIP-MCO must include provide a work plan workplan detailing recovery effort efforts and the use of parallel system systems testing. q. r. The PCO CHIP-MCO must be able to accept and generate HIPAA compliant transactions as requested by Providers or required in the DepartmentASC X12 Implementation Guides. r. s. The PCO Department will make Drug, Procedure Code, and Diagnosis Code reference files available to the CHIP-MCO on a routine basis to allow it to effectively meet its obligation to provide services and record information consistent with requirements in this Agreement. Information about these files is available on the Pennsylvania HealthChoices Extranet site If the CHIP-MCO chooses not to use these files, it must document the use of comparable files to meet its obligation with this Agreement. t. The Department will supply Provider files on a routine basis to allow the CHIP-MCO to meet its obligation consistent with requirements in this Agreement. These files include: • List of Active and Closed Providers (PRV414 and PRV415); • NPI Crosswalk (PRV430); • Special Indicators (PR435); • Provider Revalidation File (PRV720). • Quarterly Network Provider File (Managed Care Affiliates, PRV640Q) The CHIP-MCO must use the PRV414 or PRV415 file with the PRV430 on a monthly basis to reconcile its Provider database with that of the Department to confirm: • All participating providers are enrolled in MA for all service locations as defined by MA enrollment rules. • Participating provider license information is valid. • Provider Types and Specialties match. • Each Provider’s NPI, Taxonomy, and Nine-digit Zip code for each service location match. Any provider that does not enroll with CHIP or MA cannot be enrolled as a participating provider in the CHIP-MCO. Discrepancies must be addressed with the provider. CHIP-MCOs must use the PRV640Q file to reconcile Provider information previously submitted on the Network Provider File (PRV640M). Information about these files is available on the Pennsylvania HealthChoices Extranet site. u. The CHIP-MCO must have a disaster recovery plan in place, and place with written policies and procedures documenting the disaster recovery plan including containing information on system backup and recovery in the event of a disaster. s. v. The PCO shall make all collected MIS data available CHIP-MCO must reconcile the 820 Capitation Payment file with its internal enrollment information and report any discrepancies to the Department, and upon request, to CMSDepartment within thirty (30) days. t. w. To support CHIP-MCOs in meeting the requirements of this agreement, the Department will provide access to the following systems: • Client Information System (CIS/eCIS); • Pennsylvania HealthChoices Extranet; • The PCO MIS shall collect Encounter Data Department’s MMIS; • Docushare; and • CHIP Collaboration Room. Access to these systems is in addition to the various files that CHIP-MCOs will receive via secure file transfer. Information on obtaining access to these resources is verified and screened for accuracy in accordance with 42 C.F.R.on the Pennsylvania HealthChoices Extranet.

Management Information Systems. The PCO PH-MCO must have a comprehensive, automated and integrated health management information system (MIS) that is capable of meeting the requirements listed below and throughout this Agreement. The PCO must comply with See Management Information System and System Performance Review Standards for MIS and Systems Performance Review (SPR) Standards provided by the Department on the Department’s HealthChoices and ACCESS Plus Intranet. a. The PCO PH-MCO must have at a minimum the following components to its MIS or the capability to link to other systems containing this information: Membership, Provider, Claims processing, Authorization, reference filesreference. b. The PCO PH-MCO must have an MIS sufficient to support data reporting requirements specified in this Agreement. c. The membership management system must have the capability to receive, update and maintain the PCOPH-MCO's membership files consistent with information provided by the Department. The PCO PH-MCO must have the capability to provide daily updates of membership information to subcontractors or Providers with responsibility for processing Claims or authorizing services based on membership information. d. The PCOPH-MCO’s Provider file must be maintained with detailed information on each Provider sufficient to support Provider payment and also meet the Department's reporting and Encounter Data requirements. The PH-MCO must also be able to cross-reference their internal Provider identification number to the PROMISe™ Provider ID and/or the Provider’s NPI number. e. The PCOPH-MCO’s Claims processing system must have the capability to process Claims consistent with timeliness and accuracy requirements required by lawidentified in this Agreement. f. The PCOPH-MCO’s Authorization system must be linked with the Claims processing component. g. The PCOPH-MCO’s MIS must be able to maintain its Claims history with sufficient detail to meet all Department reporting and Encounter requirements. h. The PCO PH-MCO’s credentialing system must have the capability to store and report on Provider specific data sufficient to meet the Provider credentialing requirements listed in Exhibit M(1), Quality Management and Utilization Management Program Requirements, of this Agreement. i. The PH-MCO must have sufficient telecommunication capabilities, including secured electronic mail, to meet the requirements of this Agreement. i. j. The PCO PH-MCO must have the capability to electronically transfer data files with the Department and Department, the EAP contractor, and the PROMISe™ contractor. The PCO PH-MCO must use a secure FTP product that is compatible with the Department’s product. j. k. The PCOPH-MCO’s MIS must be bi-directionally linked to the other Department operational systems listed in this Agreement, in order to ensure that data captured in Encounter records accurately matches data in Member, Provider, Claims and Authorization files, and in order to enable Encounter Data to be utilized for Member profiling, Provider profiling, Claims validation, Fraud and Abuse monitoring activities, and any other research and reporting purposes defined by the Department. The Encounter Data system must have a mechanism in place to receive and process the U277 and NCPDP response files; and to store thethe PROMISe ICN associated with each processed Encounter Data record returned on the files. k. l. The PCO PH-MCO must comply with all applicable information technology standards as defined in the Department’s Information Resource Management (IRM) StandardsStandards (formerly known as POSNet or H-Net standards). This includes compliance with the IRM Business Partner Network Connectivity Provisioning Standards for connectivity to the Commonwealth’s network. The current IRM Standards are available to the PCO PH-MCO via a secured Internet site. The PCOPH-MCO’s MIS must be compatible with the Department’s MIS. The PCO PH-MCO must also comply with the Department’s Se-Government Data Exchange Standards as defined in the IRM Standards. In addition, the PCO PH-MCO must comply with any changes made to the IRM Standards. Whenever possible, the Department will provide advance notice of at least sixty (60) days prior to the implementation of MIS or IRM changes. For more complex changes, every effort will be made to provide additional notice. l. At the Department’s request, the PCO m. The PH-MCO must be able prepared to document its ability to expand Claims processing or MIS capacity as Member enrollment increasesshould either or both be exceeded through the Enrollment of program Members. m. n. The PCO PH-MCO must designate appropriate staff with appropriate skill level and experience to participate in DPW directed development and implementation activities. n. o. Subcontractors must meet the same MIS requirements as the PCO PH-MCO and the PCO PH-MCO will be held responsible for MIS errors or noncompliance resulting from the action of a subcontractor. The PCO PH-MCO must provide its subcontractors subcontactors with the appropriate files and information to meet this requirementrequirement (i.e. the daily eligibility file, provider files, etc.) o. p. The PCOPH-MCO's MIS shall be subject to review and approval during the Department's Healthy Pennsylvania HealthChoices Readiness Review process as referenced in Section VI of this Agreement, Program Outcomes and Deliverables. p. q. Prior to any major modifications to the PCOPH-MCO’s MISinformation system, including upgrades and/or new purchases, the PCO PH-MCO must inform the Department in writing of the potential changes. The PCO must include a A work plan detailing recovery effort and use of parallel system testingtesting must be included. q. r. The PCO PH-MCO must be able to accept and generate HIPAA compliant transactions as requested by Providers or the Department. r. s. The PCO Department will make reference files (Drug, Procedure Code, Diagnosis Code) available to the PH-MCO on a routine basis that will allow it to effectively meet its obligation to provide services and record information consistent with requirements in this Agreement. If the PH-MCO chooses not to use these files, it is required to use comparable files to meet its obligation with this Agreement. Exhibit CC, Data Support for PH-MCOs, provides a listing of these files. Information about these files is available on the HealthChoices and ACCESS Plus Intranet site. t. The Department will make available provider informational files on a routine basis that will allow it to effectively meet its obligation consistent with requirements in this Agreement. The Contractor must use these files to record and provide provider information, and to reconcile their provider file with the Department’s provider file on a regular basis. These files include the List of Active and Closed Providers (PRV-414 and/or PRV-415) file to meet the obligation to maintain valid PROMISe Provider IDs; Managed Care Affiliations (PRV- 640Q) file to meet the obligation to provide updates on the MCO Provider File (PRV-640); and NPI Crosswalk (PRV- u. The PH-MCO must have a disaster recovery plan in place, and written policies and procedures documenting the disaster recovery plan including information on system backup and recovery in the event of a disaster. s. The PCO shall make all collected MIS data available to the Department, and upon request, to CMS. t. The PCO MIS shall collect Encounter Data that is verified and screened for accuracy in accordance with 42 C.F.R.

Management Information Systems. The PCO CHC-MCO must have a comprehensive, automated and integrated health management information system (MIS) MIS that includes a test environment and is capable of meeting the requirements listed below and throughout this Agreement. The PCO must comply with Management Information System on Business and Technical Standards provided by the Department is available on the Department’s IntranetDHS website. a. The PCO CHC-MCO must have at a minimum of the following MIS components to its MIS or the capability to link to interface with other systems containing this information: MembershipParticipant, Provider, Claims processing, Prior Authorization, reference filesand Reference data. b. The PCO CHC-MCO must have an MIS sufficient to support data reporting requirements specified in this Agreement. c. The membership CHC-MCO’s Participant management system must have the capability to receive, update and maintain the PCO's membership Participant files consistent with information specifications provided by the Department. The PCO CHC-MCO must have the capability to provide daily updates of membership Participant information to subcontractors Subcontractors or Providers with who have responsibility for processing Claims or authorizing services based on membership Participant information. d. The PCOCHC-MCO’s Provider file database must be maintained with detailed information on each Provider sufficient to support Provider payment and also meet the Department's reporting and Encounter Data requirements. The CHC-MCO must be able to cross-reference its internal Provider identification number to the correct MMIS Provider ID and NPI number in the Department’s MMIS for each location at which the Provider renders services for the CHC-MCO. The CHC-MCO must verify that each Network Provider service location is enrolled and active with MA and that information for all service locations is maintained in its own system. The CHC-MCO must verify that each Network Provider’s license information is valid in the Department’s MMIS and must outreach to Network Providers to stress the importance of maintaining up to date information in the Department’s MMIS. The CHC-MCO must require that Network Providers with specific Provider types and specialties have the same Provider types and specialties in the Department’s MMIS for each service location. e. The PCOCHC-MCO’s Claims processing Processing system must have the capability to process Claims consistent with timeliness and accuracy requirements required by lawidentified in this Agreement. f. The PCOCHC-MCO’s Prior Authorization system must be linked with the its Claims processing Processing component. g. The PCOCHC-MCO’s MIS must be able to maintain its Claims history with sufficient detail to meet all Department reporting and Encounter Data requirements. h. The PCO CHC-MCO’s credentialing system must have the capability to store and report on Provider-specific data sufficient to meet the Department’s credentialing requirements and those listed in Exhibit F, Quality Management and Utilization Management Program Requirements. i. The CHC-MCO must have sufficient telecommunication capabilities, including secured electronic mailemail, to meet the requirements of this Agreement. i. j. The PCO CHC-MCO must have the capability to electronically transfer data files with the Department and the EAP contractorIEB. The PCO CHC-MCO must use a secure FTP product that is compatible with the Department’s product. j. k. The PCOCHC-MCO’s MIS must be bi-directionally bidirectionally linked to the other Department all operational systems listed in order to ensure this Agreement, so that data captured in Encounter records accurately matches data in MemberParticipant, Provider, Claims and Prior Authorization files, and in order to enable . Encounter Data to will be utilized for Member profiling, for: • Participant and Provider profiling, • Claims validation, Fraud • Fraud, Waste, and Abuse monitoring activities, • Rate setting, and any • Any other research and reporting purposes defined by the Department. . l. The Encounter Data system must have a mechanism in place to receive and process the U277 and NCPDP response files; and to store the k. The PCO CHC-MCO must comply with all applicable information technology standards as defined in the Department’s Information Resource Management (IRM) Standards. This includes compliance with the IRM Business Partner Network Connectivity Provisioning and Technical Standards for including connectivity to the Commonwealth’s networknetwork for Extranet access. The current IRM Standards are available CHC-MCO must also comply with any changes made to the PCO via a secured Internet sitethese Standards. The PCO’s MIS CHC-MCO must be compatible with the Department’s MIS. The PCO must also comply with the Department’s Se-Government Data Exchange Standards as defined in the IRM Standards. In addition, The CHC-MCO’s MIS must be compatible with the PCO must comply with any changes made to the IRM StandardsDepartment’s MMIS. Whenever possible, the Department will provide advance notice of at least sixty (60) days prior to the implementation of MIS or IRM changes. For more complex changes, the Department will make every reasonable effort will be made to provide additional notice. l. At the Department’s request, the PCO m. The CHC-MCO must be able prepared to document its ability to expand Claims claims processing or MIS capacity as Member enrollment increasesshould either be exceeded through the Enrollment of Participants. m. n. The PCO CHC-MCO must designate appropriate staff with appropriate skill level and experience to participate in DPW Department-directed development and implementation activities. n. o. The CHC-MCO must have formalized System Development Life Cycle processes, procedures, controls, and governance frameworks in place for management of its MIS and affiliated infrastructure; affiliated application, technology, and infrastructure roadmaps in place that outline the current capabilities and future direction of the MIS; and procedures for when CHC-MCO and DHS representatives will be engaged to address current and future business needs and requirements. p. Subcontractors must meet the same MIS requirements as the PCO CHC- MCO, and the PCO CHC-MCO will be held responsible for MIS errors or noncompliance resulting from the action of a subcontractorSubcontractor. The PCO CHC-MCO must provide its subcontractors Subcontractors with the appropriate files and information to meet this requirementrequirement (e.g., the 834 Daily Eligibility File, Provider files). o. q. The PCOCHC-MCO's MIS shall be subject to review and approval during the Department's Healthy Pennsylvania Readiness Review process as referenced in Section VI of this Agreement, Program Outcomes and Deliverablesprocess. p. r. The CHC-MCO must maintain the security of Commonwealth data and information including: • Compliance with all applicable Federal and State statutes and regulations regarding security standards, • Demonstration that specific controls are in place to safeguard MIS and Commonwealth data and information, and • Demonstration of procedures for mitigating data breaches. s. Prior to any major modifications to the PCOCHC-MCO’s MISMIS system, including upgrades and/or and new purchases, the PCO CHC-MCO must inform the Department in writing of the potential changeschanges at least six (6) months prior to the change. The PCO CHC-MCO must include provide a work plan detailing recovery effort efforts and the use of parallel system testing. q. t. The PCO CHC-MCO must be able to accept and generate HIPAA HIPAA-compliant transactions as requested by Providers or required in the DepartmentASC X12 Implementation Guides. r. u. The PCO Department will make Drug, Procedure Code, and Diagnosis Code reference files available to the CHC-MCO on a routine basis to allow it to effectively meet its obligation to provide services and record information consistent with requirements in this Agreement. Information about these files is available on the Pennsylvania HealthChoices Extranet. If the CHC-MCO chooses not to use these files, it must document the use of comparable files to meet its obligation with this Agreement. v. The Department will supply Provider files on a routine basis to allow it to effectively meet its obligation to provide services and record information consistent with requirements in this Agreement. These files include: • List of Active and Closed Providers (PRV414 and PRV415) • NPI Crosswalk (PRV430) • Provider Revalidation File (PRV720) • Special Indicators (PRV435) • Network Provider File (Managed Care Affiliates, PRV640Q) The CHC-MCO must use the PRV414 or PRV415 files with the PRV430 on a monthly basis to reconcile its Provider database with that of the Department to confirm: • All participating Providers are enrolled in MA for all service locations as defined by MA enrollment rules, • Participating Provider license information is valid, • Provider Types and Specialties match, and • Each Provider’s NPI, taxonomy, and nine-digit zip code for each service location match. CHC-MCOs must use the PRV640Q to reconcile Provider information previously submitted on the Network Provider file (PRV640M). w. The CHC-MCO must have a disaster recovery plan in place, and place with written policies and procedures documenting the disaster recovery plan including containing information on system backup and recovery in the event of a disaster. s. x. The PCO shall make all collected MIS data available CHC-MCO must reconcile the 820 Capitation Payment file with its internal membership information and report any discrepancies to the Department, and upon request, to CMSDepartment within thirty (30) days. t. y. To support the CHC-MCO in meeting the requirements of this agreement, the Department will provide access to the following systems: • The PCO MIS shall collect Encounter Data that is verified and screened for accuracy in accordance with 42 C.F.R.Department’s MMIS • Pennsylvania HealthChoices Extranet • Client Information System (CIS) • Docushare

Management Information Systems. The PCO PH-MCO must have a comprehensive, automated and integrated health management information system (MIS) that is capable of meeting the requirements listed below and throughout this Agreement. The PCO must comply with See Management Information System and System Performance Review Standards for MIS and Systems Performance Review (SPR) Standards provided by the Department on the Department’s HealthChoices and ACCESS Plus Intranet. a. The PCO PH-MCO must have at a minimum the following components to its MIS or the capability to link to other systems containing this information: Membership, Provider, Claims processing, Authorization, reference filesreference. b. The PCO PH-MCO must have an MIS sufficient to support data reporting requirements specified in this Agreement. c. The membership management system must have the capability to receive, update and maintain the PCOPH-MCO's membership files consistent with information provided by the Department. The PCO PH-MCO must have the capability to provide daily updates of membership information to subcontractors or Providers with responsibility for processing Claims or authorizing services based on membership information. d. The PCOPH-MCO’s Provider file must be maintained with detailed information on each Provider sufficient to support Provider payment and also meet the Department's reporting and Encounter Data requirements. The PH-MCO must also be able to cross-reference their internal Provider identification number to the PROMISe™ Provider ID and/or the Provider’s NPI number. e. The PCOPH-MCO’s Claims processing system must have the capability to process Claims consistent with timeliness and accuracy requirements required by lawidentified in this Agreement. f. The PCOPH-MCO’s Authorization system must be linked with the Claims processing component. g. The PCOPH-MCO’s MIS must be able to maintain its Claims history with sufficient detail to meet all Department reporting and Encounter requirements. h. The PCO PH-MCO’s credentialing system must have the capability to store and report on Provider specific data sufficient to meet the Provider credentialing requirements listed in Exhibit M(1), Quality Management and Utilization Management Program Requirements, of this Agreement. i. The PH-MCO must have sufficient telecommunication capabilities, including secured electronic mail, to meet the requirements of this Agreement. i. j. The PCO PH-MCO must have the capability to electronically transfer data files with the Department and Department, the EAP contractor, and the PROMISe™ contractor. The PCO PH-MCO must use a secure FTP product that is compatible with the Department’s product. j. k. The PCOPH-MCO’s MIS must be bi-directionally linked to the other Department operational systems listed in this Agreement, in order to ensure that data captured in Encounter records accurately matches data in Member, Provider, Claims and Authorization files, and in order to enable Encounter Data to be utilized for Member profiling, Provider profiling, Claims validation, Fraud and Abuse monitoring activities, and any other research and reporting purposes defined by the Department. The Encounter Data system must have a mechanism in place to receive and process the U277 and NCPDP response files; and to store thethe PROMISe ICN associated with each processed Encounter Data record returned on the files. k. l. The PCO PH-MCO must comply with all applicable information technology standards as defined in the Department’s Information Resource Management (IRM) StandardsStandards (formerly known as POSNet or H-Net standards). This includes compliance with the IRM Business Partner Network Connectivity Provisioning Standards for connectivity to the Commonwealth’s network. The current IRM Standards are available to the PCO PH-MCO via a secured Internet site. The PCOPH-MCO’s MIS must be compatible with the Department’s MIS. The PCO PH-MCO must also comply with the Department’s Se-Government Data Exchange Standards as defined in the IRM Standards. In addition, the PCO PH-MCO must comply with any changes made to the IRM Standards. Whenever possible, the Department will provide advance notice of at least sixty (60) days prior to the implementation of MIS or IRM changes. For more complex changes, every effort will be made to provide additional notice. l. At the Department’s request, the PCO m. The PH-MCO must be able prepared to document its ability to expand Claims processing or MIS capacity as Member enrollment increasesshould either or both be exceeded through the Enrollment of program Members. m. n. The PCO PH-MCO must designate appropriate staff with appropriate skill level and experience to participate in DPW directed development and implementation activities. n. o. Subcontractors must meet the same MIS requirements as the PCO PH-MCO and the PCO PH-MCO will be held responsible for MIS errors or noncompliance resulting from the action of a subcontractor. The PCO PH-MCO must provide its subcontractors subcontactors with the appropriate files and information to meet this requirementrequirement (i.e. the daily eligibility file, provider files, etc.) o. p. The PCOPH-MCO's MIS shall be subject to review and approval during the Department's Healthy Pennsylvania HealthChoices Readiness Review process as referenced in Section VI of this Agreement, Program Outcomes and Deliverables. p. q. Prior to any major modifications to the PCOPH-MCO’s MISinformation system, including upgrades and/or new purchases, the PCO PH-MCO must inform the Department in writing of the potential changes. The PCO must include a A work plan detailing recovery effort and use of parallel system testingtesting must be included. q. r. The PCO PH-MCO must be able to accept and generate HIPAA compliant transactions as requested by Providers or the Department. r. The PCO must have a disaster recovery plan in place, and written policies and procedures documenting the disaster recovery plan including information on system backup and recovery in the event of a disaster. s. The PCO shall Department will make all collected MIS data reference files (Drug, Procedure Code, Diagnosis Code) available to the DepartmentPH-MCO on a routine basis that will allow it to effectively meet its obligation to provide services and record information consistent with requirements in this Agreement. If the PH-MCO chooses not to use these files, it is required to use comparable files to meet its obligation with this Agreement. Exhibit CC, Data Support for PH-MCOs, provides a listing of these files. Information about these files is available on the HealthChoices and upon request, to CMSACCESS Plus Intranet site. t. The PCO MIS shall collect Encounter Data Department will make available provider informational files on a routine basis that is verified will allow it to effectively meet its obligation consistent with requirements in this Agreement. The Contractor must use these files to record and screened for accuracy in accordance provide provider information, and to reconcile their provider file with 42 C.F.R.the Department’s provider file on a regular basis. These files include the List of Active and Closed Providers (PRV-414 and/or PRV-415) file to meet the obligation to maintain valid PROMISe Provider IDs; Managed Care Affiliations (PRV- 640Q) file to meet the obligation to provide updates on the MCO Provider File (PRV-640); and NPI Crosswalk (PRV-

Management Information Systems. The PCO CHC-MCO must have a comprehensive, automated automated, and integrated health management information system (MIS) MIS that includes a test environment and is capable of meeting the requirements listed below and throughout this Agreement. The PCO must comply with Management Information System on Business and Technical Standards provided by the Department is available on the Department’s IntranetDHS website. a. The PCO CHC-MCO must have at a minimum of the following MIS components to its MIS or the capability to link to interface with other systems containing this information: MembershipParticipant, Provider, Claims processing, Prior Authorization, reference filesand Reference data. b. The PCO CHC-MCO must have an a sufficient MIS sufficient to support data reporting requirements specified in this Agreement. c. The membership CHC-MCO’s Participant management system must have the capability to receive, update and maintain the PCO's membership Participant files consistent with information specifications provided by the Department. The PCO CHC-MCO must have the capability to provide daily updates of membership Participant information to subcontractors or Subcontractors and Providers with who have responsibility for processing Claims or authorizing services based on membership Participant information. d. The PCOCHC-MCO’s Provider file database must be maintained with detailed information on each Provider sufficient to support Provider payment and also meet the Department's reporting and Encounter Data requirements. The CHC-MCO must be able to cross-reference its internal Provider identification number to the correct MMIS Provider ID and NPI number in the Department’s MMIS for each location at which the Provider renders services for the CHC-MCO. The CHC-MCO must verify that each Network Provider service location is enrolled and active with MA, and that information for all service locations is maintained in its own system. The CHC-MCO must verify that each Network Provider’s license information is valid in the Department’s MMIS and must outreach to Network Providers to stress the importance of maintaining up to date information in the Department’s MMIS. The CHC-MCO must require Network Providers with specific Provider types and specialties have the same Provider types and specialties in the Department’s MMIS for each service location. e. The PCOCHC-MCO’s Claims processing Processing system must have the capability to process Claims consistent with timeliness and accuracy requirements required by lawidentified in this Agreement. f. The PCOCHC-MCO’s Prior Authorization system must be linked with the its Claims processing Processing component. g. The PCOCHC-MCO’s MIS must be able to maintain its Claims history with sufficient detail to meet all Department reporting and Encounter Data requirements. h. The PCO CHC-MCO’s credentialing system must have the capability to store and report on Provider-specific data sufficient to meet the Department’s credentialing requirements and those listed in Exhibit F, Quality Management and Utilization Management Program Requirements. i. The CHC-MCO must have sufficient telecommunication capabilities, including secured electronic mailemail, to meet the requirements of this Agreement. i. j. The PCO CHC-MCO must have the capability to electronically transfer exchange data files with the Department and the EAP contractorIEB. The PCO CHC-MCO must use a secure FTP product that is compatible with the Department’s product. j. k. The PCOCHC-MCO’s MIS must be bi-directionally bidirectionally linked to the other Department operational systems in order to ensure that data captured in Encounter records accurately matches data in Member, Provider, Claims and Authorization files, and in order to enable Encounter Data to be utilized for Member profiling, Provider profiling, Claims validation, Fraud and Abuse monitoring activities, and any other research and reporting purposes defined by the Department. The Encounter Data system must have a mechanism in place to receive and process the U277 and NCPDP response files; and to store the k. The PCO must comply with all applicable information technology standards as defined in the Department’s Information Resource Management (IRM) Standards. This includes compliance with the IRM Business Partner Network Connectivity Provisioning Standards for connectivity to the Commonwealth’s network. The current IRM Standards are available to the PCO via a secured Internet site. The PCO’s MIS must be compatible with the Department’s MIS. The PCO must also comply with the Department’s Se-Government Data Exchange Standards as defined in the IRM Standards. In addition, the PCO must comply with any changes made to the IRM Standards. Whenever possible, the Department will provide advance notice of at least sixty (60) days prior to the implementation of MIS or IRM changes. For more complex changes, every effort will be made to provide additional notice. l. At the Department’s request, the PCO must be able to document its ability to expand Claims processing or MIS capacity as Member enrollment increases. m. The PCO must designate staff with appropriate skill level and experience to participate in DPW directed development and implementation activities. n. Subcontractors must meet the same MIS requirements as the PCO and the PCO will be held responsible for MIS errors or noncompliance resulting from the action of a subcontractor. The PCO must provide its subcontractors with the appropriate files and information to meet this requirement. o. The PCO's MIS shall be subject to review and approval during the Department's Healthy Pennsylvania Readiness Review process as referenced in Section VI of this Agreement, Program Outcomes and Deliverables. p. Prior to any major modifications to the PCO’s MIS, including upgrades and/or new purchases, the PCO must inform the Department in writing of the potential changes. The PCO must include a work plan detailing recovery effort and use of parallel system testing. q. The PCO must be able to accept and generate HIPAA compliant transactions as requested by Providers or the Department. r. The PCO must have a disaster recovery plan in place, and written policies and procedures documenting the disaster recovery plan including information on system backup and recovery in the event of a disaster. s. The PCO shall make all collected MIS data available to the Department, and upon request, to CMS. t. The PCO MIS shall collect Encounter Data that is verified and screened for accuracy in accordance with 42 C.F.R.operational

Management Information Systems. The PCO must have a comprehensive, automated and integrated health management information system (MIS) that is capable of meeting the requirements listed below and throughout this Agreement. The PCO must comply with Management Information System and System Performance Review Standards for MIS and Systems Performance Review (SPR) Standards provided by the Department on the Department’s Intranet. a. The PCO must have at a minimum the following components to its MIS or the capability to link to other systems containing this information: Membership, Provider, Claims processing, Authorization, reference files. b. The PCO must have an MIS sufficient to support data reporting requirements specified in this Agreement. c. The membership management system must have the capability to receive, update and maintain the PCO's membership files consistent with information provided by the Department. The PCO must have the capability to provide daily updates of membership information to subcontractors or Providers with responsibility for processing Claims or authorizing services based on membership information.'s d. The PCO’s Provider file must be maintained with detailed information on each Provider sufficient to support Provider payment and also meet the Department's reporting and Encounter Data requirements. e. The PCO’s Claims processing system must have the capability to process Claims consistent with timeliness and accuracy requirements required by law. f. The PCO’s Authorization system must be linked with the Claims processing component. g. The PCO’s MIS must be able to maintain its Claims history with sufficient detail to meet all Department reporting and Encounter requirements. h. The PCO must have sufficient telecommunication capabilities, including secured electronic mail, to meet the requirements of this Agreement. i. The PCO must have the capability to electronically transfer data files with the Department and the EAP contractor. The PCO must use a secure FTP product that is compatible with the Department’s product. j. The PCO’s MIS must be bi-directionally linked to the other Department operational systems listed in this Agreement, in order to ensure that data captured in Encounter records accurately matches data in Member, Provider, Claims and Authorization files, and in order to enable Encounter Data to be utilized for Member profiling, Provider profiling, Claims validation, Fraud and Abuse monitoring activities, and any other research and reporting purposes defined by the Department. The Encounter Data system must have a mechanism in place to receive and process the U277 and NCPDP response files; and to store thethe PROMISe ICN associated with each processed Encounter Data record returned on the files. k. The PCO must comply with all applicable information technology standards as defined in the Department’s Information Resource Management (IRM) Standards. This includes compliance with the IRM Business Partner Network Connectivity Provisioning Standards for connectivity to the Commonwealth’s network. The current IRM Standards are available to the PCO via a secured Internet site. The PCO’s MIS must be compatible with the Department’s MIS. The PCO must also comply with the Department’s Se-Se- Government Data Exchange Standards as defined in the IRM Standards. In addition, the PCO must comply with any changes made to the IRM Standards. Whenever possible, the Department will provide advance notice of at least sixty (60) days prior to the implementation of MIS or IRM changes. For more complex changes, every effort will be made to provide additional notice.sixty l. At the Department’s request, the PCO must be able to document its ability to expand Claims processing or MIS capacity as Member enrollment increases. m. The PCO must designate staff with appropriate skill level and experience to participate in DPW directed development and implementation activities. n. Subcontractors must meet the same MIS requirements as the PCO and the PCO will be held responsible for MIS errors or noncompliance resulting from the action of a subcontractor. The PCO must provide its subcontractors with the appropriate files and information to meet this requirement. o. The PCO's MIS shall be subject to review and approval during the Department's Healthy Pennsylvania Readiness Review process as referenced in Section VI of this Agreement, Program Outcomes and Deliverables. p. Prior to any major modifications to the PCO’s MIS, including upgrades and/or new purchases, the PCO must inform the Department in writing of the potential changes. The PCO must include a work plan detailing recovery effort and use of parallel system testing. q. The PCO must be able to accept and generate HIPAA compliant transactions as requested by Providers or the Department. r. The PCO must have a disaster recovery plan in place, and written policies and procedures documenting the disaster recovery plan including information on system backup and recovery in the event of a disaster. s. The PCO shall make all collected MIS data available to the Department, Department and upon request, to CMS. t. The PCO MIS shall collect Encounter Data that is verified and screened for accuracy in accordance with 42 C.F.R.

Management Information Systems. The PCO PH-MCO must have a comprehensive, automated and integrated health management information system (MIS) MIS that is capable of meeting the requirements listed below and throughout this Agreement. The PCO must comply with Management Information System Standards See the information provided by the Department on the Department’s IntranetDHS Internet at the following link: xxxx://xxx.xxx.xx.xxx/provider/busandtechstandards/appii/index.htm . a. The PCO PH-MCO must have at a minimum the following components to its MIS or the capability to link to other systems containing this information: Membership, Provider, Claims processing, Prior Authorization, reference filesReference. b. The PCO PH-MCO must have an MIS sufficient to support data reporting requirements specified in this Agreement. c. The membership management system must have the capability to receive, update and maintain the PCOPH-MCO's membership files consistent with information provided by the Department. The PCO PH-MCO must have the capability to provide daily updates of membership information to subcontractors or Providers with responsibility for processing Claims or authorizing services based on membership information. d. The PCOPH-MCO’s Provider file must be maintained with detailed information on each Provider sufficient to support Provider payment and also meet the Department's reporting and Encounter Data requirements. The PH-MCO must also be able to cross-reference its internal Provider identification number to the correct PROMISe™ Provider ID and/or the Provider’s NPI number in PROMISe™ for each location in which the Provider renders services for the PH-MCO. The PH-MCO must ensure that each provider service location is enrolled and active with Medical Assistance. In addition, the PH-MCO must maintain all service locations in their own system. The PH-MCO must ensure that each provider’s license information is kept valid in PROMISe, and must outreach to their providers to stress the importance of maintaining up to date information in PROMISe. Additionally, the PH-MCO must ensure that providers enrolled in their network with a specific provider type/specialty have the same provider type/specialty in PROMISe for each service location. e. The PCOPH-MCO’s Claims processing system must have the capability to process Claims consistent with timeliness and accuracy requirements required by lawidentified in this Agreement. f. The PCOPH-MCO’s Prior Authorization system must be linked with the Claims processing component. g. The PCOPH-MCO’s MIS must be able to maintain its Claims history with sufficient detail to meet all Department reporting and Encounter requirements. h. The PCO PH-MCO’s credentialing system must have the capability to store and report on Provider specific data sufficient to meet the Provider credentialing requirements listed in Exhibit M(1), Quality Management and Utilization Management Program Requirements, of this Agreement. i. The PH-MCO must have sufficient telecommunication capabilities, including secured electronic mail, to meet the requirements of this Agreement. i. j. The PCO PH-MCO must have the capability to electronically transfer data files with the Department and the EAP contractorbroker. The PCO PH-MCO must use a secure FTP product that is compatible with the Department’s product. j. k. The PCOPH-MCO’s MIS must be bi-directionally linked to the other Department operational systems listed in this Agreement, in order to ensure that data captured in Encounter records accurately matches data in Member, Provider, Claims and Authorization files, and in order to enable Encounter Data to be utilized for Member profiling, Provider profiling, Claims validation, Fraud and Abuse monitoring activities, rate setting and any other research and reporting purposes defined by the Department. The Encounter Data system must have a mechanism in place to receive and process the U277 and NCPDP response files; and to store thethe PROMISe™ ICN associated with each processed Encounter Data record returned on the files. k. l. The PCO PH-MCO must comply with all applicable information technology business and technical standards as defined in available on the Department’s Information Resource Management (IRM) StandardsDHS Internet site at the following link: xxxx://xxx.xxx.xx.xxx/provider/busandtechstandards/index. htm. This includes compliance with the IRM Business Partner Network Connectivity Provisioning Standards standards for connectivity to the Commonwealth’s network. The current IRM Standards are available to the PCO via a secured Internet site. The PCOPH- MCO’s MIS must be compatible with the Department’s MIS. The PCO PH-MCO must also comply with the Department’s Se-Se- Government Data Exchange Standards as defined in the IRM Standards. In addition, the PCO PH- MCO must comply with any changes made to the IRM Commonwealth's Business and Technical Standards. Whenever possible, the Department will provide advance notice of at least sixty (60) days prior to the implementation of MIS or IRM changes. For more complex changes, every effort will be made to provide additional notice. l. At the Department’s request, the PCO m. The PH-MCO must be able prepared to document its ability to expand Claims claims processing or MIS capacity as Member should either or both be exceeded through the enrollment increasesof Members. m. n. The PCO PH-MCO must designate appropriate staff with appropriate skill level and experience to participate in DPW DHS directed development and implementation activities. n. o. Subcontractors must meet the same MIS requirements as the PCO PH-MCO and the PCO PH-MCO will be held responsible for MIS errors or noncompliance resulting from the action of a subcontractor. The PCO PH-MCO must provide its subcontractors with the appropriate files and information to meet this requirementrequirement (i.e. the daily eligibility file, provider files, etc.) o. p. The PCOPH-MCO's MIS shall be subject to review and approval during the Department's Healthy Pennsylvania HealthChoices Readiness Review process as referenced in Section VI of this Agreement, Program Outcomes and Deliverables. p. q. Prior to any major modifications to the PCOPH-MCO’s MISinformation system, including upgrades and/or new purchases, the PCO PH-MCO must inform the Department in writing of the potential changeschanges at least 60 days prior to the change. The PCO PH-MCO must include a work plan detailing recovery effort and use of parallel system testing. q. r. The PCO PH-MCO must be able to accept and generate HIPAA compliant transactions as requested by Providers or required in the ASC X12 Implementation Guides. s. The Department will make reference files (Drug, Procedure Code, Diagnosis Code) available to the PH-MCO on a routine basis that will allow it to effectively meet its obligation to provide services and record information consistent with requirements in this Agreement. If the PH-MCO chooses not to use these files, it must use comparable files to meet its obligation with this Agreement. Exhibit CC, Data Support for PH-MCOs, provides a listing of these files. Information about these files is available on the HealthChoices Intranet site. t. The Department will make available Provider informational files on a routine basis that will allow the PH-MCO to effectively meet its obligation consistent with requirements in this Agreement. The PH-MCO must use these files to record and provide provider information, and to reconcile their provider file with the Department’s provider file on a regular basis. These files include the List of Active and Closed Providers (PRV-414 and/or PRV-415) file to meet the obligation to maintain valid PROMISe Provider IDs; Managed Care Affiliations (PRV-640Q) file to meet the obligation to provide updates on the MCO Provider File (PRV-640); and NPI Crosswalk (PRV-430) file to provide all NPI records active with the Department. Exhibit CC, Data Support for PH-MCOs, provides a listing of these files. Information about these files is available on the HealthChoices Intranet site. r. u. The PCO PH-MCO must have a disaster recovery plan in place, and written policies and procedures documenting the disaster recovery plan including information on system backup and recovery in the event of a disaster. s. The PCO shall make all collected MIS data available v. In addition to the DepartmentPH-MCO reconciling the 834 daily and monthly membership files against its internal membership information as referenced in Section V.F.10 of this Agreement, the PH-MCO must also reconcile the 820 capitation payment file against its internal membership information, and upon request, report any discrepancies to CMSthe Department with thirty (30) days. t. w. The PCO MIS shall collect Encounter Data PH-MCO’s Provider File must maintain screening and risk levels for Medicaid providers that is verified are set by the Department and screened for accuracy in accordance with 42 C.F.R.have the capability to adjust risk levels.