Common use of Management Information Systems Clause in Contracts

Management Information Systems. The CHC-MCO must have a comprehensive, automated, and integrated MIS that includes a test environment and is capable of meeting the requirements listed below and throughout this Agreement. Information on Business and Technical Standards is available on the DHS website. a. The CHC-MCO must have a minimum of the following MIS components or the capability to interface with other systems containing Participant, Provider, Claims processing, Prior Authorization, and Reference data. b. The CHC-MCO must have a sufficient MIS to support data reporting requirements specified in this Agreement. c. The CHC-MCO’s Participant management system must have the capability to receive, update and maintain Participant files consistent with specifications provided by the Department. The CHC-MCO must have the capability to provide daily updates of Participant information to Subcontractors and Providers who have responsibility for processing Claims or authorizing services based on Participant information. d. The CHC-MCO’s Provider database must be maintained with detailed information on each Provider sufficient to support Provider payment and meet the Department's reporting and Encounter Data requirements. The CHC-MCO must be able to cross-reference its internal Provider identification number to the correct MMIS Provider ID and NPI number in the Department’s MMIS for each location at which the Provider renders services for the CHC-MCO. The CHC-MCO must verify that each Network Provider service location is enrolled and active with MA, and that information for all service locations is maintained in its own system. The CHC-MCO must verify that each Network Provider’s license information is valid in the Department’s MMIS and must outreach to Network Providers to stress the importance of maintaining up to date information in the Department’s MMIS. The CHC-MCO must require Network Providers with specific Provider types and specialties have the same Provider types and specialties in the Department’s MMIS for each service location. e. The CHC-MCO’s Claims Processing system must have the capability to process Claims consistent with timeliness and accuracy requirements identified in this Agreement. f. The CHC-MCO’s Prior Authorization system must be linked with its Claims Processing component. g. The CHC-MCO’s MIS must be able to maintain its Claims history with sufficient detail to meet all Department reporting and Encounter Data requirements. h. The CHC-MCO’s credentialing system must have the capability to store and report on Provider-specific data sufficient to meet the Department’s credentialing requirements and those listed in Exhibit F, Quality Management and Utilization Management Program Requirements. i. The CHC-MCO must have sufficient telecommunication capabilities, including email, to meet the requirements of this Agreement. j. The CHC-MCO must have the capability to electronically exchange data files with the Department and the IEB. The CHC-MCO must use a secure FTP product that is compatible with the Department’s product. k. The CHC-MCO’s MIS must be bidirectionally linked to all operational

Management Information Systems. ‌ The CHC-MCO must have a comprehensive, automated, automated and integrated MIS that includes health MIS, including a test environment and environment, that is capable of meeting the requirements listed below and throughout this Agreement. Information on Business and Technical Standards is available See the information provided on the DHS websiteInternet at the following link: ▇▇▇▇://▇▇▇.▇▇▇.▇▇.▇▇▇/provider/busandtechstandards/index.htm. a. The CHC-MCO must have have, at a minimum of minimum, the following MIS components or the capability to interface with other systems containing Participantthis information: Participants, Provider, Claims processing, Prior Authorization, and Reference dataReference. b. The CHC-MCO must have a an MIS sufficient MIS to support data reporting requirements specified in this Agreement. c. The CHC-MCO’s Participant management system must have the capability to receive, update and maintain the CHC-MCO's Participant files consistent with specifications information provided by the Department. The CHC-CHC- MCO must have the capability to provide daily updates of Participant information to Subcontractors and subcontractors or Providers who have with responsibility for processing Claims or authorizing services based on Participant information. d. The CHC-MCO’s MCO must maintain its Provider database must be maintained file with detailed information on each Provider sufficient to support Provider payment and meet the Department's reporting and Encounter Data requirements. The CHC-CHC- MCO must be able to cross-reference its internal Provider identification number to the correct MMIS Provider ID and the Provider’s NPI number in the DepartmentCommonwealth’s MMIS for each location at in which the Provider renders services for the CHC-MCO. The CHC-MCO must verify that each Network Provider service location is enrolled and active with MA. In addition, and that information for the CHC-MCO must maintain all service locations is maintained in its own system. The CHC-MCO must verify that each Network Provider’s license information is valid in the DepartmentCommonwealth’s MMIS MMIS, and must outreach to Network Providers to stress the importance of maintaining up to date information in the DepartmentCommonwealth’s MMIS. The CHC-MCO must require its Network Providers with a specific Provider types and specialties type/specialty to have the same Provider types and specialties type/specialty in the DepartmentCommonwealth’s MMIS for each service location. e. The CHC-MCO’s Claims Processing processing system must have the capability to process Claims consistent with timeliness and accuracy requirements identified in this Agreement. f. The CHC-MCO’s Prior Authorization system must be linked with its the Claims Processing processing component. g. The CHC-MCO’s MIS must be able to maintain its Claims history with sufficient detail to meet all Department reporting and Encounter Data requirements. h. The CHC-MCO’s credentialing system must have the capability to store and report on Provider-specific data sufficient to meet the Department’s Provider credentialing requirements and outlined in the framework provided by the Department as well as those listed in Exhibit F, Quality Management and Utilization Management Program Requirements. i. The CHC-MCO must have sufficient telecommunication capabilities, including emailelectronic mail, to meet the requirements of this Agreement. j. The CHC-MCO must have the capability to electronically exchange data files with the Department and the IEB. The CHC-MCO must use a secure FTP product that is compatible with the Department’s productdata exchange standard within the Department’s Business and Technical Standards. k. The CHC-MCO’s MIS must be bidirectionally linked to the other operational systems listed in this Agreement, in order that data captured in Encounter records accurately matches data in Participant, Provider, Claims and authorization files, and in order to enable Encounter Data to be utilized for Participant profiling, Provider profiling, Claims validation, Fraud, Waste and Abuse monitoring activities, rate setting and any other research and reporting purposes defined by the Department. The Encounter Data system must have a mechanism in place to received, process, and reconcile the U277 and NCPDP response files; and to store the MMIS ICN claim identifier associated with each processed Encounter Data record returned on the files. l. The CHC-MCO must comply with all operationalapplicable business and technical standards at stated in Appendix 1, CHC RFP. The CHC-MCO must comply with the standards for connectivity to the Commonwealth’s network. The CHC-MCO’s MIS must be compatible with the Department’s MIS. The CHC-MCO must also comply with the Department’s Se-Government Data Exchange Standards. In addition, the CHC-MCO must comply with any changes made to the Commonwealth's Business and Technical Standards and demonstrate their capacity to manage all business transactions and performance requirements. Whenever possible, the Department will provide advance notice of at least sixty (60) days prior to the implementation of changes. For more complex changes, the Department will make every reasonable effort to provide additional notice. m. The CHC-MCO must have the ability to expand claims processing or MIS capacity should either or both be exceeded through the Enrollment of Participants. n. The CHC-MCO must designate appropriate staff to participate in Department-directed development and implementationactivities. o. The CHC-MCO must have formalized System Development Life Cycle processes, procedures, controls, and governance frameworks in place for management of its MIS and affiliated infrastructure; affiliated application, technology, and infrastructure roadmaps in place that outline the current capabilities and future direction of the MIS; and procedures for when CHC-MCO and DHS representatives will be engaged to address current and future business needs and requirements. p. The CHC-MCO must require subcontractors to meet the same MIS requirements as the CHC-MCO, and the CHC-MCO will be held responsible for MIS errors or noncompliance resulting from the action of a subcontractor. The CHC-MCO must provide its subcontractors with the appropriate files and information to meet this requirement (i.e., the Daily Eligibility File, Provider files, etc). q. The CHC-MCO's MIS shall be subject to review and approval during the Department's Readiness Review process. r. The CHC-MCO must maintain the security of Commonwealth data and information. This includes: compliance with all applicable Federal and State statutes and regulations regarding security standards; demonstration that specific controls are in place to safeguard MIS and Commonwealth data and information; and demonstration of procedures for mitigating data breaches. s. Prior to any major modifications to the CHC-MCO’s MIS system, including upgrades and/or new purchases, the CHC-MCO must inform the Department in writing of the potential changes at least sixty (60) days prior to the change. The CHC-MCO must include a work plan detailing recovery effort and use of parallel system testing. t. The CHC-MCO must accept and generate HIPAA-compliant transactions as required in the ASC X12 Implementation Guides. u. The Department will make reference files (Drug, Procedure Code, Diagnosis Code) available to the CHC-MCO on a routine basis that will allow it to effectively meet its obligation to provide services and record information consistent with requirements in this Agreement. If the CHC- MCO chooses not to use these files, it must use comparable files. Exhibit R, Data Support for the CHC-MCO, provides a listing of these files. Information about these files is available on the CHC Intranet. v. The Department will make available Provider informational files on a routine basis that will allow the CHC-MCO to effectively meet its obligation consistent with requirements in this Agreement. The CHC- MCO must use these files to record and provide Provider information, and to reconcile its Provider file with the Department’s Provider file on a regular basis. These files include the List of Active and Closed Providers (PRV-414 and/or PRV-415) file to meet the obligation to maintain valid MMIS Provider IDs; Managed Care Affiliations (PRV- 640Q) file to meet the obligation to provide updates on the MCO Provider File (PRV-640); Provider Revalidation File (PRV720) and NPI Crosswalk (PRV-430) file to provide all NPI records active with the Department. Exhibit R, Data Support for the CHC-MCO, provides a listing of these files. Information about these files is available on the Intranet supporting CHC. w. The CHC-MCO must have a disaster recovery plan in place and written policies and procedures documenting the disaster recovery plan, including information on system backup and recovery in the event of a disaster. The CHC-MCO must demonstrate its routine back-up and recovery mechanisms, processes, and procedures. x. In addition to the CHC-MCO reconciling the 834 daily and monthly Participants files against its internal Participant information as referenced in Section V.O.2. Participant Files, the CHC-MCO must reconcile the 820 capitation payment file against its internal Participant information, and report any discrepancies to the Department with thirty (30) days.

Management Information Systems. The CHC-MCO PCO must have a comprehensive, automated, automated and integrated MIS health management information system (MIS) that includes a test environment and is capable of meeting the requirements listed below and throughout this Agreement. The PCO must comply with Management Information on Business and Technical System Standards is available provided by the Department on the DHS websiteDepartment’s Intranet. a. The CHC-MCO PCO must have at a minimum of the following components to its MIS components or the capability to interface with link to other systems containing Participantthis information: Membership, Provider, Claims processing, Prior Authorization, and Reference datareference files. b. The CHC-MCO PCO must have a an MIS sufficient MIS to support data reporting requirements specified in this Agreement. c. The CHC-MCO’s Participant membership management system must have the capability to receive, update and maintain Participant the PCO's membership files consistent with specifications information provided by the Department. The CHC-MCO PCO must have the capability to provide daily updates of Participant membership information to Subcontractors and subcontractors or Providers who have with responsibility for processing Claims or authorizing services based on Participant membership information. d. The CHC-MCOPCO’s Provider database file must be maintained with detailed information on each Provider sufficient to support Provider payment and also meet the Department's reporting and Encounter Data requirements. The CHC-MCO must be able to cross-reference its internal Provider identification number to the correct MMIS Provider ID and NPI number in the Department’s MMIS for each location at which the Provider renders services for the CHC-MCO. The CHC-MCO must verify that each Network Provider service location is enrolled and active with MA, and that information for all service locations is maintained in its own system. The CHC-MCO must verify that each Network Provider’s license information is valid in the Department’s MMIS and must outreach to Network Providers to stress the importance of maintaining up to date information in the Department’s MMIS. The CHC-MCO must require Network Providers with specific Provider types and specialties have the same Provider types and specialties in the Department’s MMIS for each service location. e. The CHC-MCOPCO’s Claims Processing processing system must have the capability to process Claims consistent with timeliness and accuracy requirements identified in this Agreementrequired by law. f. The CHC-MCOPCO’s Prior Authorization system must be linked with its the Claims Processing processing component. g. The CHC-MCOPCO’s MIS must be able to maintain its Claims history with sufficient detail to meet all Department reporting and Encounter Data requirements. h. The CHC-MCO’s credentialing system must have the capability to store and report on Provider-specific data sufficient to meet the Department’s credentialing requirements and those listed in Exhibit F, Quality Management and Utilization Management Program Requirements. i. The CHC-MCO PCO must have sufficient telecommunication capabilities, including emailsecured electronic mail, to meet the requirements of this Agreement. j. i. The CHC-MCO PCO must have the capability to electronically exchange transfer data files with the Department and the IEBEAP contractor. The CHC-MCO PCO must use a secure FTP product that is compatible with the Department’s product. k. j. The CHC-MCOPCO’s MIS must be bidirectionally bi-directionally linked to the other Department operational systems in order to ensure that data captured in Encounter records accurately matches data in Member, Provider, Claims and Authorization files, and in order to enable Encounter Data to be utilized for Member profiling, Provider profiling, Claims validation, Fraud and Abuse monitoring activities, and any other research and reporting purposes defined by the Department. The Encounter Data system must have a mechanism in place to receive and process the U277 and NCPDP response files; and to store the k. The PCO must comply with all operationalapplicable information technology standards as defined in the Department’s Information Resource Management (IRM) Standards. This includes compliance with the IRM Business Partner Network Connectivity Provisioning Standards for connectivity to the Commonwealth’s network. The current IRM Standards are available to the PCO via a secured Internet site. The PCO’s MIS must be compatible with the Department’s MIS. The PCO must also comply with the Department’s Se-Government Data Exchange Standards as defined in the IRM Standards. In addition, the PCO must comply with any changes made to the IRM Standards. Whenever possible, the Department will provide advance notice of at least sixty (60) days prior to the implementation of MIS or IRM changes. For more complex changes, every effort will be made to provide additional notice. l. At the Department’s request, the PCO must be able to document its ability to expand Claims processing or MIS capacity as Member enrollment increases. m. The PCO must designate staff with appropriate skill level and experience to participate in DPW directed development and implementation activities. n. Subcontractors must meet the same MIS requirements as the PCO and the PCO will be held responsible for MIS errors or noncompliance resulting from the action of a subcontractor. The PCO must provide its subcontractors with the appropriate files and information to meet this requirement. o. The PCO's MIS shall be subject to review and approval during the Department's Healthy Pennsylvania Readiness Review process as referenced in Section VI of this Agreement, Program Outcomes and Deliverables. p. Prior to any major modifications to the PCO’s MIS, including upgrades and/or new purchases, the PCO must inform the Department in writing of the potential changes. The PCO must include a work plan detailing recovery effort and use of parallel system testing. q. The PCO must be able to accept and generate HIPAA compliant transactions as requested by Providers or the Department. r. The PCO must have a disaster recovery plan in place, and written policies and procedures documenting the disaster recovery plan including information on system backup and recovery in the event of a disaster. s. The PCO shall make all collected MIS data available to the Department, and upon request, to CMS. t. The PCO MIS shall collect Encounter Data that is verified and screened for accuracy in accordance with 42 C.F.R.

Management Information Systems. The CHC-MCO must have a comprehensive, automated, automated and integrated health MIS that includes a test environment and is capable of meeting the requirements listed below and throughout this Agreementagreement. Information on Business and Technical Standards is available See the information provided on the DHS websiteInternet at the following link: ▇▇▇▇://▇▇▇.▇▇▇.▇▇.▇▇▇/provider/busandtechstandards/index.htm. a. The CHC-MCO must have at a minimum of the following MIS components or the capability to interface with other systems containing Participantthis information: Participants, Provider, Claims processing, Prior Authorization, and Reference dataReference. b. The CHC-MCO must have a an MIS sufficient MIS to support data reporting requirements specified in this Agreementagreement. c. The CHC-MCO’s Participant management system must have the capability to receive, update and maintain the CHC-MCO's Participant files consistent with specifications information provided by the Department. The CHC-CHC- MCO must have the capability to provide daily updates of Participant information to Subcontractors and subcontractors or Providers who have with responsibility for processing Claims or authorizing services based on Participant information. d. The CHC-MCO’s MCO must maintain its Provider database must be maintained file with detailed information on each Provider sufficient to support Provider payment and meet the Department's reporting and Encounter Data requirements. The CHC-MCO must be able to cross-reference its internal Provider identification number to the correct MMIS PROMISe™ Provider ID and and/or the Provider’s NPI number in the Department’s MMIS PROMISe™ for each location at in which the Provider renders services for the CHC-MCO. The CHC-MCO must verify that each Network Provider service location is enrolled and active with MA. In addition, and that information for the CHC-MCO must maintain all service locations is maintained in its their own system. The CHC-CHC- MCO must verify that each Network Provider’s license information is valid in the Department’s MMIS PROMISe, and must outreach to Network Providers to stress the importance of maintaining up to date information in the Department’s MMISPROMISe. The CHC-MCO must require its Network Providers with a specific Provider types and specialties type/specialty have the same Provider types and specialties type/specialty in the Department’s MMIS PROMISe for each service location. e. The CHC-MCO’s Claims Processing processing system must have the capability to process Claims consistent with timeliness and accuracy requirements identified in this Agreementagreement. f. The CHC-MCO’s Prior Authorization system must be linked with its the Claims Processing processing component. g. The CHC-MCO’s MIS must be able to maintain its Claims history with sufficient detail to meet all Department reporting and Encounter Data requirements. h. The CHC-MCO’s credentialing system must have the capability to store and report on Provider-Provider specific data sufficient to meet the Department’s Provider credentialing requirements and outlined in the framework provided by the Department as well as those listed in Exhibit FK(1), Quality Management and Utilization Management Program Requirements. i. The CHC-MCO must have sufficient telecommunication capabilities, including emailelectronic mail, to meet the requirements of this Agreement. j. The CHC-MCO must have the capability to electronically exchange data files with the Department and the IEBIEE. The CHC-MCO must use a secure FTP product that is compatible with the Department’s productdata exchange standard within the Department’s Business and Technical Standards. k. The CHC-MCO’s MIS must be bidirectionally linked to the other operational systems listed in this agreement, in order that data captured in Encounter records accurately matches data in Participant, Provider, Claims and authorization files, and in order to enable Encounter Data to be utilized for Participant profiling, Provider profiling, Claims validation, Fraud and Abuse monitoring activities, rate setting and any other research and reporting purposes defined by the Department. The Encounter Data system must have a mechanism in place to receive and process the U277 and NCPDP response files; and to store the PROMISe™ ICN claim identifier associated with each processed Encounter Data record returned on the files. l. The CHC-MCO must comply with all operationalapplicable business and technical standards at stated in ▇▇▇▇▇▇▇▇ ▇, ▇▇▇ RFP. The CHC-MCO must comply with the standards for connectivity to the Commonwealth’s network. The CHC-MCO’s MIS must be compatible with the Department’s MIS. The CHC-MCO must also comply with the Department’s Se-Government Data Exchange Standards. In addition, the CHC-MCO must comply with any changes made to the Commonwealth's Business and Technical Standards and demonstrate their capacity to manage all business transactions and performance requirements. Whenever possible, the Department will provide advance notice of at least sixty (60) days prior to the implementation of changes. For more complex changes, the Department will make every effort to provide additional notice. m. The CHC-MCO must have the ability to expand claims processing or MIS capacity should either or both be exceeded through the Enrollment of Participants. n. The CHC-MCO must designate appropriate staff to participate in DHS directed development and implementation activities. o. The CHC-MCO must have formalized System Development Life Cycle processes, procedures, controls, and governance frameworks in place for management of its MIS and affiliated infrastructure; affiliated application, technology, and infrastructure roadmaps in place that outlines the current capabilities and future direction of the MIS; and procedures for when CHC-MCO and DHS representatives will be engaged to address current and future business needs and requirements. p. The CHC-MCO must require subcontractors to meet the same MIS requirements as the CHC-MCO and the CHC-MCO will be held responsible for MIS errors or noncompliance resulting from the action of a subcontractor. The CHC-MCO must provide its subcontractors with the appropriate files and information to meet this requirement (i.e. the Daily Eligibility File, Provider files, etc.) q. The CHC-MCO's MIS shall be subject to review and approval during the Department's Readiness Review process. r. The CHC-MCO must maintain the security of Commonwealth data and information. This includes; compliance with all applicable federal and state laws and regulations regarding security standards; demonstration that specific controls are in place to safeguard MIS and Commonwealth data and information; demonstration of procedures for mitigating data breaches; s. Prior to any major modifications to the CHC-MCO’s MIS system, including upgrades and/or new purchases, the CHC-MCO must inform the Department in writing of the potential changes at least 60 days prior to the change. The CHC-MCO must include a work plan detailing recovery effort and use of parallel system testing. t. The CHC-MCO must accept and generate HIPAA compliant transactions as required in the ASC X12 Implementation Guides. u. The Department will make reference files (Drug, Procedure Code, Diagnosis Code) available to the CHC-MCO on a routine basis that will allow it to effectively meet its obligation to provide services and record information consistent with requirements in this Agreement. If the CHC-MCO chooses not to use these files, it must use comparable files. Exhibit Q, Data Support for CHC-MCOs, provides a listing of these files. Information about these files is available on the CHC Intranet. v. The Department will make available Provider informational files on a routine basis that will allow the CHC-MCO to effectively meet its obligation consistent with requirements in this Agreement. The CHC- MCO must use these files to record and provide Provider information, and to reconcile their Provider file with the Department’s Provider file on a regular basis. These files include the List of Active and Closed Providers (PRV-414 and/or PRV-415) file to meet the obligation to maintain valid PROMISe Provider IDs; Managed Care Affiliations (PRV-640Q) file to meet the obligation to provide updates on the MCO Provider File (PRV-640); and NPI Crosswalk (PRV-430) file to provide all NPI records active with the Department. Exhibit Q, Data Support for CHC-MCOs, provides a listing of these files. Information about these files is available on the Intranet supporting CHC. w. The CHC-MCO must have a disaster recovery plan in place, and written policies and procedures documenting the disaster recovery plan including information on system backup and recovery in the event of a disaster. The CHC-MCO must demonstrate their routine back-up and recovery mechanisms, processes, and procedures. x. In addition to the CHC-MCO reconciling the 834 daily and monthly Participants files against its internal Participant information as referenced in Section V.O.1. Participant Files, the CHC-MCO must reconcile the 820 capitation payment file against its internal Participant information, and report any discrepancies to the Department with thirty (30) days.

Management Information Systems. The CHC-MCO PCO must have a comprehensive, automated, automated and integrated MIS health management information system (MIS) that includes a test environment and is capable of meeting the requirements listed below and throughout this Agreement. The PCO must comply with Management Information on Business System and Technical System Performance Review Standards is available for MIS and Systems Performance Review (SPR) Standards provided by the Department on the DHS websiteDepartment’s Intranet. a. The CHC-MCO PCO must have at a minimum of the following components to its MIS components or the capability to interface with link to other systems containing Participantthis information: Membership, Provider, Claims processing, Prior Authorization, and Reference datareference files. b. The CHC-MCO PCO must have a an MIS sufficient MIS to support data reporting requirements specified in this Agreement. c. The CHC-MCO’s Participant membership management system must have the capability to receive, update and maintain Participant files consistent with specifications provided by the Department. The CHC-MCO must have the capability to provide daily updates of Participant information to Subcontractors and Providers who have responsibility for processing Claims or authorizing services based on Participant information.PCO's d. The CHC-MCOPCO’s Provider database file must be maintained with detailed information on each Provider sufficient to support Provider payment and also meet the Department's reporting and Encounter Data requirements. The CHC-MCO must be able to cross-reference its internal Provider identification number to the correct MMIS Provider ID and NPI number in the Department’s MMIS for each location at which the Provider renders services for the CHC-MCO. The CHC-MCO must verify that each Network Provider service location is enrolled and active with MA, and that information for all service locations is maintained in its own system. The CHC-MCO must verify that each Network Provider’s license information is valid in the Department’s MMIS and must outreach to Network Providers to stress the importance of maintaining up to date information in the Department’s MMIS. The CHC-MCO must require Network Providers with specific Provider types and specialties have the same Provider types and specialties in the Department’s MMIS for each service location. e. The CHC-MCOPCO’s Claims Processing processing system must have the capability to process Claims consistent with timeliness and accuracy requirements identified in this Agreementrequired by law. f. The CHC-MCOPCO’s Prior Authorization system must be linked with its the Claims Processing processing component. g. The CHC-MCOPCO’s MIS must be able to maintain its Claims history with sufficient detail to meet all Department reporting and Encounter Data requirements. h. The CHC-MCO’s credentialing system must have the capability to store and report on Provider-specific data sufficient to meet the Department’s credentialing requirements and those listed in Exhibit F, Quality Management and Utilization Management Program Requirements. i. The CHC-MCO PCO must have sufficient telecommunication capabilities, including emailsecured electronic mail, to meet the requirements of this Agreement. j. i. The CHC-MCO PCO must have the capability to electronically exchange transfer data files with the Department and the IEBEAP contractor. The CHC-MCO PCO must use a secure FTP product that is compatible with the Department’s product. k. j. The CHC-MCOPCO’s MIS must be bidirectionally bi-directionally linked to the other Department operational systems listed in this Agreement, in order to ensure that data captured in Encounter records accurately matches data in Member, Provider, Claims and Authorization files, and in order to enable Encounter Data to be utilized for Member profiling, Provider profiling, Claims validation, Fraud and Abuse monitoring activities, and any other research and reporting purposes defined by the Department. The Encounter Data system must have a mechanism in place to receive and process the U277 and NCPDP response files; and to store the PROMISe ICN associated with each processed Encounter Data record returned on the files. k. The PCO must comply with all operationalapplicable information technology standards as defined in the Department’s Information Resource Management (IRM) Standards. This includes compliance with the IRM Business Partner Network Connectivity Provisioning Standards for connectivity to the Commonwealth’s network. The current IRM Standards are available to the PCO via a secured Internet site. The PCO’s MIS must be compatible with the Department’s MIS. The PCO must also comply with the Department’s Se- Government Data Exchange Standards as defined in the IRM Standards. In addition, the PCO must comply with any changes made to the IRM Standards. Whenever possible, the Department will provide advance notice of at least sixty l. At the Department’s request, the PCO must be able to document its ability to expand Claims processing or MIS capacity as Member enrollment increases. m. The PCO must designate staff with appropriate skill level and experience to participate in DPW directed development and implementation activities. n. Subcontractors must meet the same MIS requirements as the PCO and the PCO will be held responsible for MIS errors or noncompliance resulting from the action of a subcontractor. The PCO must provide its subcontractors with the appropriate files and information to meet this requirement. o. The PCO's MIS shall be subject to review and approval during the Department's Healthy Pennsylvania Readiness Review process as referenced in Section VI of this Agreement, Program Outcomes and Deliverables. p. Prior to any major modifications to the PCO’s MIS, including upgrades and/or new purchases, the PCO must inform the Department in writing of the potential changes. The PCO must include a work plan detailing recovery effort and use of parallel system testing. q. The PCO must be able to accept and generate HIPAA compliant transactions as requested by Providers or the Department. r. The PCO must have a disaster recovery plan in place, and written policies and procedures documenting the disaster recovery plan including information on system backup and recovery in the event of a disaster. s. The PCO shall make all collected MIS data available to the Department and upon request, to CMS.

Management Information Systems. The CHC-MCO must have a comprehensive, automated, automated and integrated MIS that includes health MIS, including a test environment and environment, that is capable of meeting the requirements listed below and throughout this Agreement. Information on Business and Technical Standards is available See the information provided on the DHS websiteInternet at the following link: ▇▇▇▇://▇▇▇.▇▇▇.▇▇.▇▇▇/provider/busandtechstandards/index.htm. a. The CHC-MCO must have have, at a minimum of minimum, the following MIS components or the capability to interface with other systems containing Participantthis information: Participants, Provider, Claims processing, Prior Authorization, and Reference dataReference. b. The CHC-MCO must have a an MIS sufficient MIS to support data reporting requirements specified in this Agreement. c. The CHC-MCO’s Participant management system must have the capability to receive, update and maintain the CHC-MCO's Participant files consistent with specifications information provided by the Department. The CHC-CHC- MCO must have the capability to provide daily updates of Participant information to Subcontractors and subcontractors or Providers who have with responsibility for processing Claims or authorizing services based on Participant information. d. The CHC-MCO’s MCO must maintain its Provider database must be maintained file with detailed information on each Provider sufficient to support Provider payment and meet the Department's reporting and Encounter Data requirements. The CHC-CHC- MCO must be able to cross-reference its internal Provider identification number to the correct MMIS Provider ID and the Provider’s NPI number in the DepartmentCommonwealth’s MMIS for each location at in which the Provider renders services for the CHC-MCO. The CHC-MCO must verify that each Network Provider service location is enrolled and active with MA. In addition, and that information for the CHC-MCO must maintain all service locations is maintained in its own system. The CHC-MCO must verify that each Network Provider’s license information is valid in the DepartmentCommonwealth’s MMIS MMIS, and must outreach to Network Providers to stress the importance of maintaining up to date information in the DepartmentCommonwealth’s MMIS. The CHC-MCO must require its Network Providers with a specific Provider types and specialties type/specialty to have the same Provider types and specialties type/specialty in the DepartmentCommonwealth’s MMIS for each service location. e. The CHC-MCO’s Claims Processing processing system must have the capability to process Claims consistent with timeliness and accuracy requirements identified in this Agreement. f. The CHC-MCO’s Prior Authorization system must be linked with its the Claims Processing processing component. g. The CHC-MCO’s MIS must be able to maintain its Claims history with sufficient detail to meet all Department reporting and Encounter Data requirements. h. The CHC-MCO’s credentialing system must have the capability to store and report on Provider-specific data sufficient to meet the Department’s Provider credentialing requirements and outlined in the framework provided by the Department as well as those listed in Exhibit F, Quality Management and Utilization Management Program Requirements. i. The CHC-MCO must have sufficient telecommunication capabilities, including emailelectronic mail, to meet the requirements of this Agreement. j. The CHC-MCO must have the capability to electronically exchange data files with the Department and the IEB. The CHC-MCO must use a secure FTP product that is compatible with the Department’s productdata exchange standard within the Department’s Business and Technical Standards. k. The CHC-MCO’s MIS must be bidirectionally linked to the other operational systems listed in this Agreement, in order that data captured in Encounter records accurately matches data in Participant, Provider, Claims and authorization files, and in order to enable Encounter Data to be utilized for Participant profiling, Provider profiling, Claims validation, Fraud, Waste and Abuse monitoring activities, rate setting and any other research and reporting purposes defined by the Department. The Encounter Data system must have a mechanism in place to received, process, and reconcile the U277 and NCPDP response files; and to store the MMIS ICN claim identifier associated with each processed Encounter Data record returned on the files. l. The CHC-MCO must comply with all operationalapplicable business and technical standards at stated in Appendix 1, CHC RFP. The CHC-MCO must comply with the standards for connectivity to the Commonwealth’s network. The CHC-MCO’s MIS must be compatible with the Department’s MIS. The CHC-MCO must also comply with the Department’s Se-Government Data Exchange Standards. In addition, the CHC-MCO must comply with any changes made to the Commonwealth's Business and Technical Standards and demonstrate their capacity to manage all business transactions and performance requirements. Whenever possible, the Department will provide advance notice of at least sixty (60) days prior to the implementation of changes. For more complex changes, the Department will make every reasonable effort to provide additional notice. m. The CHC-MCO must have the ability to expand claims processing or MIS capacity should either or both be exceeded through the Enrollment of Participants. n. The CHC-MCO must designate appropriate staff to participate in Department-directed development and implementation activities. o. The CHC-MCO must have formalized System Development Life Cycle processes, procedures, controls, and governance frameworks in place for management of its MIS and affiliated infrastructure; affiliated application, technology, and infrastructure roadmaps in place that outline the current capabilities and future direction of the MIS; and procedures for when CHC-MCO and DHS representatives will be engaged to address current and future business needs and requirements. p. The CHC-MCO must require subcontractors to meet the same MIS requirements as the CHC-MCO, and the CHC-MCO will be held responsible for MIS errors or noncompliance resulting from the action of a subcontractor. The CHC-MCO must provide its subcontractors with the appropriate files and information to meet this requirement (i.e., the Daily Eligibility File, Provider files, etc). q. The CHC-MCO's MIS shall be subject to review and approval during the Department's Readiness Review process. r. The CHC-MCO must maintain the security of Commonwealth data and information. This includes: compliance with all applicable Federal and State statutes and regulations regarding security standards; demonstration that specific controls are in place to safeguard MIS and Commonwealth data and information; and demonstration of procedures for mitigating data breaches. s. Prior to any major modifications to the CHC-MCO’s MIS system, including upgrades and/or new purchases, the CHC-MCO must inform the Department in writing of the potential changes at least sixty (60) days prior to the change. The CHC-MCO must include a work plan detailing recovery effort and use of parallel system testing. t. The CHC-MCO must accept and generate HIPAA-compliant transactions as required in the ASC X12 Implementation Guides. u. The Department will make reference files (Drug, Procedure Code, Diagnosis Code) available to the CHC-MCO on a routine basis that will allow it to effectively meet its obligation to provide services and record information consistent with requirements in this Agreement. If the CHC- MCO chooses not to use these files, it must use comparable files. Exhibit R, Data Support for the CHC-MCO, provides a listing of these files. Information about these files is available on the CHC Intranet. v. The Department will make available Provider informational files on a routine basis that will allow the CHC-MCO to effectively meet its obligation consistent with requirements in this Agreement. The CHC- MCO must use these files to record and provide Provider information, and to reconcile its Provider file with the Department’s Provider file on a regular basis. These files include the List of Active and Closed Providers (PRV-414 and/or PRV-415) file to meet the obligation to maintain valid MMIS Provider IDs; Managed Care Affiliations (PRV- 640Q) file to meet the obligation to provide updates on the MCO Provider File (PRV-640); Provider Revalidation File (PRV720) and NPI Crosswalk (PRV-430) file to provide all NPI records active with the Department. Exhibit R, Data Support for the CHC-MCO, provides a listing of these files. Information about these files is available on the Intranet supporting CHC. w. The CHC-MCO must have a disaster recovery plan in place and written policies and procedures documenting the disaster recovery plan, including information on system backup and recovery in the event of a disaster. The CHC-MCO must demonstrate its routine back-up and recovery mechanisms, processes, and procedures. x. In addition to the CHC-MCO reconciling the 834 daily and monthly Participants files against its internal Participant information as referenced in Section V.O.2. Participant Files, the CHC-MCO must reconcile the 820 capitation payment file against its internal Participant information, and report any discrepancies to the Department with thirty (30) days.

Management Information Systems. The CHCCHIP-MCO must have a comprehensive, automated, and integrated MIS that includes a test environment environment, and is capable of meeting the requirements listed below and throughout this Agreement. Information on Business and Technical Standards is available on the DHS website. a. The CHCCHIP-MCO must have a minimum of the following MIS components or the capability to interface with other data systems containing Participantcontaining: Membership, Provider, Claims processingProcessing, Prior Authorization, and Reference dataReference. b. The CHCCHIP-MCO must have a an MIS sufficient MIS to support data reporting requirements specified in this Agreement. c. The CHCCHIP-MCO’s Participant enrollment management system must have the capability to receive, update and maintain Participant enrollment files consistent with specifications provided by the Department. The CHCCHIP-MCO must have the capability to provide daily updates of Participant membership information to Subcontractors and Providers who have responsibility for processing Claims or and authorizing services based on Participant enrollment information. d. The CHCCHIP-MCO’s Provider database must be maintained with detailed information on each Provider sufficient to support Provider payment and meet the Department's reporting and Encounter Data requirements. The CHCCHIP-MCO must be able to cross-reference its internal Provider identification number to the correct MMIS Provider ID and Provider NPI number in the Department’s MMIS for each location at which the Provider renders services for the CHCCHIP-MCO. The CHCCHIP-MCO must verify ensure that each Network Provider service location is enrolled and active with MA, MA or CHIP and that information for all service locations is maintained in its own system. The CHCCHIP-MCO must verify that each Network Provider’s license information is valid in the Department’s MMIS and must outreach to Network Providers to stress the importance of maintaining up to date information in the Department’s MMIS. The CHCCHIP-MCO must require Network Providers with specific Provider types and specialties have the same Provider types and specialties in the Department’s MMIS for each service location. e. The CHCCHIP-MCO’s Claims Processing processing system must have the capability to process Claims consistent with timeliness and accuracy requirements identified in this Agreement. f. The CHCCHIP-MCO’s Prior Authorization system must be linked with its Claims Processing processing component. g. The CHCCHIP-MCO’s MIS must be able to maintain its Claims history with sufficient detail to meet all Department reporting and Encounter Data requirements. h. The CHCCHIP-MCO’s credentialing system must have the capability to store and report on Provider-Provider specific data sufficient to meet the Department’s credentialing requirements and those listed in Exhibit FG, Quality Management and Utilization Management Program Requirements. i. The CHCCHIP-MCO must have sufficient telecommunication capabilities, including email, to meet the requirements of this Agreement. j. The CHCCHIP-MCO must have the capability to electronically exchange data files with the Department and the IEBEAP broker. The CHCCHIP-MCO must use a secure FTP product that is compatible with the Department’s product. k. The CHCCHIP-MCO’s MIS must be bidirectionally bi-directionally linked to all operationaloperational systems listed in this Agreement, so that data captured in Encounter records matches data in Member, Provider, Claims and Prior Authorization files. Encounter Data will be utilized for: • Member and Provider profiling • Claims validation • Fraud and Abuse monitoring activities • Rate setting • Any other research and reporting purposes defined by the Department. l. The CHIP-MCO must comply with the Department’s Business and Technical Standards including connectivity to the Commonwealth’s network for Extranet access. The CHIP-MCO must also comply with any changesmade to these standards. CHIP-MCOs must comply with the Department’s Se- Government Data Exchange Standards. Whenever possible, the Department will provide advance notice of at least sixty (60) days prior to the implementation of changes. For more complex changes, the Department will make every reasonable effort to provide additional notice. m. The CHIP-MCO must be prepared to document its ability to expand claims processing or MIS capacity should either be exceeded through the enrollment of Enrollees. n. The CHIP-MCO must designate appropriate staff to participate in DHS directed development and implementation activities. o. Subcontractors must meet the same MIS requirements as the CHIP-MCO and the CHIP-MCO will be held responsible for MIS errors or noncompliance resulting from the action of a Subcontractor. The CHIP-MCO must provide its Subcontractors with the appropriate files and information to meet this requirement (e.g., Monthly 834 Eligibility File. Provider files). p. The CHIP-MCO's MIS shall be subject to review and approval during the Department's CHIP Readiness Review process as referenced in Section VI of this Agreement, Program Outcomes and Deliverables. q. Prior to any major modifications to the CHIP-MCO’s MIS, including upgrades and new purchases, the CHIP-MCO must inform the Department in writing of the potential changes at least six (6) months prior to the change. The CHIP-MCO must provide a workplan detailing recovery efforts and the use of parallel systems testing. r. The CHIP-MCO must be able to accept and generate HIPAA compliant transactions as required in the ASC X12 Implementation Guides. s. The Department will make Drug, Procedure Code, and Diagnosis Code reference files available to the CHIP-MCO on a routine basis to allow it to effectively meet its obligation to provide services and record information consistent with requirements in this Agreement. Information about these files is available on the Pennsylvania HealthChoices Extranet site If the CHIP-MCO chooses not to use these files, it must document the use of comparable files to meet its obligation with this Agreement. t. The Department will supply Provider files on a routine basis to allow the CHIP-MCO to meet its obligation consistent with requirements in this Agreement. These files include: • List of Active and Closed Providers (PRV414 and PRV415); • NPI Crosswalk (PRV430); • Special Indicators (PR435); • Provider Revalidation File (PRV720). • Quarterly Network Provider File (Managed Care Affiliates, PRV640Q) The CHIP-MCO must use the PRV414 or PRV415 file with the PRV430 on a monthly basis to reconcile its Provider database with that of the Department to confirm: • All participating providers are enrolled in MA for all service locations as defined by MA enrollment rules. • Participating provider license information is valid. • Provider Types and Specialties match. • Each Provider’s NPI, Taxonomy, and Nine-digit Zip code for each service location match. Any provider that does not enroll with CHIP or MA cannot be enrolled as a participating provider in the CHIP-MCO. Discrepancies must be addressed with the provider. CHIP-MCOs must use the PRV640Q file to reconcile Provider information previously submitted on the Network Provider File (PRV640M). Information about these files is available on the Pennsylvania HealthChoices Extranet site. u. The CHIP-MCO must have a disaster recovery plan in place with written policies and procedures containing information on system backup and recovery in the event of a disaster. v. The CHIP-MCO must reconcile the 820 Capitation Payment file with its internal enrollment information and report any discrepancies to the Department within thirty (30) days. w. To support CHIP-MCOs in meeting the requirements of this agreement, the Department will provide access to the following systems: • Client Information System (CIS/eCIS); • Pennsylvania HealthChoices Extranet; • The Department’s MMIS; • Docushare; and • CHIP Collaboration Room. Access to these systems is in addition to the various files that CHIP-MCOs will receive via secure file transfer. Information on obtaining access to these resources is on the Pennsylvania HealthChoices Extranet.

Management Information Systems. The CHCPH-MCO must have a comprehensive, automated, automated and integrated MIS health management information system (MIS) that includes a test environment and is capable of meeting the requirements listed below and throughout this Agreement. See Management Information on Business System and Technical System Performance Review Standards is available for MIS and Systems Performance Review (SPR) Standards provided by the Department on the DHS websiteHealthChoices and ACCESS Plus Intranet. a. The CHCPH-MCO must have at a minimum of the following components to its MIS components or the capability to interface with link to other systems containing Participantthis information: Membership, Provider, Claims processing, Prior Authorization, and Reference datareference. b. The CHCPH-MCO must have a an MIS sufficient MIS to support data reporting requirements specified in this Agreement. c. The CHC-MCO’s Participant membership management system must have the capability to receive, update and maintain Participant the PH-MCO's membership files consistent with specifications information provided by the Department. The CHCPH-MCO must have the capability to provide daily updates of Participant membership information to Subcontractors and subcontractors or Providers who have with responsibility for processing Claims or authorizing services based on Participant membership information. d. The CHCPH-MCO’s Provider database file must be maintained with detailed information on each Provider sufficient to support Provider payment and also meet the Department's reporting and Encounter Data requirements. The CHCPH-MCO must also be able to cross-reference its their internal Provider identification number to the correct MMIS PROMISe™ Provider ID and NPI number in and/or the Department’s MMIS for each location at which the Provider renders services for the CHC-MCO. The CHC-MCO must verify that each Network Provider service location is enrolled and active with MA, and that information for all service locations is maintained in its own system. The CHC-MCO must verify that each Network Provider’s license information is valid in the Department’s MMIS and must outreach to Network Providers to stress the importance of maintaining up to date information in the Department’s MMIS. The CHC-MCO must require Network Providers with specific Provider types and specialties have the same Provider types and specialties in the Department’s MMIS for each service locationNPI number. e. The CHCPH-MCO’s Claims Processing processing system must have the capability to process Claims consistent with timeliness and accuracy requirements identified in this Agreement. f. The CHCPH-MCO’s Prior Authorization system must be linked with its the Claims Processing processing component. g. The CHCPH-MCO’s MIS must be able to maintain its Claims history with sufficient detail to meet all Department reporting and Encounter Data requirements. h. The CHCPH-MCO’s credentialing system must have the capability to store and report on Provider-Provider specific data sufficient to meet the Department’s Provider credentialing requirements and those listed in Exhibit FM(1), Quality Management and Utilization Management Program Requirements, of this Agreement. i. The CHCPH-MCO must have sufficient telecommunication capabilities, including emailelectronic mail, to meet the requirements of this Agreement. j. The CHCPH-MCO must have the capability to electronically exchange transfer data files with the Department Department, the EAP contractor, and the IEBPROMISe™ contractor. The CHCPH-MCO must use a secure FTP product that is compatible with the Department’s product. k. The CHCPH-MCO’s MIS must be bidirectionally bi-directionally linked to the other operational systems listed in this Agreement, in order to ensure that data captured in Encounter records accurately matches data in Member, Provider, Claims and Authorization files, and in order to enable Encounter Data to be utilized for Member profiling, Provider profiling, Claims validation, Fraud and Abuse monitoring activities, and any other research and reporting purposes defined by the Department. The Encounter Data system must have a mechanism in place to receive and process the U277 and NCPDP response files; and to store the PROMISe ICN associated with each processed Encounter Data record returned on the files. l. The PH-MCO must comply with all operationalapplicable information technology standards as defined in the Department’s Information Resource Management (IRM) Standards (formerly known as POSNet or H-Net standards). This includes compliance with the IRM Business Partner Network Connectivity Provisioning Standards for connectivity to the Commonwealth’s network. The current IRM Standards are available to the PH-MCO via a secured Internet site. The PH-MCO’s MIS must be compatible with the Department’s MIS. The PH-MCO must also comply with the Department’s Se-Government Data Exchange Standards as defined in the IRM Standards. In addition, the PH-MCO must comply with any changes made to the IRM Standards. Whenever possible, the Department will provide advance notice of at least sixty (60) days prior to the implementation of MIS or IRM changes. For more complex changes, every effort will be made to provide additional notice. m. The PH-MCO must be prepared to document its ability to expand Claims processing or MIS capacity should either or both be exceeded through the Enrollment of program Members. n. The PH-MCO must designate appropriate staff to participate in DPW directed development and implementation activities. o. Subcontractors must meet the same MIS requirements as the PH-MCO and the PH-MCO will be held responsible for MIS errors or noncompliance resulting from the action of a subcontractor. The PH-MCO must provide its subcontactors with the appropriate files and information to meet this requirement (i.e. the daily eligibility file, provider files, etc.) p. The PH-MCO's MIS shall be subject to review and approval during the Department's HealthChoices Readiness Review process as referenced in Section VI of this Agreement, Program Outcomes and Deliverables. q. Prior to any major modifications to the PH-MCO’s information system, including upgrades and/or new purchases, the PH-MCO must inform the Department in writing of the potential changes. A work plan detailing recovery effort and use of parallel system testing must be included. r. The PH-MCO must be able to accept and generate HIPAA compliant transactions as requested by Providers or the Department. s. The Department will make reference files (Drug, Procedure Code, Diagnosis Code) available to the PH-MCO on a routine basis that will allow it to effectively meet its obligation to provide services and record information consistent with requirements in this Agreement. If the PH-MCO chooses not to use these files, it is required to use comparable files to meet its obligation with this Agreement. Exhibit CC, Data Support for PH-MCOs, provides a listing of these files. Information about these files is available on the HealthChoices and ACCESS Plus Intranet site. t. The Department will make available provider informational files on a routine basis that will allow it to effectively meet its obligation consistent with requirements in this Agreement. The Contractor must use these files to record and provide provider information, and to reconcile their provider file with the Department’s provider file on a regular basis. These files include the List of Active and Closed Providers (PRV-414 and/or PRV-415) file to meet the obligation to maintain valid PROMISe Provider IDs; Managed Care Affiliations (PRV- 640Q) file to meet the obligation to provide updates on the MCO Provider File (PRV-640); and NPI Crosswalk (PRV- u. The PH-MCO must have a disaster recovery plan in place, and written policies and procedures documenting the disaster recovery plan including information on system backup and recovery in the event of a disaster.

Management Information Systems. The CHC-MCO must have a comprehensive, automated, automated and integrated MIS that includes a test environment and is capable of meeting the requirements listed below and throughout this Agreement. Information on Business and Technical Standards is available on the DHS website. a. The CHC-MCO must have a minimum of the following MIS components or the capability to interface with other systems containing Participant, Provider, Claims processing, Prior Authorization, and Reference data. b. The CHC-MCO must have a an MIS sufficient MIS to support data reporting requirements specified in this Agreement. c. The CHC-MCO’s Participant management system must have the capability to receive, update and maintain Participant files consistent with specifications provided by the Department. The CHC-MCO must have the capability to provide daily updates of Participant information to Subcontractors and or Providers who have responsibility for processing Claims or authorizing services based on Participant information. d. The CHC-MCO’s Provider database must be maintained with detailed information on each Provider sufficient to support Provider payment and meet the Department's reporting and Encounter Data requirements. The CHC-MCO must be able to cross-reference its internal Provider identification number to the correct MMIS Provider ID and NPI number in the Department’s MMIS for each location at which the Provider renders services for the CHC-MCO. The CHC-MCO must verify that each Network Provider service location is enrolled and active with MA, MA and that information for all service locations is maintained in its own system. The CHC-MCO must verify that each Network Provider’s license information is valid in the Department’s MMIS and must outreach to Network Providers to stress the importance of maintaining up to date information in the Department’s MMIS. The CHC-MCO must require that Network Providers with specific Provider types and specialties have the same Provider types and specialties in the Department’s MMIS for each service location. e. The CHC-MCO’s Claims Processing system must have the capability to process Claims consistent with timeliness and accuracy requirements identified in this Agreement. f. The CHC-MCO’s Prior Authorization system must be linked with its Claims Processing component. g. The CHC-MCO’s MIS must be able to maintain its Claims history with sufficient detail to meet all Department reporting and Encounter Data requirements. h. The CHC-MCO’s credentialing system must have the capability to store and report on Provider-specific data sufficient to meet the Department’s credentialing requirements and those listed in Exhibit F, Quality Management and Utilization Management Program Requirements. i. The CHC-MCO must have sufficient telecommunication capabilities, including email, to meet the requirements of this Agreement. j. The CHC-MCO must have the capability to electronically exchange transfer data files with the Department and the IEB. The CHC-MCO must use a secure FTP product that is compatible with the Department’s product. k. The CHC-MCO’s MIS must be bidirectionally linked to all operationaloperational systems listed in this Agreement, so that data captured in Encounter records accurately matches data in Participant, Provider, Claims and Prior Authorization files. Encounter Data will be utilized for: • Participant and Provider profiling, • Claims validation, • Fraud, Waste, and Abuse monitoring activities, • Rate setting, and • Any other research and reporting purposes defined by the Department. l. The CHC-MCO must comply with the Department’s Business and Technical Standards including connectivity to the Commonwealth’s network for Extranet access. The CHC-MCO must also comply with any changes made to these Standards. The CHC-MCO must comply with the Department’s Se-Government Data Exchange Standards. The CHC-MCO’s MIS must be compatible with the Department’s MMIS. Whenever possible, the Department will provide advance notice of at least sixty (60) days prior to the implementation of changes. For more complex changes, the Department will make every reasonable effort to provide additional notice. m. The CHC-MCO must be prepared to document its ability to expand claims processing or MIS capacity should either be exceeded through the Enrollment of Participants. n. The CHC-MCO must designate appropriate staff to participate in Department-directed development and implementation activities. o. The CHC-MCO must have formalized System Development Life Cycle processes, procedures, controls, and governance frameworks in place for management of its MIS and affiliated infrastructure; affiliated application, technology, and infrastructure roadmaps in place that outline the current capabilities and future direction of the MIS; and procedures for when CHC-MCO and DHS representatives will be engaged to address current and future business needs and requirements. p. Subcontractors must meet the same MIS requirements as the CHC- MCO, and the CHC-MCO will be held responsible for MIS errors or noncompliance resulting from the action of a Subcontractor. The CHC-MCO must provide its Subcontractors with the appropriate files and information to meet this requirement (e.g., the 834 Daily Eligibility File, Provider files). q. The CHC-MCO's MIS shall be subject to review and approval during the Department's Readiness Review process. r. The CHC-MCO must maintain the security of Commonwealth data and information including: • Compliance with all applicable Federal and State statutes and regulations regarding security standards, • Demonstration that specific controls are in place to safeguard MIS and Commonwealth data and information, and • Demonstration of procedures for mitigating data breaches. s. Prior to any major modifications to the CHC-MCO’s MIS system, including upgrades and new purchases, the CHC-MCO must inform the Department in writing of the potential changes at least six (6) months prior to the change. The CHC-MCO must provide a work plan detailing recovery efforts and the use of parallel system testing. t. The CHC-MCO must be able to accept and generate HIPAA-compliant transactions as required in the ASC X12 Implementation Guides. u. The Department will make Drug, Procedure Code, and Diagnosis Code reference files available to the CHC-MCO on a routine basis to allow it to effectively meet its obligation to provide services and record information consistent with requirements in this Agreement. Information about these files is available on the Pennsylvania HealthChoices Extranet. If the CHC-MCO chooses not to use these files, it must document the use of comparable files to meet its obligation with this Agreement. v. The Department will supply Provider files on a routine basis to allow it to effectively meet its obligation to provide services and record information consistent with requirements in this Agreement. These files include: • List of Active and Closed Providers (PRV414 and PRV415) • NPI Crosswalk (PRV430) • Provider Revalidation File (PRV720) • Special Indicators (PRV435) • Network Provider File (Managed Care Affiliates, PRV640Q) The CHC-MCO must use the PRV414 or PRV415 files with the PRV430 on a monthly basis to reconcile its Provider database with that of the Department to confirm: • All participating Providers are enrolled in MA for all service locations as defined by MA enrollment rules, • Participating Provider license information is valid, • Provider Types and Specialties match, and • Each Provider’s NPI, taxonomy, and nine-digit zip code for each service location match. CHC-MCOs must use the PRV640Q to reconcile Provider information previously submitted on the Network Provider file (PRV640M). w. The CHC-MCO must have a disaster recovery plan in place with written policies and procedures containing information on system backup and recovery in the event of a disaster. x. The CHC-MCO must reconcile the 820 Capitation Payment file with its internal membership information and report any discrepancies to the Department within thirty (30) days. y. To support the CHC-MCO in meeting the requirements of this agreement, the Department will provide access to the following systems: • The Department’s MMIS • Pennsylvania HealthChoices Extranet • Client Information System (CIS) • Docushare

Management Information Systems. The CHC-MCO must have a comprehensive, automated, automated and integrated health MIS that includes a test environment and is capable of meeting the requirements listed below and throughout this Agreementagreement. Information on Business and Technical Standards is available See the information provided on the DHS websiteInternet at the following link: ▇▇▇▇://▇▇▇.▇▇▇.▇▇.▇▇▇/provider/busandtechstandards/index.htm. a. The CHC-MCO must have at a minimum of the following MIS components or the capability to interface with other systems containing Participantthis information: Participants, Provider, Claims processing, Prior Authorization, and Reference dataReference. b. The CHC-MCO must have a an MIS sufficient MIS to support data reporting requirements specified in this Agreementthisagreement. c. The CHC-MCO’s Participant management system must have the capability to receive, update and maintain the CHC-MCO's Participant files consistent with specifications information provided by the Department. The CHC-CHC- MCO must have the capability to provide daily updates of Participant information to Subcontractors and subcontractors or Providers who have with responsibility for processing Claims or authorizing services based on Participant information. d. The CHC-MCO’s MCO must maintain its Provider database must be maintained file with detailed information on each Provider sufficient to support Provider payment and meet the Department's reporting and Encounter Data requirements. The CHC-MCO must be able to cross-reference its internal Provider identification number to the correct MMIS PROMISe™ Provider ID and and/or the Provider’s NPI number in the Department’s MMIS PROMISe™ for each location at in which the Provider renders services for the CHC-MCO. The CHC-MCO must verify that each Network Provider service location is enrolled and active with MA. In addition, and that information for the CHC-MCO must maintain all service locations is maintained in its their own system. The CHC-CHC- MCO must verify that each Network Provider’s license information is valid in the Department’s MMIS PROMISe, and must outreach to Network Providers to stress the importance of maintaining up to date information in the Department’s MMISPROMISe. The CHC-MCO must require its Network Providers with a specific Provider types and specialties type/specialty have the same Provider types and specialties type/specialty in the Department’s MMIS PROMISe for each service location. e. The CHC-MCO’s Claims Processing processing system must have the capability to process Claims consistent with timeliness and accuracy requirements identified in this Agreementthisagreement. f. The CHC-MCO’s Prior Authorization system must be linked with its the Claims Processing processing component. g. The CHC-MCO’s MIS must be able to maintain its Claims history with sufficient detail to meet all Department reporting and Encounter Data requirements. h. The CHC-MCO’s credentialing system must have the capability to store and report on Provider-Provider specific data sufficient to meet the Department’s Provider credentialing requirements and outlined in the framework provided by the Department as well as those listed in Exhibit FK(1), Quality Management and Utilization Management Program Requirements. i. The CHC-MCO must have sufficient telecommunication capabilities, including emailelectronic mail, to meet the requirements of this Agreement. j. The CHC-MCO must have the capability to electronically exchange data files with the Department and the IEBIEE. The CHC-MCO must use a secure FTP product that is compatible with the Department’s productdata exchange standard within the Department’s Business and Technical Standards. k. The CHC-MCO’s MIS must be bidirectionally linked to the other operational systems listed in this agreement, in order that data captured in Encounter records accurately matches data in Participant, Provider, Claims and authorization files, and in order to enable Encounter Data to be utilized for Participant profiling, Provider profiling, Claims validation, Fraud and Abuse monitoring activities, rate setting and any other research and reporting purposes defined by the Department. The Encounter Data system must have a mechanism in place to receive and process the U277 and NCPDP response files; and to store the PROMISe™ ICN claim identifier associated with each processed Encounter Data record returned on the files. l. The CHC-MCO must comply with all operationalapplicable business and technical standards at stated in Appendix 1, CHC RFP. The CHC-MCO must comply with the standards for connectivity to the Commonwealth’s network. The CHC-MCO’s MIS must be compatible with the Department’s MIS. The CHC-MCO must also comply with the Department’s Se-Government Data Exchange Standards. In addition, the CHC-MCO must comply with any changes made to the Commonwealth's Business and Technical Standards and demonstrate their capacity to manage all business transactions and performance requirements. Whenever possible, the Department will provide advance notice of at least sixty (60) days prior to the implementation of changes. For more complex changes, the Department will make every effort to provide additional notice. m. The CHC-MCO must have the ability to expand claims processing or MIS capacity should either or both be exceeded through the Enrollment of Participants. n. The CHC-MCO must designate appropriate staff to participate in DHS directed development and implementation activities. o. The CHC-MCO must have formalized System Development Life Cycle processes, procedures, controls, and governance frameworks in place for management of its MIS and affiliated infrastructure; affiliated application, technology, and infrastructure roadmaps in place that outlines the current capabilities and future direction of the MIS; and procedures for when CHC-MCO and DHS representatives will be engaged to address current and future business needs and requirements. p. The CHC-MCO must require subcontractors to meet the same MIS requirements as the CHC-MCO and the CHC-MCO will be held responsible for MIS errors or noncompliance resulting from the action of a subcontractor. The CHC-MCO must provide its subcontractors with the appropriate files and information to meet this requirement (i.e. the Daily Eligibility File, Provider files, etc.) q. The CHC-MCO's MIS shall be subject to review and approval during the Department's Readiness Review process. r. The CHC-MCO must maintain the security of Commonwealth data and information. This includes; compliance with all applicable federal and state laws and regulations regarding security standards; demonstration that specific controls are in place to safeguard MIS and Commonwealth data and information; demonstration of procedures for mitigating data breaches; s. Prior to any major modifications to the CHC-MCO’s MIS system, including upgrades and/or new purchases, the CHC-MCO must inform the Department in writing of the potential changes at least 60 days prior to the change. The CHC-MCO must include a work plan detailing recovery effort and use of parallel system testing. t. The CHC-MCO must accept and generate HIPAA compliant transactions as required in the ASC X12 Implementation Guides. u. The Department will make reference files (Drug, Procedure Code, Diagnosis Code) available to the CHC-MCO on a routine basis that will allow it to effectively meet its obligation to provide services and record information consistent with requirements in this Agreement. If the CHC-MCO chooses not to use these files, it must use comparable files. Exhibit Q, Data Support for CHC-MCOs, provides a listing of these files. Information about these files is available on the CHC Intranet. v. The Department will make available Provider informational files on a routine basis that will allow the CHC-MCO to effectively meet its obligation consistent with requirements in this Agreement. The CHC- MCO must use these files to record and provide Provider information, and to reconcile their Provider file with the Department’s Provider file on a regular basis. These files include the List of Active and Closed Providers (PRV-414 and/or PRV-415) file to meet the obligation to maintain valid PROMISe Provider IDs; Managed Care Affiliations (PRV-640Q) file to meet the obligation to provide updates on the MCO Provider File (PRV-640); and NPI Crosswalk (PRV-430) file to provide all NPI records active with the Department. Exhibit Q, Data Support for CHC-MCOs, provides a listing of these files. Information about these files is available on the Intranet supporting CHC. w. The CHC-MCO must have a disaster recovery plan in place, and written policies and procedures documenting the disaster recovery plan including information on system backup and recovery in the event of a disaster. The CHC-MCO must demonstrate their routine back-up and recovery mechanisms, processes, and procedures. x. In addition to the CHC-MCO reconciling the 834 daily and monthly Participants files against its internal Participant information as referenced in Section V.O.1. Participant Files, the CHC-MCO must reconcile the 820 capitation payment file against its internal Participant information, and report any discrepancies to the Department with thirty (30) days.

Management Information Systems. The CHCPH-MCO must have a comprehensive, automated, automated and integrated MIS health management information system (MIS) that includes a test environment and is capable of meeting the requirements listed below and throughout this Agreement. See Management Information on Business System and Technical System Performance Review Standards is available for MIS and Systems Performance Review (SPR) Standards provided by the Department on the DHS websiteHealthChoices and ACCESS Plus Intranet. a. The CHCPH-MCO must have at a minimum of the following components to its MIS components or the capability to interface with link to other systems containing Participantthis information: Membership, Provider, Claims processing, Prior Authorization, and Reference datareference. b. The CHCPH-MCO must have a an MIS sufficient MIS to support data reporting requirements specified in this Agreement. c. The CHC-MCO’s Participant membership management system must have the capability to receive, update and maintain Participant the PH-MCO's membership files consistent with specifications information provided by the Department. The CHCPH-MCO must have the capability to provide daily updates of Participant membership information to Subcontractors and subcontractors or Providers who have with responsibility for processing Claims or authorizing services based on Participant membership information. d. The CHCPH-MCO’s Provider database file must be maintained with detailed information on each Provider sufficient to support Provider payment and also meet the Department's reporting and Encounter Data requirements. The CHCPH-MCO must also be able to cross-reference its their internal Provider identification number to the correct MMIS PROMISe™ Provider ID and NPI number in and/or the Department’s MMIS for each location at which the Provider renders services for the CHC-MCO. The CHC-MCO must verify that each Network Provider service location is enrolled and active with MA, and that information for all service locations is maintained in its own system. The CHC-MCO must verify that each Network Provider’s license information is valid in the Department’s MMIS and must outreach to Network Providers to stress the importance of maintaining up to date information in the Department’s MMIS. The CHC-MCO must require Network Providers with specific Provider types and specialties have the same Provider types and specialties in the Department’s MMIS for each service locationNPI number. e. The CHCPH-MCO’s Claims Processing processing system must have the capability to process Claims consistent with timeliness and accuracy requirements identified in this Agreement. f. The CHCPH-MCO’s Prior Authorization system must be linked with its the Claims Processing processing component. g. The CHCPH-MCO’s MIS must be able to maintain its Claims history with sufficient detail to meet all Department reporting and Encounter Data requirements. h. The CHCPH-MCO’s credentialing system must have the capability to store and report on Provider-Provider specific data sufficient to meet the Department’s Provider credentialing requirements and those listed in Exhibit FM(1), Quality Management and Utilization Management Program Requirements, of this Agreement. i. The CHCPH-MCO must have sufficient telecommunication capabilities, including emailelectronic mail, to meet the requirements of this Agreement. j. The CHCPH-MCO must have the capability to electronically exchange transfer data files with the Department Department, the EAP contractor, and the IEBPROMISe™ contractor. The CHCPH-MCO must use a secure FTP product that is compatible with the Department’s product. k. The CHCPH-MCO’s MIS must be bidirectionally bi-directionally linked to the other operational systems listed in this Agreement, in order to ensure that data captured in Encounter records accurately matches data in Member, Provider, Claims and Authorization files, and in order to enable Encounter Data to be utilized for Member profiling, Provider profiling, Claims validation, Fraud and Abuse monitoring activities, and any other research and reporting purposes defined by the Department. The Encounter Data system must have a mechanism in place to receive and process the U277 and NCPDP response files; and to store the PROMISe ICN associated with each processed Encounter Data record returned on the files. l. The PH-MCO must comply with all operationalapplicable information technology standards as defined in the Department’s Information Resource Management (IRM) Standards (formerly known as POSNet or H-Net standards). This includes compliance with the IRM Business Partner Network Connectivity Provisioning Standards for connectivity to the Commonwealth’s network. The current IRM Standards are available to the PH-MCO via a secured Internet site. The PH-MCO’s MIS must be compatible with the Department’s MIS. The PH-MCO must also comply with the Department’s Se-Government Data Exchange Standards as defined in the IRM Standards. In addition, the PH-MCO must comply with any changes made to the IRM Standards. Whenever possible, the Department will provide advance notice of at least sixty (60) days prior to the implementation of MIS or IRM changes. For more complex changes, every effort will be made to provide additional notice. m. The PH-MCO must be prepared to document its ability to expand Claims processing or MIS capacity should either or both be exceeded through the Enrollment of program Members. n. The PH-MCO must designate appropriate staff to participate in DPW directed development and implementation activities. o. Subcontractors must meet the same MIS requirements as the PH-MCO and the PH-MCO will be held responsible for MIS errors or noncompliance resulting from the action of a subcontractor. The PH-MCO must provide its subcontactors with the appropriate files and information to meet this requirement (i.e. the daily eligibility file, provider files, etc.) p. The PH-MCO's MIS shall be subject to review and approval during the Department's HealthChoices Readiness Review process as referenced in Section VI of this Agreement, Program Outcomes and Deliverables. q. Prior to any major modifications to the PH-MCO’s information system, including upgrades and/or new purchases, the PH-MCO must inform the Department in writing of the potential changes. A work plan detailing recovery effort and use of parallel system testing must be included. r. The PH-MCO must be able to accept and generate HIPAA compliant transactions as requested by Providers or the Department. s. The Department will make reference files (Drug, Procedure Code, Diagnosis Code) available to the PH-MCO on a routine basis that will allow it to effectively meet its obligation to provide services and record information consistent with requirements in this Agreement. If the PH-MCO chooses not to use these files, it is required to use comparable files to meet its obligation with this Agreement. Exhibit CC, Data Support for PH-MCOs, provides a listing of these files. Information about these files is available on the HealthChoices and ACCESS Plus Intranet site. t. The Department will make available provider informational files on a routine basis that will allow it to effectively meet its obligation consistent with requirements in this Agreement. The Contractor must use these files to record and provide provider information, and to reconcile their provider file with the Department’s provider file on a regular basis. These files include the List of Active and Closed Providers (PRV-414 and/or PRV-415) file to meet the obligation to maintain valid PROMISe Provider IDs; Managed Care Affiliations (PRV- 640Q) file to meet the obligation to provide updates on the MCO Provider File (PRV-640); and NPI Crosswalk (PRV-

Management Information Systems. ‌ The CHC-MCO must have a comprehensive, automated, automated and integrated health MIS that includes a test environment and is capable of meeting the requirements listed below and throughout this Agreementagreement. Information on Business and Technical Standards is available on See the information provided onthe DHS website.Internet at the following link: (added at a later time).‌ a. The CHC-MCO must have at a minimum of the following components to its MIS components or the capability to interface with link to other systems containing Participantthis information: Participants, Provider, Claims processing, Prior Authorization, and Reference data.Reference.‌ b. The CHC-MCO must have a an MIS sufficient MIS to support data reporting requirements specified in this Agreement.agreement.‌ c. The CHC-MCO’s Participant management system must have the capability to receive, update and maintain the CHC-MCO's Participant files consistent with specifications information provided by the Department. The CHC-MCO must have the capability to provide daily updates of Participant information to Subcontractors and subcontractors or Providers who have with responsibility for processing Claims or authorizing services based on Participant information.information.‌ d. The CHC-MCO’s Provider database file must be maintained with detailed information on each Provider sufficient to support Provider payment and also meet the Department's reporting and Encounter Data requirements. The CHC-MCO must also be able to cross-reference its internal Provider identification number to the correct MMIS PROMISe™ Provider ID and and/or the Provider’s NPI number in the Department’s MMIS PROMISe™ for each location at in which the Provider renders services for the CHC-MCO. The CHC-MCO must verify ensure that each Network Provider provider service location is enrolled and active with MAMedical Assistance. In addition, and that information for the CHC-MCO must maintain all service locations is maintained in its their own system. The CHC-MCO must verify ensure that each Network Provider’s license information is kept valid in the Department’s MMIS PROMISe, and must outreach to Network their Providers to stress the importance of maintaining up to date information in PROMISe. Additionally, the Department’s MMIS. The CHC-MCO must require Network ensure that Providers enrolled in their‌ network with a specific Provider types and specialties type/specialty have the same Provider types and specialties type/specialty in the Department’s MMIS PROMISe for each service location.location.‌‌ e. The CHC-MCO’s Claims Processing processing system must have the capability to process Claims consistent with timeliness and accuracy requirements identified in this Agreement.agreement.‌ f. The CHC-MCO’s Prior Authorization system must be linked with its the Claims Processing component.processing component.‌ g. The CHC-MCO’s MIS must be able to maintain its Claims history with sufficient detail to meet all Department reporting and Encounter Data requirements.requirements.‌ h. The CHC-MCO’s credentialing system must have the capability to store and report on Provider-Provider specific data sufficient to meet the Department’s Provider credentialing requirements and those listed in Exhibit FM(1), Quality Management and Utilization Management Program Requirements., of this agreement.‌ i. The CHC-MCO must have sufficient telecommunication capabilities, including emailelectronic mail, to meet the requirements of this Agreement.agreement.‌ j. The CHC-MCO must have the capability to electronically exchange transfer data files with the Department and the IEBIEE. The CHC-MCO must use a secure FTP product that is compatible with the Department’s product.product.‌ k. The CHC-MCO’s MIS must be bidirectionally linked to the other operational systems listed in this agreement, in order that data captured in Encounter records accurately matches data in Participant, Provider, Claims and authorization files, and in order to enable Encounter Data to be utilized for Participant profiling, Provider profiling, Claims validation, Fraud and Abuse monitoring activities, rate setting and any other research and reporting purposes defined by the Department. The Encounter Data system must have a mechanism in place to receive and process the U277 and NCPDP response files; and to store the PROMISe™ ICN associated with each processed Encounter Data record returned on the files.‌ l. The CHC-MCO must comply with all operationalapplicable business and technical standards available on the DHS Internet site at the following link: ▇▇▇▇://▇▇▇.▇▇▇.▇▇▇▇▇.▇▇.▇▇/cs/groups/webcontent/document s/communication/p_031942.pdf. This includes compliance with the standards for connectivity to the Commonwealth’s network. The CHC-MCO’s MIS must be compatible with‌‌‌‌ the Department’s MIS. The CHC-MCO must also comply with the Department’s Se-Government Data Exchange Standards. In addition, the CHC-MCO must comply with any changes made to the Commonwealth's Business and Technical Standards. Whenever possible, the Department will provide advance notice of at least sixty (60) days prior to the implementation of changes. For more complex changes, every effort will be made to provide additional notice.‌ m. The CHC-MCO must be prepared to document its ability to expand claims processing or MIS capacity should either or both be exceeded through the Enrollment of Participants.‌ n. The CHC-MCO must designate appropriate staff to participate in DHS directed development and implementation activities.‌ o. Subcontractors must meet the same MIS requirements as the CHC-MCO and the CHC-MCO will be held responsible for MIS errors or noncompliance resulting from the action of a subcontractor. The CHC-MCO must provide its subcontractors with the appropriate files and information to meet this requirement (i.e. the daily eligibility file, Provider files, etc.)‌ p. The CHC-MCO's MIS shall be subject to review and approval during the Department's Community HealthChoices Readiness Review process as referenced in Section VI of this agreement, Program Outcomes and Deliverables.‌ q. Prior to any major modifications to the CHC-MCO’s information system, including upgrades and/or new purchases, the CHC-MCO must inform the Department in writing of the potential changes at least 60 days prior to the change. The CHC-MCO must include a work plan detailing recovery effort and use of parallel system testing.‌ r. The CHC-MCO must be able to accept and generate HIPAA compliant transactions as required in the ASC X12 Implementation Guides.‌ s. The Department will make reference files (Drug, Procedure Code, Diagnosis Code) available to the CHC-MCO on a routine basis that will allow it to effectively meet its obligation to provide services and record information consistent with requirements in this agreement. If the CHC-MCO chooses not to use these files, it must use comparable files to meet its obligation with this agreement. Exhibit CC, Data Support for CHC-MCOs, provides a listing of these files. Information about these files is available on the Intranet supporting CHC.‌ t. The Department will make available Provider informational files on a routine basis that will allow the CHC-MCO to effectively meet its obligation consistent with requirements in this agreement. The CHC-MCO must use these files to record and provide Provider information, and to reconcile their Provider file with the Department’s Provider file on a regular basis. These files include the List of Active and Closed Providers (PRV-414 and/or PRV-415) file to meet the obligation to maintain valid PROMISe Provider IDs; Managed Care Affiliations (PRV-640Q) file to meet the obligation to provide updates on the MCO Provider File (PRV-640); and NPI Crosswalk (PRV-430) file to provide all NPI records active with the Department. Exhibit CC, Data Support for CHC- MCOs, provides a listing of these files. Information about these files is available on the Intranet supporting CHC. u. The CHC-MCO must have a disaster recovery plan in place, and written policies and procedures documenting the disaster recovery plan including information on system backup and recovery in the event of a disaster.‌ v. In addition to the CHC-MCO reconciling the 834 daily and monthly Participants files against its internal Participant information as referenced in Section V.F.10 of this agreement, the CHC-MCO must also reconcile the 820 capitation payment file against its internal Participant information, and report any discrepancies to the Department with thirty (30) days.‌