Connectivity Director SM

Transcription

1 Connectivity Director SM HL7 EDI Connection System User Guide Version 14.3 October UnitedHealthcare

2 Change Log Version Release Date Changes June 28, October 4, 2010 Changes to this guide: Section 4.3: A new section warning against the use of raw FTP commands has been added. Changes to this guide: Screenshots throughout the guide have been updated to reflect a new look and feel. The following changes are for 2.2 Registration: There is a new option for submitters to specify their connection protocol(s) on the account request page. A help window with detailed information about protocols is linked to this option. This is a required field. UnitedHealthcare s user agreement is now linked to the account request page. The Contact Information page features a +4 capability now in the ZIP Code field. The +4 is an optional addition to this field. Fields for submitters to enter technical contact information have been placed on the account request page. Screenshots have been updated to reflect the options for submitting specific transaction types by standard/version (X , X , and HL7). The Settings page in the submitter interface is now accessible via a tab. The Settings link that appeared in the upper-right corner of the interface has been removed. Screenshots in this guide have been updated to reflect this enhancement. Section 4.4: The Home page screenshot has been updated to show the Guides links enclosed in a box in the bottom-right corner. Various screenshots in this guide have been updated to reflect that the interface no longer displays links to the Privacy Policy and Terms and Conditions on each page.

3 Version Release Date Changes Screenshots throughout this guide have been updated to reflect that telephone number fields now accommodate 12-digit numbers. A five-digit extension field (optional use) has been added. Section 3.5: This section has been revised to show how a user requests production on the Transaction Types page of the interface. Section 4.3: A new section warning against the use of raw FTP commands has been added. Screenshot for US 7560? Section 10.4: This section has been revised to reflect the addition of a new template for uploading multiple providers to an account. A report showing what was uploaded is accessible via a link. Section 10.4: This section has been updated to reflect that individual providers can now be added to an account with the relevant transaction type by transaction version. Section 10.4: This section has been updated to reflect that a submitter can search for other providers on the account and export them to Excel or PDF. This guide has been updated to show a new page that provides details about a provider which is accessible by clicking the Provider Name. The new page shows all transactions by version. The submitter can view and request to do the following on this page: change the status each transaction type by version of transactions sent, add transaction types by version to the provider, and navigate to the transaction version page, and select new transaction types by version and entering estimated transaction volume. This guide has been update to reflect that submitters can now request a new transaction standard type on the Transaction Types page in the Settings section of the interface. 3.3 April 28, 2011 Changes to this guide: Section 2.2: Registration has been updated to reflect that the Escalation Contact Information now displays

4 Version Release Date Changes by default. Section 10.6: Requesting a New Transaction Standard has been updated to reflect screenshot changes. 3.4 June 13, August 10, May 12, July 9, April 4, 2013 Change to this guide: References to CDA have been added where appropriate. Section 3.0: Testing with the Payer has been revised. Section 3.6 is now a new section called Testing the HL7 CDA Document Submission, and subsequent sections in 3.0 have been re-numbered. Changes to this guide: Section 2.2: Registration has been updated to reflect that the system now enforces a 20-character limit on the company name and the user name is case sensitive. Section 4.5: Passwords has been updated to reflect that a password cannot be changed more than once during a 24-hour period. Changes to this guide: Various sections have been updated to reflect new HL7-Bio transaction submission capabilities. Changes to this guide: Screenshots have been updated to reflect the removal of ASC X functionality from the user interface. Changes to this guide: Section 4.5 has been updated to reflect that a user cannot re-use any of the previous ten system login passwords. Previously the password re-use limit was the previous three passwords. Section 10.1 has been updated to correct a subhead in a screenshot for the Submission Log page. On the Submission Log page, the subheading said

5 Version Release Date Changes Submission Details instead of Submission Log June 27, October 8, January 21, April 15, July 8, October 14, 2014 Changes to this guide: Section 10.9: PGP Key & Service Agreement and Section B.3: Example Using Commercial PGP Desktop Software have been updated with new PGP Public Key & Service Agreement screenshots showing the new Clear Key button. This button clears content from the PGP Key text field. Changes to this guide: Section 2.3: Testing Overview has been updated to explain that Connectivity Director now identifies all HL7 (BIO and ORU) files without the use of a file extension (except the Quest biometric file). Section 10.10: Sub-accounts has been added to describe how to add and manage sub-accounts. This section also includes new information for this release about how to unlock a sub-account after the login attempt threshold has been exceeded. Changes to this guide: Sections 2.2: Registration and 10:9: PGP Key, SFTP Authorized Key & Service Agreement have been updated to include new screenshots and information about entering an SFTP authorized key for submitting files. There are no changes to this guide for this release. There are no changes to this guide for this release. There are no changes to this guide for this release.

6 Table of Contents 1.0: Introduction... 1 Connectivity Director SM User Guide : Scope : Overview... 1 Prerequisites : Privacy and Security... 2 Internet Privacy and Security Policy... 2 Protecting Your Confidential Information... 2 Your Data is Safe : Additional Information : Getting Started : Working with Connectivity Director : Registration : Testing Overview : Testing With the Payer : How to Submit a Test File Manually : How to Get File Reports : Testing and Production Phases : Phase 1: Testing EDI Connections (Using Limited Test Data) : Testing the HL7 ORU R01 Laboratory Result Message : Testing the HL7 CDA Document Submission : Testing the HL7 BIO Document Submission : To Request Production : Phase II: Production : Connectivity Director Communication Protocols : Process Flows : Transmission Administrative Procedures : Communication Protocol Specifications : Programmatically Uploading and Retrieving Data : Passwords... 30

7 5.0: Contact Information : EDI Customer Support : Control Segments/Envelopes : HL7 Enveloping Requirements : Payer-Specific Business Rules and Limitations : Acknowledgments and Reports : Reports Inventory for HL7 Submissions : Trading Partner Agreements : Other Connectivity Director Functionality (User Interface) : Submissions : Responses : User Log : Messages : Adding Providers to Your Account Requesting a New Transaction Standard Account Information Contact Information PGP Key, SFTP Authorized Key & Service Agreement : Sub-accounts Appendix A: Java Code Connection A.1: Java Program (Request) A.2: Java Program (Post) A.3: Java Output A.4: Multi-part Form Data Section Appendix B: PGP Encryption with FTP B.1 Basic Requirements B.2: Example Using Open-Source GPG B.3 Example Using Commercial PGP Desktop Software Appendix C: FTPS Client Configuration... 76

8 1.0: Introduction Connectivity Director SM User Guide Section 1 covers information for any entity wishing to process transactions with the payer, and applies to all types of transactions (e.g., claim, remittance advice, eligibility inquiry, etc.). Section 2 explains how to create a Connectivity Director account and provides information about UnitedHealthcare requirements and practices regarding HL7 message submission. Providers and clearinghouses connected indirectly to the payer through a thirdparty clearinghouse can use the Section 2 information for guidance, but should also contact the third party for their documentation. 1.1: Scope This document should be used as a guide for the use of the UnitedHealthcare Connectivity Director SM system. Connectivity Director is a system through which health care submitters can submit EDI transactions to and receive EDI transactions from a payer. Connectivity Director also allows submitters who are contracted with UHG for submission of lab results data to submit HL7 messages containing laboratory results. If you do not know how to create a health care EDI transaction, please go to > Claims & Payments > Electronic Claims Submission for information about EDI options available to you. 1.2: Overview This companion document is split into multiple sections: Getting Started Testing and Production Connectivity Contact Information Acknowledgments and Reports Trading Partner Agreements Additional Screens in the User Interface Connectivity Director is a system used to transport health care EDI files directly between submitters and the payer. The system s functionality is accessible via a web-based interface. This document describes how a submitter uses the system to submit files and receive acknowledgments and reports. 1

9 Prerequisites Before you use Connectivity Director, it is important for you to determine your compatibility in relation to Connectivity Director. Note the following requirements: You must be able to send HL7 version 2.5 ORU R01 messages that comply with the UHG ORU R01 companion guide. You must be able to extract information from your system and interpret it. You must have sufficient EDI technical knowledge to make adjustments to your system, as necessary. You must be able to interact with Connectivity Director, either programmatically or via the web-based user interface. The UHG HL7 companion guide for ORU R01 messages is available at 1.3: Privacy and Security Internet Privacy and Security Policy UnitedHealthcare Connectivity Director is a product managed by Optum, a division of UnitedHealth Group. Optum is very sensitive to privacy issues. We respect your right to privacy and feel it is important for you to know how we handle the information we receive from you via the Internet. Additionally, our online and offline business practices are in full compliance with the privacy requirements under the Health Insurance Portability and Accountability Act (HIPAA). Protecting Your Confidential Information We have taken precautionary measures to make all information received from our online visitors as secure as possible against unauthorized access and use. We do not sell or share your information to companies outside of our organization. However, it may be necessary for us to provide your information to contracted external partners in order to respond to your inquiries and to provide you with services on our behalf. They may only use the information provided for the specified use and project. Your Data is Safe We have appropriate security measures in place in our physical facilities to protect against the loss, misuse or alteration of information that we have collected from you at our site. 2

10 1.4: Additional Information This document was developed to provide users of Connectivity Director the information they need to know in order to exchange Electronic Data Interchange (EDI) transactions with the payer. It assumes a user has a working level of EDI knowledge. Therefore, the document focuses on the use of the Connectivity Director system and does not provide background information on EDI transactions and their use. 2.0: Getting Started This document describes how a submitter uses the Connectivity Director system to interface with the payer. We highly recommend that you read this guide in its entirety before using the system. 2.1: Working with Connectivity Director The Connectivity Director system is very flexible. Flexibility also means some complexity and many configuration options. You probably are interested in finding out how to get connected with the minimum amount of work so you can start to send and receive files as soon as possible. This guide includes the instructions you will need. But remember, you will need to read the entire guide in order to take advantage of the full functionality of the system. Note that the Connectivity Director interface has been tested using Internet Explorer : Registration The first step to use the Connectivity Director system is to request an account. This is a simple process accomplished online. Open a web browser and go to the URL for Connectivity Director: Click the Register for an account link to display the Before You Register page. 3

11 Note that your system must be capable of generating ASC X12 and/or HL7 files and interpret EDI information and make necessary adjustments to it. If you have questions about ASC X12 or HL7 files, click the applicable help link for more information. Click Yes, we generate X12 and/or HL7 files to display the Request an Account - Getting Started page. 4

12 Complete the Sign In Information, Account Security, Submission IDs, Account Type Information, and Connectivity Information fields that will be associated with your account. Note that the username is case sensitive. If you need assistance from the payer to acquire a number to be used as your ediid, contact Customer Support: Contact: Customer Support Phone: UnitedHelpDesk@ediconnect.com Hours: M-F 8:00 a.m. 5:00 p.m. Eastern Time Note the Help link for the Connectivity Information section. Click on the link to display a help window with details about available connection protocols. Ensure that you are familiar with the connection protocol you will use. Click Next to display the Transaction Standard/Version Selection page. 5

13 Select the standard/version you will submit: HL7. Note that you can select transaction types by all standards and both versions of ASC X12. Also note that you will need to specify a transaction standard/type and enter the necessary information before the Next button on this page becomes functional. Select the HL7-ORU, HL7-CDA, or HL7-Bio checkbox (depending on which type(s) of HL7 transaction you want to submit), then enter the volume(s) that you expect to send/receive (monthly count) in the Estimated Monthly Transactions field. When you are finished entering transaction standard/type information, click Submit to return to the Transaction Standard/Version Selection page. There, click Next to continue to the Contact Information page. 6

14 Enter all applicable information; fields with asterisks are required. Note that the company name is limited to a maximum of 20 characters. Then click Next to display the Confirm and Submit page. 7

15 If you will use PGP for file transmission, copy and paste your PGP Public Key into the PGP Public Key field. If you will use SFTP Authorized Key for file transmission, copy and paste your key into the SFTP Authorized Key field. If you will use SFTP Authorized Key for file transmission, copy and paste your key into the SFTP Authorized Key field. Note that there are secure transmission options that encrypt data as it is transmitted and therefore do not require the use of PGP encryption. The options that do not require PGP encryption are: FTP over SSL Batch (FTPS). See Section 4.3 for information about using FTPS. Programmatic file submission via HTTPS post File submission via a browser interface (secured by using HTTPS). See Section 3.0 for information about using the browser to upload files. The option that does require PGP encryption is FTP (without using SSL). See Section 4.3 for information about using FTP. NOTE: HL7 can be done only in batch mode. Real-time is not available. If you are using FTP to transfer your files to Connectivity Director, you are required to first encrypt your files with PGP (Pretty Good Privacy). Unencrypted files will not be accepted and the system will issue a return code of 451 if submitted. PGP encrypts and digitally signs your data while it is in your system, and protects it with a strong cryptographic envelope. For more information about PGP, see and also If you are using PGP, you must provide the public key in the PGP Public Key text field, either at registration or by updating the Settings section later. The public key can usually be obtained from your PGP client software. Look for a public key export function. You should cut and paste the key from your PGP software into the PGP Public Key field. 8

16 Follow the instructions in the Service Agreement section and sign the agreement electronically. This must be signed by someone who has the authority to legally bind your organization to the terms of use. Electronic Signatures You are required to provide an electronic signature at the bottom of the Settings page to use the Connectivity Director system. The use of the system is governed by the User Agreement, which is linked from that page. Please make sure you read these terms and indicate your agreement to be bound by the User Agreement by electronically signing this request form. Your electronic signature is the name of the person signing, preceded and followed by = signs. For example, if your name is John Doe the electronic signature will be =John Doe=. Make sure you start and end with the = sign, and that it is signed by a person with authority to bind your company to these Terms of Use. Note: Do not include the quotation marks shown above when you enter the signature. Click Submit when you are finished entering changes. You will be prompted if there is a validation problem in any of the fields. If any errors or mistakes are indicated after you click Submit, make the necessary corrections and click Submit again. The request will be manually reviewed. You will receive confirmation via within 24 hours. The confirmation will include instructions for using the account, including the account name and the temporary password assigned to the account. When you log in the first time, you will be required to create a new password. Note that the temporary password you are sent upon account approval is valid for only five days. You must log in within that timeframe, or the temporary password will become invalid. If your temporary password becomes invalid, you will need to contact Customer Support to receive a new temporary password. To contact Customer Support: Contact: Customer Support Phone: UnitedHelpDesk@ediconnect.com Hours: M-F 8:00 a.m. 5:00 p.m. Eastern Time If the request is denied, an explanation will be provided. You can call Customer Support at between 8 a.m. and 5 p.m. Eastern Time Monday- Friday if you have questions about the denial. The first time you access the account, and once each year thereafter, the system will require you to change the password by forcing the change in the Password section of the interface. See Section 4.5 for information about password requirements. 9

17 2.3: Testing Overview The purpose of the Connectivity Director testing phase is to provide you with a mechanism to produce the same reports and acknowledgments that are produced once you are in production. This means you can test your ability to produce correct data content and your ability to receive and process the acknowledgments and files we produce for your use. Testing with Connectivity Director allows you to send transactions to this file transport and management facility as if you were sending them to the payer. Transactions go from you to the file transport and management facility but are not forwarded to payer applications for processing as they would be in the production environment. Connectivity Director will produce reports related to your submission, and respond to the transactions in your test. The general process works as follows: You perform self-testing of transactions. You receive back a set of reports and EDI transactions that correspond to the HL7 transaction you sent. The reports will show any errors or problems that were found in the transactions sent. The errors or problems could be related to the HL7 standards, or directly to the payer companion document. You continue testing until you have resolved any problems. Then, request to have your status changed from test to production. When you request production status for HL7 messages, your request will be routed to your assigned UHN lab manager for approval. You will be notified via when your request has been approved. Some other helpful information about testing with Connectivity Director: When you have a status of testing for the HL7 ORU R01 or CDA transactions, all files you send to Connectivity Director containing HL7 ORU R01 messages will be considered test files. They will be evaluated for errors, associated reports will be generated, and you will receive an HL7 acknowledgment and an Englishlanguage validation report. Test files will not be passed to UnitedHealthcare. When you are granted production status for the HL7 ORU R01 or CDA transactions, you will still receive the HL7 acknowledgment and validation report for each file submitted. All files submitted will be routed to UnitedHealthcare. It is also important to note that you can test with more than one transaction type simultaneously. You can also be granted production status for one type of transaction and still be in test mode for other transactions. You can test manually using the submit page (described in Section 3) or you can write scripts or programs to send the files automatically. Section 4 describes the communication protocols and connection parameters. 10

18 There are no technical limits to the number of transactions you can submit in a single file. However, UnitedHealthcare recommends that you do not submit more than 5,000 records per transaction set. Files with large numbers of transactions will generate reports with large amounts of data. Keep this in mind as you prepare your systems to send files to Connectivity Director. The communication protocol is tested as a part of first-time testing. Any time a communication protocol is changed, some testing is needed. (See Section 4 for more information about communication protocols.) The communication protocols for sending transactions to Connectivity Director are the same for testing as they are for production. Connectivity Director identifies all HL7 (BIO and ORU) files without the use of a file extension (except the Quest biometric file). The logic to determine file types is as follows (in order): If the file is named LABCSV-*.CSV (case insensitive), then the file should is marked as an HL7 BIO file and is processed as an HL7 biometric file. If the characters 4-9 within the file = ^~\&, the file is an HL7 ORU file. If the characters 1-3 within the file = HH, the file is an HL7 BIO file. 3.0: Testing With the Payer The following information will walk you through the process of submitting files, getting reports, Phase I and II testing, and moving to production. 3.1: How to Submit a Test File Manually Log in to Connectivity Director and click Submit File in the main menu to display the Submit File page. You can browse to the file and click Open to copy the file path into the text field, or you can manually enter the file path in the text field. When you click Submit the file will be sent (uploaded) to Connectivity Director. The File Uploaded page displays when the file is successfully uploaded. This page lists the submission ID (a number assigned by the system to identify the file), file name, size, and other characteristics of the submission. 11

19 You can upload another file by clicking Submit Another. If you want to view various reports of submitted files, click View Reports to view the Download Files or Reports page (see the How to Get File Reports section that follows). 3.2: How to Get File Reports The Downloads section of the Connectivity Director interface provides reports of submitted files. These reports include the Submitter Report, which is a detailed report about the EDI analysis of your file. See Section 8 for a description of each report. Click Downloads in the main menu to display the Downloads page. The reports for each submission can be viewed by clicking on the appropriate hyperlinks. Click on the relevant link to display or download a report. If you need help setting up or using the Connectivity Director system, call Customer Support at weekdays between 8 a.m. and 5 p.m. Eastern Time. 3.3: Testing and Production Phases You will need to repeat the following Phase I and Phase II testing procedures for each transaction type that you want to submit. HL7 testing procedures are defined in Section

20 3.4: Phase 1: Testing EDI Connections (Using Limited Test Data) To test the EDI connection: 1. Open the Connectivity Director home page by going to 2. Log in using your user ID and password. 3. Click Submit File. 4. Browse to an HL7 file and click Submit. (Remember, unless you have been approved for production, no files will be sent to the payer s production system.) 5. Connectivity Director receives and opens the file. 6. The system performs validation of the file and creates a validation summary (Submitter Report) which can be viewed by the submitter. 7. The system displays a page indicating that the file is complete. Summary information about the file is presented. (Example: submission ID, file name, bytes received, transactions received, file MD5 [a transmission error check number], time received, submission type.) 8. Click Downloads in the main menu to review reports. The Downloads page appears; it lists various file reports. You can search or sort by file name, date, type, and size. 9. Click on a report name hyperlink. 10. The system asks if you want to open or save the report. Choose to open the report. The system displays the report selected. The report will contain summary information regarding the transaction, including routing specifications and any errors. You may also choose to save the report to your local computer. To do so, select Save to Disk and then OK in the Opening window. Locate the file on your computer and use an appropriate application to view it. 11. Repeat this process several times with various files to ensure consistent repeatability. Special information for testing: Connectivity Director allows you to send batch (but not real-time) transactions, in both test and production modes, for HL7. Upon successful testing, request permission from the payer to submit production files (see Section 3.8: To Request Production). 3.5: Testing the HL7 ORU R01 Laboratory Result Message This section identifies aspects of the testing cycle that are specific to the HL7 ORU R01 message. 13

21 The file submission process for HL7 ORU R01 is defined in Section 3.4. The process for retrieving validation reports is defined in Section 3.4. You will receive one or two reports for each file submitted. If a submitted HL7 file fails validation at a file level, you will receive a report identifying the problem with the file. If a file passes file-level validation, you will receive a human-readable report with the validation results for each message within the file, and an HL7 acknowledgment file containing the validation results for each message within the file. The English-language validation report will identify rejections at the file, batch, and message level for HL7 submissions. In the following example, the file was accepted. In this example, the file had seven batches, and all were accepted. Batch test00023 had nine messages. Eight were accepted. Message test00039 had a problem with the fourth field in the FT1 segment. When an error is identified, refer to the UHG HL7 ORU R01 companion guide for information about what is required to correctly populate the element in error. The UHG HL7 ORU R01 companion guide defines the layout for the HL7 acknowledgment produced for message-level validation. The following criteria must be met before the HL7 ORU R01 message can be moved to production for a submitter. Connectivity Director must receive three files that have no errors at the file or batch level. The acceptance rate for messages within the file must be at least 95%. 14

22 Each file should contain a representative volume of data for a daily or weekly file submission. Once these criteria are met, you may request production status for the HL7 ORU R01 message. 3.6: Testing the HL7 CDA Document Submission This section identifies aspects of the testing cycle that are specific to the CDA Document. The file submission process for CDA Documents is defined in Section 3.4. The process for retrieving validation reports is defined in Section 3.4. You will receive one or two reports for each submission. If a submitted HL7 file fails validation at a submission level, you will receive a report identifying the problem with the submission. If a submission passes submission-level validation, you will receive a human-readable report with the validation results for each document within the submission, and an XML acknowledgment file containing the validation results for each submission within the file. In the report, the submission was accepted. The documents within the submission were also accepted. If warnings are generated for a document, the message will display a yellow bar in the report. If errors are generated for a document, the message will display a red bar in the report. Documents with warnings only are accepted, and do not have to be corrected. 15

23 The following criteria must be met before the HL7 ORU R01 message can be moved to production for a submitter: Connectivity Director must receive three submissions that have no errors at the submission level The acceptance rate for document within the file must be at least 95%. Each file should contain a representative volume of data for a daily or weekly file submission. Once these criteria are met, you may request production status for HL7 CDA Document submissions. 3.7: Testing the HL7 BIO Document Submission This section identifies aspects of the testing cycle that are specific to the BIO Document. The file submission process for BIO Documents is defined in Section 3.4. The process for retrieving validation reports is defined in Section 3.4. You will receive one or two reports for each submission: If a submitted HL7 file fails validation at a submission level, you will receive a report identifying the problem with the submission. If a submission passes submission-level validation, you will receive a human-readable report with the validation results for each document within the submission, and an XML acknowledgment file containing the validation results for each submission within the file. In the following report the submission was accepted. The documents within the submission were also accepted. If warnings are generated for a document, the message will have a yellow bar in the report. If errors are generated for a document, the message will have a red bar in the report. Documents with warnings only are accepted, and do not have to be corrected. 16

24 The following criteria must be met before the HL7 BIO message can be moved to production for a submitter: Connectivity Director must receive three submissions that have no errors at the submission level. The acceptance rate for document within the file must be at least 95%. Each file should contain a representative volume of data for a daily or weekly file submission. Once these criteria are met, you may request production status for HL7 BIO Document submissions. 3.8: To Request Production To request production: 1. Click Transaction Types on the Settings page to display the Transaction Types page. 2. In this case we will request production for the HL7 transaction by first selecting the HL7 tab. Then, using the Action dropdown menu, select the 17

25 Request Production option. The request is sent, and the Action column will display Requested Production. The administrator will review your request and grant production status if your previous testing activities were successful. You will be notified of the change in status by : Phase II: Production Once you have received production status for a transaction, it is recommended that you send a limited run of production data. This will help ensure that it will be easier to troubleshoot problems that may arise during the first few production runs. It is up to you how many transactions you send, but you should use prudence as you select the size and scope of the first few production runs. Once out of testing mode, you will send production transactions that will be processed by the payer s production applications. You will receive reports related to your production file submissions and ASC X transactions in response to your production file submissions. To Manually Send Transactions to the Payer s Production System: 1. Open the Connectivity Director interface and log in. 2. Click Submit File in the main menu and submit a file. The payer recommends that you use a small file size for production testing. 3. The system opens the file. 4. Because you are sending production transactions, the system performs validation of the file and creates a validation summary (Submitter report) that you can view. 5. The system displays a page showing that the file has been successfully uploaded. Summary information about the file is presented. (Example: submission ID, file name, bytes received, file MD5 [a transmission error check number], time received, submission type.) 6. Click Downloads in the main menu to review reports. 7. The Downloads page appears; it lists various file reports. You can search or sort by file name, date, type, and size. 8. Click on a report name hyperlink. (Example: A transmission report for the file just uploaded.) 9. The system asks if you wand to either open or save the report. Choose to open the report. 4.0: Connectivity Director Communication Protocols This section contains technical information about the Connectivity Director system. Some of this information is intended to help very technical users write 18

26 programs to connect directly to Connectivity Director. It is not necessary to do this; however, it can greatly increase the efficiency with which files are sent and received. 4.1: Process Flows TESTING PROCESS The following diagram shows the process flow for a testing scenario. When you submit files manually (as when using the web interface), it is similar to a batch submission in that no responses or reports are returned during the session. Responses and reports appear in the Downloads section of the user interface shortly thereafter. Note that test files stop short of entering the payer s adjudication system; responses and reports are therefore generic, but are useful for verifying operation and functionality. PRODUCTION PROCESS The following diagram shows the flow process for a production scenario. As with a testing scenario, when you submit production files manually (as when using the web interface), it is similar to a batch. Responses and reports will appear in the Downloads section of the user interface. 4.2: Transmission Administrative Procedures The Connectivity Director system can be used in either batch or real-time modes, either manually via the website (batch only) or programmatically via several different communication protocols. NOTE: HL7 can be done only in batch mode. Real-time is not available. 19

27 4.3: Communication Protocol Specifications Connectivity Director currently supports the following communications methods. HTTPS Batch FTP + PGP Batch FTP over SSL Batch These protocols are described in the following sections. HTTPS BATCH This is perhaps the simplest batch communications method. This method is recommended for small- and medium-sized files. It is not recommended for large files (in excess of 10 MB). Large files are transferred more efficiently using FTP instead of HTTPS. FTP + PGP BATCH The EDI data transferred with this method is secure because it is encrypted with PGP. However, the FTP commands, including the user ID and password, are sent without encryption. Connectivity Director allows FTP transfers only if the files are encrypted with PGP. See Appendix B: PGP Encryption with FTP in this guide. For general information about PGP, visit and also FTP OVER SSL BATCH This method of transfer is sometimes called FTPS, and basically consists of sending regular FTP transmissions over an SSL connection. SSL stands for Secure Socket Layer and is the same mechanism used to protect information sent between your browser and a website when you send, for example, a credit card number. Since FTP is inherently not secure, allowing an FTP over SSL connection enables the traffic to be encrypted as it is transmitted. It is not required that the actual data files be encrypted when using this method to meet PHI (protected health information) encryption requirements. Note about FTP Raw Commands: Raw FTP commands represent a known security risk. The following commands are supported: DELE, RETR, LIST, NLST, PASS, STOR, QUIT, USER. All other commands, such as CD and CWD, are unsupported. If an unsupported command is attempted, the system will return a 550 error code. 20

28 CURL CURL is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. CURL supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication, file transfer resume, proxy tunneling. 4.4: Programmatically Uploading and Retrieving Data This section describes how to programmatically interact with Connectivity Director. It is meant to provide information for very technical users who want to write programs or scripts to send files to Connectivity Director automatically. The descriptions are broken out by the protocols listed above. Keep in mind that you can use any of these methods to communicate with Connectivity Director, but none are required. You may also use several of these methods simultaneously. For example, you could upload batch files using FTP and HTTPS. HTTPS The following information outlines how to programmatically upload data to the Connectivity Director system via HTTPS. If sending in batch mode, a receipt will be sent back. If sending in real-time mode, the appropriate response reports will be sent back. URL Protocol Server Path Method HTTPS /tpp/upload.php POST PARAMETERS Parameter UserID Password Meaning Your tax ID here The password you use to log into the website 21

29 UploadFile 1 ForceRealTime file Payload ID Date of Transaction 1 (1 means real-time, 0 means batch) Contents of the file go here Optional; for meeting CAQH/CORE file submission standards Optional; for meeting CAQH/CORE file submission standards Note the following: You must use the correct case on the parameter names. If the case is not exactly correct, the server will say invalid session. If you pass 0 in ForceRealTime (or you do not send it), then your post will be treated as a batch upload, the same as if you had uploaded it via the Submit File page in the user interface. You will receive an XML response with information about the submission including a <Status>OK</Status> indication, and the content of the HTML page for successful file upload and any reports generated or responses from the payer will be placed into your regular Downloads area. If you don't have the file on disk (i.e., you have a data stream or message sent to your posting program) you can still use this mechanism. However, you must still include a file name. Make sure your client is producing that file name as a part of the parameter where you are placing your file data. See the sample curl scripts provided at unitedhealthcarecd.com/docs/brand/uniprise/curl_demo_uhc.zip for a working example of what you would need to produce in order to stream your data. The method is POST; this means you cannot pass these parameters on the URL line as GET parameters. The content type is multipart/form-data. This submission method does not require a client certificate for authentication (i.e., certificate-based authentication). However, if your HTTPS client is able to cache Connectivity Director s SSL certificate, you may retrieve it from your web browser while visiting the website. In most browsers you can export the SSL certificate by clicking on the symbol indicating that the site is secured by SSL. This symbol varies by browser and even by different versions of the same browser (Internet Explorer 7 vs. Internet Explorer 8 vs. Firefox), but it is normally shown with a yellow padlock symbol next to the URL or at the bottom of the browser window. 22

30 The following example shows how this is done in Internet Explorer Click the yellow padlock just to the right of the URL to display the Website Identification window. 2. Click View Certificates. This displays the Certificate window. 3. Click the Details tab to display it. 23

31 4. Click Copy to File; a wizard will launch. This wizard allows you to export the certificate in a variety of formats. If you chose to cache the certificate, note the certificate s expiration date. You should do this because the server s certificate will be updated within 30 days of its expiration, and you may also need to update your cached copy. If you are sending in batch mode, a receipt will be sent back. If you are sending in real-time mode, the appropriate response reports will be sent back. EXAMPLES: USING HTTPS Here is an example of how to post a file using curl: curl -v -o response.txt -F UserID= F 'Password=xxxxxxxx' -F UploadFile=1 -F ForceRealTime=1 -F file=@basefiles/270test.txt CURL is a free HTTP client that creates the HTTP post for you and uses the parameters passed to it. It is available for virtually all platforms. If you would like to programmatically build your own HTTP post, it might be helpful for you to first test with curl. CURL also accepts the ' --trace -' and ' --trace-ascii - ' options, which will show you all of the data in the post that it creates (see This will likely help you construct your own post statements. You can also use HTTPS to programmatically get directory listings and download files. When a file is downloaded using this interface, the value following the 24

32 delete parameter controls what happens to the file on the server. If a 0 is used, nothing happens to the file. If a 1 is used then the file is automatically removed from your Downloads folder. The file will still be available in the archives folder via the web interface. Once the file is marked for re-download, it will be available to download again from any interface. Here are some sample commands using curl: Directory listing curl -k ilelist/username/ /pw/xxxxxxxxx Download curl -k ile/delete/0/username/ /pw/xxxxxxxxx/ filename/file_name_to_be_downloaded > /tmp/file_name_to_be_downloaded NOTE: Using special characters in your passwords that are significant in http posts (i.e.,!, &, /, etc.) may cause the post to not function properly. You can try these alternate post methods to circumvent this problem however it is best to simply avoid using these characters in your passwords. Alternate syntax: Directory listing curl -d "username= &pw=xx/xxxxxxx" - k tfilelist Download curl -d "username= &pw=xx/xxxxxxx" -k ile/delete/0/filename/file_name_to_be_downloaded > /tmp/file_name_to_be_downloaded Directory listing: curl -k ilelist/username/ /pw/xxxxxxxxx Download: curl -k ile/delete/0/username/ /pw/xxxxxxxxx/filename/file_name_to_be_d ownloaded > /tmp/file_name_to_be_downloaded If your password contains a '/' character then use commands below. Directory listing: 25

33 curl -d "username= &pw=xx/xxxxxxx" - k tfilelist Download: curl -d "username= &pw=xx/xxxxxxx" -k ile/delete/0/filename/file_name_to_be_downloaded > /tmp/file_name_to_be_downloaded See Appendix A for Java sample code that can be used to make a post to the site. FTP GENERAL INFORMATION Connectivity Director supports two forms of FTP for programmatically uploading HL7 data: FTP + PGP and FTPS (FTP w/explicit SSL). All HL7 data submitted via FTP must be encrypted either with PGP or through SSL. Files uploaded without SSL that are not PGP-encrypted will be deleted immediately upon arrival. This method is simple to test and to script for automated transfers and is suited to medium and large files. Most operating systems have a native FTP implementation that will work for this method (except for Microsoft Windows, as the native client does not support passive mode or FTPS). The FTP server is a highly customized server. You can upload and download files and get a directory listing. All other commands have been disabled, including changing directories. When you do a directory listing you will see all files that are available to download. After you upload a file successfully, you will not be able to see it with a directory listing. This is normal. If you need to download a file again, you will need to log in to the website and mark the file for re-download from your archives. The file will then show up in the FTP directory listings. There are several general requirements for either FTP + PGP or FTP over SSL: Passive mode Port range of 50,000-50,200, open to the FTP client from the internet Binary mode or ASCII-armored files Capable of receiving file names longer than 32 bytes Ignore the remote IP address (FTPS only) PGP public key entered on the Settings page of the interface (FTP only) If your FTP software supports passive mode, you should put the FTP session in passive mode. If your FTP software does not support passive mode, you could encounter timeouts when going through some firewalls that are not configured to allow FTP sessions unless in passive mode. 26

34 Note that in passive mode, the client sends the passive command to the server (Connectivity Director). The payer responds with the port to be used for the data channel. The port is in the range of 50,000-50,200, so you must be able to open a port to the payer that falls within that range. If your FTP client software supports binary transfers (most do), all your FTP transfers should be in binary mode. If the binary mode is not the default mode, make sure you switch to binary mode before transferring any files. If your FTP client software does not support binary transfers, make sure your PGP files are armored so they will transfer correctly in text mode. Your system must be capable of receiving long file names, longer than 32 bytes. The payer s system will generate file names shorter than 256 bytes, but, in most cases, longer than 32 bytes. If your system cannot handle our file names, you should not use FTPS push, but rather HTTPS push. Or, just download the files from the payer s system as needed. You can then assign your own file names. FTP + PGP BATCH The command line to connect via FTP looks like this (bold=user-entered text). This prompt could change, depending on the FTP client you are using. user@linux:~$ ftp ftp.unitedhealthcarecd.com Connected to You are using the Connectivity FTP service. 530 Please login with USER and PASS. Name (mycompany.payername.com:someone): UserID 331 Please specify the password. Password: Password 230 Login successful. ftp> passive Passive mode on. ftp> binary Binary mode on. ftp> ls FTP OVER SSL EXPLICIT MODE (PORT 21) To use FTPS, you must use the RFC 2228 security extensions to FTP. As described above, the FTPS client needs to be set to ignore the remote IP address of the server. The FTP server is behind a firewall and has a NAT private IP address. Because the FTPS packets are encrypted, the router cannot change the NAT address in the packet to the public IP address that the connection was initiated on. This is normal; simply ignore the difference in IP addresses. Here are two examples of how to configure FTP clients to work with FTP over SSL. LFTP is a freely available Linux FTP client that supports FTPS. These are the minimum required parameters to get a directory listing with SSL: 27

35 lftp lftp :~> set ssl-force yes lftp :~> set ssl-protect-data yes lftp :~> set ssl-protect-list yes lftp :~> open ftp.unitedhealthcarecd.com lftp ftp.unitedhealthcarecd.com:~> user UserID Password lftp ls As a client, LFTP will accept the server s commands to go into passive mode and use the proper ports, and it properly handles the remote IP address. If that is not the case for your installation or default configuration, you may need to specify additional parameters. The following options (or a combination thereof) should allow you to override any default settings that don t allow a successful directory listing or file transfer: debug set ssl-force yes set ssl-protect-data yes set ssl-protect-list yes set passive-mode yes set port-range set fix-pasv-address yes set ignore-pasv-address yes open ftp.unitedhealthcarecd.com user UserID Password ls Binary is the default transfer mode so it is not needed in these options. Debug is optional and will just give you more information that you can use as you set up your connection. This example uses FileZilla, a free, open-source FTP/S client that is compatible with Microsoft Windows. It can also be used for unencrypted FTP. 1. Launch the client and set it to use explicit FTPS. 2. Ensure that passive mode is enabled. 28

36 3. Specify the port range (50,000-50,200) that the client will listen on. With most FTPS clients (and in passive mode) you may not need to set this parameter, but it is mandatory that the firewall on both the server and the Internet connection allow traffic on these ports. 4. Look for a setting that is similar to the one shown in the following figure, which allows the client to ignore the server's local IP address once the SSL connection is established. Due to the nature of SSL and the positioning of UnitedHealthcare servers behind multiple firewalls, this option must be selected. 29

37 4.5: Passwords Password change is required at least once each year. When your password has expired, you will be prompted to select a new one at your next login. 1. The rules for passwords are based on common industry practice. Since your password will protect ephi, it must meet the following requirements: 2. It must be at least eight characters long. 3. It must have at least one alpha character. 4. It must have at least one numeric. 5. It must have at least one symbol (special character). Accepted special characters are ' ~ # % ^ & * ( ) - _ + = [ ] { >,.? / : ;. Unaccepted special characters are $ \ <. 6. It must have no spaces. 7. It must be different from the last ten passwords you used. 8. It cannot be changed more than once in a 24-hour period. The same username and password will be used to log in to the website as to connect via other methods. This may require changes in your system. Note that an notification is sent out when your password needs to be changed in the future. You will be notified 60 days, 30 days, and every day with fewer than 7 days remaining until the password expires. If You Forget Your Password Go to the login page and click Reset your password. This displays the Request Password page. Enter your provider ID in the text field and click Reset Password. A temporary password will be ed to the address associated with your account. 30

38 If you forget your user ID, please contact Customer Support at weekdays between 8 a.m. and 5 p.m. Eastern Time. 5.0: Contact Information 5.1: EDI Customer Support CONTACT US For login or password issues, reports, account setup, and for any issues with transactions in testing status: Contact: Customer Support Phone: UnitedHelpDesk@ediconnect.com Hours: M-F 8:00 a.m. 5:00 p.m. Eastern Time If you have a question about the result of production transaction processing, such as how a claim was paid, or a question about eligibility information returned, contact Customer Support. Providers calling must refer to their Tax ID number. 6.0: Control Segments/Envelopes 6.1: HL7 Enveloping Requirements Enveloping requirements for HL7 ORU R01 file submissions are defined in the UHG HL7 ORU R01 companion guide available at 7.0: Payer-Specific Business Rules and Limitations Please go to for information about clinical and medical policies. 8.0: Acknowledgments and Reports Connectivity Director provides several reports that you can view in the Downloads section of the interface. 8.1: Reports Inventory for HL7 Submissions You will receive two types of reports from an HL7 file submission. 31

39 The first is an English-language validation report. An example of that report can be found in Section 3.5 of this document. The second is an HL7 standard acknowledgement. The layout for this file is defined in the Acknowledgement Messages section of the UHG HL7 ORU R01 companion guide. 9.0: Trading Partner Agreements You are required to provide an electronic signature at the bottom of the Settings page to use the Connectivity Director system (see Section 2.2 of this document). The use of the system is governed by the User Agreement, which is linked from that page. Read these terms and indicate your agreement to be bound by the User Agreement by electronically signing this request form. In order to submit HL7 ORU R01 laboratory result messages, a submitter must have a contract in place that explicitly supports the submission of those transactions. Contact your assigned UHN lab manager for more information about submitting these transactions. 10.0: Other Connectivity Director Functionality (User Interface) This section describes functionality of the Connectivity Director system that is not covered elsewhere in this document. 10.1: Submissions This section shows the history of submissions made to the system. You can view the history of each submission individually. Click Submissions in the main menu to display the Submissions page. This page lists all files submitted, in chronological order. To view a specific submission log, click on the link in the Details column. The Responses tab displays. This tab shows information about the submission, such as the submit date, type, etc. In this example, one response item is an envelope error report. You can click on the Envelope Error Report link to view the error report. 32

40 To see the submission history, click the Submission Log tab. Note the chronology of submission events. Also note the two child submissions; click on each one to view them. 10.2: Responses The Responses section shows responses received by the system. Click the Responses tab on the main menu to display the Responses page. To view a specific response, click on the link in the Details column. To view the actual file submission, click the link in the Associated Submission column. 33

41 Note that you can perform various actions for a response by clicking the associated checkbox and then selecting the action in the Action dropdown menu. You can sort the responses by read, unread, read and unread, archived, and all using the Display dropdown menu. 10.3: User Log The User Log displays activity and time stamps for logins and logouts; session timeouts; when files are uploaded, downloaded, or deleted; and when account settings are changed. Click View User Log on the Status page to view this log. 10.4: Messages The Messages tab lists the system messages sent to you by the administrator. You can discard a message by clicking Delete in the action column. 10.5: Adding Providers to Your Account As a submitter, you must add providers to your account so that you will receive the routed responses for transactions containing their identifiers (such as ASC X12 835s, ASC X12 278Ns, etc., if you submit ASC X12 transactions). A single provider may be added or a group can be added in a CSV (comma-separated values) file. 34

42 To add a single provider: 1. Navigate to the Settings page and click Provider Routing. This displays the Provider Routing page. 2. In the Add Providers section, enter the provider s name, Tax ID, NPI, and select the transaction type by version. 3. Click Add. The system validates that the Tax ID and NPI information conforms to format standards established for these identifiers. Once the information format is validated, the provider is added to your account and is listed in the Providers Registered in Routing Table pane. 4. Note that the Provider Name is a link. You can click on this link to display the Provider Details page, where you can view and edit specific information about the provider. 5. Select the appropriate transaction version tab (HL7, in this example) to display the transaction types the provider has submitted and their status. Note that you can edit the estimated monthly transactions for each type for this provider. 35

43 To upload a file of providers: 1. Navigate to the Provider Routing page. 2. Click Upload Multiple to display the Browse functionality in the Add Providers section of the page. 3. Click Upload Multiple to display the Browse functionality in the Add Providers section of the page. 4. If you would like to use a pre-formatted template, click Download File Template. This template includes columns for Provider Name, TIN, NPI, and Transaction Type. Once your template is complete, browse to the location of the template file and select it. 5. Click Upload. The system uploads the file and validates that the Tax ID and NPI information in it conforms to format standards established for these identifiers. Once the information format is validated, the provider is added to your account and is listed in the Providers Registered in Routing Table pane. 36

44 At this point you have the option of saving and/or viewing a report that shows the document you uploaded. Click the link of the name of the file, located next to the Download File Template link, to see the report. This is the only opportunity you will have to access this report. You can search the system for providers and export a list of them to Excel or PDF. To search for and export providers: 1. Navigate to the Provider Routing page. 2. In the Providers Registered in Routing Table section, use the search criteria to narrow down the list of providers you want to view. For this example, we will search for a specific Tax ID number and the HL7-ORU transaction type. 37

45 3. Note that one provider name is listed. If you want to export the search results to Excel, click Excel. This displays a dialog box asking if you want to view or save the file. You can do the same with the PDF option Requesting a New Transaction Standard As a submitter, you can request a new transaction standard for approval by the administrator. For example, if you are approved to submit ASC X transactions, you can request approval to submit HL7 transactions. To request a new standard: 1. Click Settings and then Transaction Types to display the Transaction Types page. Select the Transaction Types tab you want to request approval for, then the To register for X Transaction Types click here link. We will choose X for this example. 2. Select the appropriate X checkboxes and enter the estimated monthly transactions, then click Submit. The request is sent to the administrator. You will be notified of the administrator s response. 38

46 10.7 Account Information The Account Information page shows the sign-in, account security, submission ID, account type, and connectivity information associated with your account. To display this page, click Settings and then Account Information. You can edit most of this information on the page. Click Save Changes to save any updates. To reset your password, click Reset Password at the top of the page Contact Information The Contact Information page shows the contact information associated with your account. To display this page, click Settings and then Contact Information. 39

47 You can edit your contact information on this page. Click Save Changes to save any updates PGP Key, SFTP Authorized Key & Service Agreement The PGP Key & Service Agreement page shows your PGP key, if you have established one, and a link to the service agreement. To display this page, click Settings and then PGP Key & Service Agreement. 40

48 You can enter or edit your PGP key or SFTP authorized key in the appropriate fields. To view the service agreement, click User Agreement in the paragraph at the bottom. If you want to clear the PGP Public Key field, click Clear Key. Click Save Changes to save any updates : Sub-accounts If the administrator grants you the ability to have sub-accounts associated with your account, a Sub Account tab appears in the Settings section of the interface. To create a sub-account: 1. Click the Sub Account tab in the Settings section to display the Sub Account page. 2. Enter the username and password to be associated with the sub-account and click Save Changes to save the sub-account. The new sub-account will now be listed on the page. 41

49 3. A message will be automatically sent to the address used in the creation of the sub-account. This message includes the user ID (the username you created) and a temporary password along with brief instructions for how the sub-account user should test file submissions. 4. As shown in the previous figure, you can deactivate an account by clicking Deactivate in the Action column. 5. If the sub-account user exceeds the maximum number of login attempts, an Unlock Account link will appear on the Sub Accounts page. Click this link to unlock the sub-account. When you do so, an with a temporary password is sent to the sub-account user. 42

50 Appendix A: Java Code Connection Following are samples of code that can be used to connect to the Connectivity Director site. The first and second samples are separate Java classes: One is a sample for a request and the second is for a post. The third sample shows Java output and the fourth shows a properly constructed multi-part form data section. A.1: Java Program (Request) import java.net.urlconnection; import java.net.url; import java.io.ioexception; import java.util.hashmap; import java.util.map; import java.io.file; import java.io.inputstream; import java.util.random; import java.io.outputstream; import java.io.fileinputstream; import java.util.iterator; public class ClientHttpRequest { URLConnection _connection; OutputStream _os = null; Map _cookies = new HashMap(); String _rawcookies = ""; protected void connect() throws IOException { if (_os == null) _os = _connection.getoutputstream(); protected void write(char c) throws IOException { connect(); _os.write(c); protected void write(string s) throws IOException { connect(); _os.write(s.getbytes()); 43

51 protected void newline() throws IOException { connect(); write("\r\n"); protected void writeln(string s) throws IOException { connect(); write(s); newline(); private static Random random = new Random(); protected static String randomstring() { return Long.toString(random.nextLong(), 36); String boundary = " " + randomstring() + randomstring() + randomstring(); private void boundary() throws IOException { write("--"); write(boundary); /** * Creates a new multipart POST HTTP request on a freshly opened URLConnection * connection an already open URL connection IOException */ public ClientHttpRequest(URLConnection connection) throws IOException { this._connection = connection; connection.setdooutput(true); 44

52 connection.setdoinput(true); connection.setrequestproperty("content-type", "multipart/form-data; boundary=" + boundary); /** * Creates a new multipart POST HTTP request for a specified URL * url the URL to send request to IOException */ public ClientHttpRequest(URL url) throws IOException { this(url.openconnection()); /** * Creates a new multipart POST HTTP request for a specified URL string * urlstring the string representation of the URL to send request to IOException */ public ClientHttpRequest(String urlstring) throws IOException { this(new URL(urlString)); private void postcookies() { StringBuffer cookielist = new StringBuffer(_rawCookies); for (Iterator i = _cookies.entryset().iterator(); i.hasnext();) { Map.Entry entry = (Map.Entry)(i.next()); cookielist.append(entry.getkey().tostring() + "=" + entry.getvalue()); if (i.hasnext()) { 45

53 cookielist.append("; "); if (cookielist.length() > 0) { _connection.setrequestproperty("cookie", cookielist.tostring()); /** * adds a cookie to the request name cookie name value cookie value IOException */ public void setcookies(string rawcookies) throws IOException { this._rawcookies = (rawcookies == null)? "" : rawcookies; _cookies.clear(); /** * adds a cookie to the request name cookie name value cookie value IOException */ public void setcookie(string name, String value) throws IOException { _cookies.put(name, value); /** * adds cookies to the request cookies the cookie "name-to-value" map IOException */ public void setcookies(map cookies) throws IOException { if (cookies == null) return; this._cookies.putall(cookies); 46

54 /** * adds cookies to the request cookies array of cookie names and values (cookies[2*i] is a name, cookies[2*i + 1] is a value) IOException */ public void setcookies(string[] cookies) throws IOException { if (cookies == null) return; for (int i = 0; i < cookies.length - 1; i+=2) { setcookie(cookies[i], cookies[i+1]); private void writename(string name) throws IOException { newline(); write("content-disposition: form-data; name=\""); write(name); write('"'); /** * adds a string parameter to the request name parameter name value parameter value IOException */ public void setparameter(string name, String value) throws IOException { boundary(); writename(name); newline(); newline(); writeln(value); private static void pipe(inputstream in, OutputStream out) throws IOException { 47

55 byte[] buf = new byte[5000]; int nread; int total = 0; synchronized (in) { while((nread = in.read(buf, 0, buf.length)) >= 0) { out.write(buf, 0, nread); total += nread; out.flush(); buf = null; /** * adds a file parameter to the request name parameter name filename the name of the file is input stream to read the contents of the file from IOException */ public void setparameter(string name, String filename, InputStream is) throws IOException { boundary(); writename(name); write("; filename=\""); write(filename); write('"'); newline(); write("content-type: "); String type = URLConnection.guessContentTypeFromName(filename); if (type == null) type = "application/octet-stream"; writeln(type); newline(); pipe(is, _os); newline(); 48

56 /** * adds a file parameter to the request name parameter name file the file to upload IOException */ public void setparameter(string name, File file) throws IOException { setparameter(name, file.getpath(), new FileInputStream(file)); /** * adds a parameter to the request; if the parameter is a File, the file is uploaded, otherwise the string value of the parameter is passed in the request name parameter name object parameter value, a File or anything else that can be stringified IOException */ public void setparameter(string name, Object object) throws IOException { if (object instanceof File) { setparameter(name, (File) object); else { setparameter(name, object.tostring()); /** * adds parameters to the request parameters "name-to-value" map of parameters; if a value is a file, the file is uploaded, otherwise it is stringified and sent in the request IOException */ public void setparameters(map parameters) throws IOException { if (parameters!= null) { 49

57 { for (Iterator i = parameters.entryset().iterator(); i.hasnext();) Map.Entry entry = (Map.Entry)i.next(); setparameter(entry.getkey().tostring(), entry.getvalue()); /** * adds parameters to the request parameters array of parameter names and values (parameters[2*i] is a name, parameters[2*i + 1] is a value); if a value is a file, the file is uploaded, otherwise it is stringified and sent in the request IOException */ public void setparameters(object[] parameters) throws IOException { if (parameters!= null) { for (int i = 0; i < parameters.length - 1; i += 2) { setparameter(parameters[i].tostring(), parameters[i + 1]); /** * posts the requests to the server, with all the cookies and parameters that were added input stream with the server response IOException */ private InputStream dopost() throws IOException { boundary(); writeln("--"); System.out.println(_os.toString()); _os.close(); return _connection.getinputstream(); 50

58 /** * posts the requests to the server, with all the cookies and parameters that were added input stream with the server response IOException */ public InputStream post() throws IOException { postcookies(); return dopost(); /** * posts the requests to the server, with all the cookies and parameters that were added before (if any), and with parameters that are passed in the argument parameters request parameters input stream with the server response IOException setparameters */ public InputStream post(map parameters) throws IOException { postcookies(); setparameters(parameters); return dopost(); /** * posts the requests to the server, with all the cookies and parameters that were added before (if any), and with parameters that are passed in the argument parameters request parameters input stream with the server response IOException setparameters */ public InputStream post(object[] parameters) throws IOException { postcookies(); setparameters(parameters); return dopost(); 51

59 /** * posts the requests to the server, with all the cookies and parameters that were added before (if any), and with cookies and parameters that are passed in the arguments cookies request cookies parameters request parameters input stream with the server response IOException setparameters setcookies */ public InputStream post(map cookies, Map parameters) throws IOException { setcookies(cookies); postcookies(); setparameters(parameters); return dopost(); /** * posts the requests to the server, with all the cookies and parameters that were added before (if any), and with cookies and parameters that are passed in the arguments cookies request cookies parameters request parameters input stream with the server response IOException setparameters setcookies */ public InputStream post(string raw_cookies, Map parameters) throws IOException { setcookies(raw_cookies); postcookies(); setparameters(parameters); return dopost(); 52

60 /** * posts the requests to the server, with all the cookies and parameters that were added before (if any), and with cookies and parameters that are passed in the arguments cookies request cookies parameters request parameters input stream with the server response IOException setparameters setcookies */ public InputStream post(string[] cookies, Object[] parameters) throws IOException { setcookies(cookies); postcookies(); setparameters(parameters); return dopost(); { /** * post the POST request to the server, with the specified parameter name parameter name value parameter value input stream with the server response IOException setparameter */ public InputStream post(string name, Object value) throws IOException postcookies(); setparameter(name, value); return dopost(); /** * post the POST request to the server, with the specified parameters name1 first parameter name 53

61 value1 first parameter value name2 second parameter name value2 second parameter value input stream with the server response IOException setparameter */ public InputStream post(string name1, Object value1, String name2, Object value2) throws IOException { postcookies(); setparameter(name1, value1); setparameter(name2, value2); return dopost(); /** * post the POST request to the server, with the specified parameters name1 first parameter name value1 first parameter value name2 second parameter name value2 second parameter value name3 third parameter name value3 third parameter value input stream with the server response IOException setparameter */ public InputStream post(string name1, Object value1, String name2, Object value2, String name3, Object value3) throws IOException { postcookies(); setparameter(name1, value1); setparameter(name2, value2); setparameter(name3, value3); return dopost(); /** * post the POST request to the server, with the specified parameters 54

62 name1 first parameter name value1 first parameter value name2 second parameter name value2 second parameter value name3 third parameter name value3 third parameter value name4 fourth parameter name value4 fourth parameter value input stream with the server response IOException setparameter */ public InputStream post(string name1, Object value1, String name2, Object value2, String name3, Object value3, String name4, Object value4) throws IOException { postcookies(); setparameter(name1, value1); setparameter(name2, value2); setparameter(name3, value3); setparameter(name4, value4); return dopost(); /** * posts a new request to specified URL, with parameters that are passed in the argument parameters request parameters input stream with the server response IOException setparameters */ public static InputStream post(url url, Map parameters) throws IOException { return new ClientHttpRequest(url).post(parameters); /** * posts a new request to specified URL, with parameters that are passed in the argument 55

63 parameters request parameters input stream with the server response IOException setparameters */ public static InputStream post(url url, Object[] parameters) throws IOException { return new ClientHttpRequest(url).post(parameters); /** * posts a new request to specified URL, with cookies and parameters that are passed in the argument cookies request cookies parameters request parameters input stream with the server response IOException setcookies setparameters */ public static InputStream post(url url, Map cookies, Map parameters) throws IOException { return new ClientHttpRequest(url).post(cookies, parameters); /** * posts a new request to specified URL, with cookies and parameters that are passed in the argument cookies request cookies parameters request parameters input stream with the server response IOException setcookies setparameters */ public static InputStream post(url url, String[] cookies, Object[] parameters) throws IOException { return new ClientHttpRequest(url).post(cookies, parameters); 56

64 /** * post the POST request specified URL, with the specified parameter name parameter name value parameter value input stream with the server response IOException setparameter */ public static InputStream post(url url, String name1, Object value1) throws IOException { return new ClientHttpRequest(url).post(name1, value1); /** * post the POST request to specified URL, with the specified parameters name1 first parameter name value1 first parameter value name2 second parameter name value2 second parameter value input stream with the server response IOException setparameter */ public static InputStream post(url url, String name1, Object value1, String name2, Object value2) throws IOException { return new ClientHttpRequest(url).post(name1, value1, name2, value2); /** * post the POST request to specified URL, with the specified parameters name1 first parameter name value1 first parameter value name2 second parameter name value2 second parameter value name3 third parameter name 57

65 value3 third parameter value input stream with the server response IOException setparameter */ public static InputStream post(url url, String name1, Object value1, String name2, Object value2, String name3, Object value3) throws IOException { return new ClientHttpRequest(url).post(name1, value1, name2, value2, name3, value3); /** * post the POST request to specified URL, with the specified parameters name1 first parameter name value1 first parameter value name2 second parameter name value2 second parameter value name3 third parameter name value3 third parameter value name4 fourth parameter name value4 fourth parameter value input stream with the server response IOException setparameter */ public static InputStream post(url url, String name1, Object value1, String name2, Object value2, String name3, Object value3, String name4, Object value4) throws IOException { return new ClientHttpRequest(url).post(name1, value1, name2, value2, name3, value3, name4, value4); A.2: Java Program (Post) 58

66 import java.io.bufferedreader; import java.io.inputstreamreader; import java.io.inputstream; import java.io.file; import java.net.*; public class HttpPost { /** * Invoking this function will send a file to a ConnectivityDirector * public web interface in "RealTime" mode. The response from Connectivity Director is * printed as output. * * If an error occurs, the string "ERROR" will be printed as output, * with the error details on the following lines. * * To override default submission parameters, use the following * arguments * * 0 - Hostname or IP Address of Connectivity Director Server * 1 - Path to the file you want to submit * 2 - UserID * 3 - Password * * Example: * * java HttpPost c:\files\270.txt UserID Password * * If you do not want to pass the UserID or Password parameters on the command line, * they may be set with default values below. * args 59

67 */ public static void main(string args[]) { String str; File f; UserID Password /** * Set defaults here */ String Host = ""; String FilePath = ""; String UserID = " "; String Password = "password12#"; // A default // A default try { /** * Read command line args */ if ( args.length > 0 ){ Host = args[0]; if ( args.length > 1 ){ FilePath = args[1]; if ( args.length > 2 ){ UserID = args[2]; if ( args.length > 3 ){ Password = args[3]; /** * Verify parameters... */ if ( Host.length() < 1 ) { throw new Exception("Invalid Host"); 60

68 if ( UserID.length() < 1 ) { throw new Exception("Invalid UserID"); if ( Password.length() < 1 ) { throw new Exception("Invalid Password"); if ( FilePath.length() < 1 ) { throw new Exception("Invalid FilePath"); f = new File(FilePath); if (! f.exists()! f.canread() ) { throw new Exception("File '" + FilePath + "' does not exist or is not readable." ); URL url = new URL( " + Host + "/tpp/upload.php"); HttpURLConnection conn = (HttpURLConnection) url.openconnection(); ClientHttpRequest c = new ClientHttpRequest(conn); c.setparameter("userid", UserID); c.setparameter("password", Password); c.setparameter("uploadfile", "1"); c.setparameter("forcerealtime", "0"); c.setparameter("file", f); InputStream instream = c.post(); // READ THE RESPONSE BufferedReader in = new BufferedReader(new InputStreamReader( instream)); while ((str = in.readline())!= null) { 61

69 System.out.println(str); in.close(); catch (Exception e) { System.out.println("ERROR"); System.out.println(e.toString()); System.out.println(); HttpPost.usage(); public static void usage() { System.out.println("Usage:"); System.out.println("java HttpPost [Hostname IPAddr] [File] [UserID] [Password]"); A.3: Java Output nyap2mo95emw9il2fjcndghn1v7cbm7jspgcd Content-Disposition: form-data; name="userid" nyap2mo95emw9il2fjcndghn1v7cbm7jspgcd Content-Disposition: form-data; name="password" password12# nyap2mo95emw9il2fjcndghn1v7cbm7jspgcd Content-Disposition: form-data; name="uploadfile" nyap2mo95emw9il2fjcndghn1v7cbm7jspgcd Content-Disposition: form-data; name="forcerealtime" 62

70 nyap2mo95emw9il2fjcndghn1v7cbm7jspgcd Content-Disposition: form-data; name="file"; filename="c:\270test.x12" Content-Type: application/octet-stream ISA*00* *00* *01* *01* *010925*1647*U*00501* *0*T*:~ GS*HS* * * *1647*1*X*005010X279A1~ ST*270*1234~ BHT*0022*13* * *1128~ HL*1**20*1~ NM1*PR*2*ABC COMPANY*****PI* ~ HL*2*1*21*1~ NM1*1P*1*DOE*JOHN****SV* ~ REF*N5*129~ N3*11 SANDERS LANE~ N4*OKLAHOMA CITY*OK*73116~ PER*IC*JOE SMITH*TE* *EX*4213*FX* ~ PRV*PE*ZZ*213BM16720C~ HL*3*2*22*1~ TRN*1* * ~ NM1*IL*1*DOE*JOE*A***MI* ~ REF*1L*060889~ N3*213 CLEARWAY ST~ N4*LOS ANGELES*CA*90045~ DMG*D8* *M~ HL*4*3*23*0~ TRN*1* * *RADIOLOGY~ NM1*03*1*JONES*STACY~ REF*SY* ~ N3*213 CLEARWAY ST~ N4*LOS ANGELES*CA*90045~ DMG*D8* *F~ INS*N*19~ DTP*472*D8* ~ EQ*81**FAM~ 63

71 SE*29*1234~ GE*1*1~ IEA*1* ~ nyap2mo95emw9il2fjcndghn1v7cbm7jspgcd A.4: Multi-part Form Data Section --xyzzy Content-Disposition: form-data; name="userid" xyzzy Content-Disposition: form-data; name="password" Password12# --xyzzy Content-Disposition: form-data; name="uploadfile" 1 --xyzzy Content-Disposition: form-data; name="forcerealtime" 1 --xyzzy Content-Disposition: form-data; name="file"; filename="c:\270test.x12" Content-Type: text/plain ISA*00* *00* *01* *01* *010925*1647*U*00501* *0*T*:~GS*HS* * * *1647*1*X*005010X279A1~ST*270*1234~BHT*0022*13* * * 1128~HL*1**20*1~NM1*PR*2*ABC COMPANY*****PI* ~HL*2*1*21*1~NM1*1P*1*DOE*JOHN****SV* ~RE F*N5*129~N3*11 SANDERS LANE~N4*OKLAHOMA CITY*OK*73116~PER*IC*JOE SMITH*TE* *EX*4213*FX* ~PRV*PE*ZZ*213BM16720C~HL*3*2* 22*1~TRN*1* * ~NM1*IL*1*DOE*JOE*A***MI* ~REF*1L*060889~N3*213 CLEARWAY ST~N4*LOS ANGELES*CA*90045~DMG*D8* *M~HL*4*3*23*0~TRN*1* * *RADIOLOGY~NM1*03*1*JONES*STACY~REF*SY* ~N3*213 CLEARWAY ST~N4*LOS ANGELES*CA*90045~DMG*D8* *F~INS*N*19~DTP*472*D8* ~EQ*81** FAM~SE*29*1234~GE*1*1~IEA*1* ~ --xyzzy-- 64

72 Appendix B: PGP Encryption with FTP PGP is required when using FTP as a submission method, since FTP is an inherently non-secure protocol. By encrypting the data that is being transmitted over an unencrypted medium, HIPAA standards can be met. If an unencrypted file is received over FTP, it will be immediately deleted. It is important to note that if a PGP key is entered on the Settings page, all files that are returned to your mailbox will be encrypted. If an unencrypted file is received over FTP, an error code 451 will be returned. Note: PGP produces two types of encrypted files: binary and ASCII-armored. Nothing about a PGP-encrypted binary file identifies it as such except perhaps the file extension. The contents of a PGP-encrypted binary file appear to be just random bits. The PGP ASCII-armored encrypted file looks very much like an encoded attachment, as it is plain text and says PGP ARMORED at the top. The following examples show you how to generate your own key, import the UnitedHealthcare key, and then use both keys to sign and encrypt a file. The first example shows how submitting files using PGP is accomplished at the Linux command line using open-source GPG as the PGP client. The second example uses a commercial implementation called PGP Desktop. There are many other commercial PGP applications that will perform this task. B.1 Basic Requirements You will need the UnitedHealthcare public key in order to encrypt the files that you submit to Connectivity Director. You will also need to use your private key to digitally sign the files that you submit. This digital signature must be made with your private encrypting key that corresponds to the public key that you have uploaded to your account on the trading partner portal ( In the process outlined, note the following: BLUE text = what you type GREEN text = what is returned B.2: Example Using Open-Source GPG SIGNING AND ENCRYPTING A FILE NOTE: The following first step likely will not work if you are using a remote SSH client (e.g., Putty or SecureCRT). Enter the following at the Linux command line: gpg --gen-key 65

73 You should now be at the server console. You will get the following response and question: gpg (GnuPG) 1.4.6; Copyright (C) 2006 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Please select what kind of key you want: (1) DSA and Elgamal (default) (2) DSA (sign only) (5) RSA (sign only) Your selection? Enter 1 for DSA and Elgamal and answer the next question: DSA keypair will have 1024 bits. ELG-E keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) Enter whatever you would like is recommended. Requested keysize is 2048 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) Choose your answer. For simplicity, 0 is fine. Key does not expire at all Is this correct? (y/n) y You need a user ID to identify your key; the software constructs the user ID from the Real Name, Comment, and Address in this form: "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>" Next, it will prompt you for the following information: Real name: Test User address: test@test.com Comment: No Comment You selected this USER-ID: "Test User (No Comment) <test@test.com>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? Enter O to continue. You need a pass phrase to protect your secret key. For simplicity you can choose to not use a pass phrase, but using one is recommended if you are familiar with PGP. This example does not use a pass phrase. If you chose not to use a pass phrase, just hit Enter twice. 66

74 Note that you can change your pass phrase at any time using this program with the option "--edit-key". We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy > > We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy > ^^^^ gpg: key F6A4BA75 marked as ultimately trusted public and secret key created and signed. gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u pub 1024D/F6A4BA Key fingerprint = CD AFAF 31C4 43BA F6A4 BA75 uid Test User (No Comment) <test@test.com> sub 2048g/D272E1EA The key is now created. Next, you need to export the corresponding public key to paste into the PGP Public Key field on the UnitedHealthcare server. To do that, execute the following command: gpg --armor --output pubkey.txt --export 'test@test.com' Open the pubkey.txt file and copy and paste the contents into the PGP Public Key field on the Settings page of your user account on ( Next, you need to import the UnitedHealthcare public key. You can get it from the Settings page of the user interface once you are logged in. There is a link to it in the PGP Public Key section. Copy the key to a text file (Uniprise.pub) on the server. Then, from the Linux command line, enter: gpg --import Uniprise.pub This will give you an output similar to this: gpg: key 73F804AA: public key "Uniprise CD Production Administrator <UnitedCDSupport@uhc.com>" imported gpg: Total number processed: 1 gpg: imported: 1 67

75 Now you are ready to encrypt and sign the file that you can FTP to the UnitedHealthcare Connectivity Director server. Note: is for encryption ONLY. For help desk support, please use Following is the GPG command to do this: gpg --sign --recipient --encrypt filename.x12 This produces a file with the name filename.x12.gpg. This file is now both encrypted with the UnitedHealthcare public key and digitally signed with your private key. The server now allows you to upload the file using plain FTP without any other encryption (e.g., FTPS). To decrypt response files: gpg --output filename.out --decrypt filename.gpg B.3 Example Using Commercial PGP Desktop Software Begin by creating a new key. 68

76 You do not need to configure Advanced settings. The default settings work as needed. You can choose to use a pass phrase. Be aware that your automation software will need to supply the pass phrase every time a file is encrypted/decrypted. In this example, we will not use a pass phrase. 69

77 If you do not use a pass phrase, a warning message will display. Disregard this message. When key generation is complete, the interface will prompt you to add the key to your key ring. It will now ask you if you want to publish your public key to a Global Directory. This is not necessary, and we will skip this option in this example. Next, copy your public key to the Settings page in your account at UnitedHealthcareCD.com. To obtain your public key, right-click on the new key and click Copy Public Key. This copies the public key to your clipboard. 70

78 Next, log in to your account at UnitedHealthcareCD.com and go to the Settings page. Near the bottom of the page you will see the PGP Key & Service Agreement section with a text box for you to paste your public key. After you have pasted your key it will look something like this: Save your settings with the new key in place. You will also need the UnitedHealthcare Connectivity Director public key so that you can encrypt files that you submit via FTP. To get this key, click on the public key link. Select the key information from the web page and copy and paste it to a text file. 71

79 You can then import the public key from the text file. 72

80 Highlight the key file and click Import. Now you will see the key in your key ring. 73

81 You now have everything you need to do PGP encryption with UnitedHealthcare. To successfully submit a file, encrypt it using the public key that you just imported and sign the file (not the key) using your private key. Find the file that you want to encrypt, right-click on it, and navigate to the Secure with key option. Select the Uniprise CD Production Administrator key in the dropdown menu. Then click Add, then Next. 74

82 Select the key that is posted on your Settings page and click Next to sign the file. Click Finish. You are now ready to submit the new PGP-encrypted file. 75

83 Appendix C: FTPS Client Configuration This section shows an example of configuring the settings for an FTPS client. This example uses FileZilla. Explicit FTPS: To ignore a remote IP address: 76

84 Passive mode. If you see a 500 error, it is possible that your client has not been set to operate in passive mode: Use port range 50,000-50,200. Many FTPS clients (including FileZilla) work without this explicit setting. However, the firewall on both the server and the Internet connection must allow traffic on these ports. 77