additional attachment templates presented to the attachments workgroup december 10, 2013

Additional Attachment Templates

Presented to the Attachments Workgroup

December 10, 2013

Improper Payment Medicare receives 4.8 M claims per day.

CMS’ Office of Financial Management estimates that each year

• the Medicare FFS program issues more than $28.8 B in improper payments (error rate 2011: 8.6%).

• the Medicaid FFS program issues more than $21.9 B in improper payments (3-year rolling error rate: 8.1%).

Most improper payments can only be detected by a human comparing a claim to the medical documentation.

www.paymentaccuracy.gov

Medical Documentation Requests are sent by:

• Medicare Administrative Contractors (MACs) Medical Review (MR) Departments

• Comprehensive Error Rate Testing Contractor (CERT)

• Payment Error Rate Measurement Contractor (PERM)

• Medicare Recovery Auditors (formerly called RACs)

Claim review contractors issue over 1.8 million requests formedical documentation each year.

Claim review contractors currently receive most medical documentation in paper form or via fax.

esMD Background

Phase I of esMD was implemented in September of 2011. It enabled Providers to send Medical Documentation electronically

3

Review Contractor

Provider

Request Letter

Paper Medical Record

Phase 1: Doc’n

Request Letter

electronic

electronic

electronicPhase 2:

Before esMD: Healthcare payers frequently request that providers submit additional medical documentation to support a specific claim(s). Until recently, this has been an entirely paper process and has proven to be burdensome due to the time, resources, and cost to support a paper system.

The ONC S&I Framework Electronic Submission of Medical Documentation (esMD) initiative is developing solutions to support an entirely electronic documentation request.

esMD

Goals

1) Reduce administrative burden

2) Reduce improper payment

3) Move from “post payment audit” to prior-authorization or pre-payment review

Requirements

4) Move from paper to electronic communication

5) Replace “wet signatures” with digital signatures

6) Migrate to structured data from unstructured data

4

S&I Framework esMD Overview

Provider EntityPayer Entity

PayerProvider

(Individual or Organization)

Contractors / Intermediaries Agent

Payer Internal System

esMD UC 2: Secure eMDR TransmissionIncludes Digital Signature

esMD UC 1: Provider RegistrationIncludes Digital Signature

esMD AoR Level 1Digital Signature on Bundle

Certificate Authority

Registration Authority

Provider Directories User Story

• All Actors obtain and maintain a non-repudiation digital identity

• Provider registers for esMD (see UC1)

• Payer requests documentation (see UC2)

• Provider submits digitally signed document (bundle) to address request by payer

• Payer validates the digital credentials, signature artifacts and, where appropriate, delegation of rights

• If Documents are digitally signed, then payer validates document digital signature artifacts

esMD AoR Level 2Digital Signature on Document(s)

Wet Signatures– Standards and legal standing

• Standards are based on legal precedence• Non-repudiation inherent in wet signature

– Audit requirement• None• Often requires an attestation to determine validity

– Timing of Signature• Applied at any time (timing policy cannot be enforced)

– Fraud protection • none• Short of forensic evaluation of original signed document

unable to determine when signing occurred

Electronic Signatures– Standards and legal standing

• Standards are based on technology and legal precedence• Currently there are no technically mature techniques that provide the

security service of nonrepudiation in an open network environment, in the absence of trusted third parties, other than digital signature-based techniques.(HHS)

– Audit requirement• Require audit of signing system (e.g. EMR) installation, policies, and

audit logs• May require an attestation to determine validity

– Timing of Signature• Record of time of signing• Can be applied at any time – timing determined by EHR

– Fraud protection • None/Limited – all required a physical audit and attestations

Digital Signatures– Standards and legal standing

• International and US Federal standards• Standards based on cryptography

– Audit requirement• Audit required as part of identity proofing and certificate issuance

– Timing of Signature• Time stamp on document is evidence of when signing occurred• OCSP response is external evidence of timing and certificate validity• Signature when document is complete

– Fraud protection • Absolute – assuming that PKI policies are followed

Author of Record Level 2 Requirements1. Digital signature on documents for provenance (clinical and administrative)

– Meets requirement for encapsulated non-repudiation – Note: electronic signature requires validation of system configuration

and audit log review

2. Signature should be applied at time of document creation, modification, review (Administrative – must be applied prior to claim submission)

3. Multiple signatures on same “document”

4. Certificate must be validated at time it is used (OCSP or CRL)

5. Support for validated delegation of rights assertion

6. Signature and delegation of rights must travel with document

7. Signature bound to signed document for life-time of document

8. Supports transition from unsigned to signed documents over time

Example: Multiple signatures in a pdf document (decoupled from transport)

9

Provider with Signed Documents

SignatureDelegationDocument

Document with embedded signature and delegation

Accepted andstored byall regardless of AoR support

Signature and delegation onlyaccepted by systems with AoR support May drop only signature and delegation or error on entire transaction

10

Signature on CDA

CDA Document

Header

Structured Body

Authenticators and Digital Signatures

Section EntryText Entry Entry Entry


Structured Body

Unstructured Body CDA Document

Unstructured Body

e.g. PDF

HeaderAuthenticators and Digital Signatures

Solution: Add “signatureText” attribute to Participation occurrences for legalAuthenticator and authenticator in the CDA Header to hold Digital Signature and Delegations of Rights Assertion artifacts -- exclude these Participation occurrences from the calculated digest

11

Implication of Digital Signatures• Once signed, the content may not be altered

without voiding the Digital Signatures• Digital Signatures will not work on anything

where the structure will be altered• Must address individual contributions – do this

through author participation, role and signature purpose

Today – Typical Response to CMS request for Documentation

EHR Forms/TemplatesHistory and

PhysicalVital signs

Visit Summary

History of Present Illness Lab Orders/Results

Allergies Medications

Vital Signs

Textual reports

Orders / Treatment

EHR DatabaseDemographics

Documentation collected via EHR forms and templates and stored in the EHR Database

13

CDA Document

Unstructured Body

PDF

HeaderAuthenticators and Digital Signatures

EHR generates PDF of all encounter information (typically)

PDF

esMD Phase 1

Current Templates


PhysicalVital signs

Visit Summary



Vital Signs

Textual reports

Orders / Treatment

CDA Document

Header

Structured Body





Section EntryText Entry Entry Entry EHR DatabaseDemographics

Create Structured CDA1) Works for all sections and entry templates defined as SHALL or, depending on

the certification requirements, SHOULD2) Sections and entry templates defined as MAY are supported to various degrees,

or not at all, by each EHR vendor3) How does the provider meet documentation requirements?4) Recipient of the document does not know if data does not exist, data is being

withheld, or the implementation does not support the section/entry

14

Use of Current Templates

Sign CDA


PhysicalVital signs

Visit Summary



Vital Signs

Textual reports

Orders / Treatment

CDA Document

Header

Structured Body





Signing “Module”

Universal Time Long term validation

Digest

Authenticate

Write Signature

Notes: 1) Signer may authenticate and then review/sign

multiple documents at one session2) Authentication via acceptable two factors --

something you know, something you hold, something you are (e.g. biometric), etc.

3) CDA typically contains a subset of the encounter information


15Not in CDA

Create Complete CDA


PhysicalVital signs

Visit Summary



Vital Signs

Textual reports

Orders / Treatment

CDA Document

Header

Structured Body






Create Structured CDA from Complete Document Template1) All Document sections and constrained entries are populated or use

appropriate nullFlavor 2) Ensures that all captured documentation is in the CDA prior to signing

16

Prior to or at time of signing – create CDA from Complete Document Template

Sign CDA


PhysicalVital signs

Visit Summary



Vital Signs

Textual reports

Orders / Treatment

CDA Document

Header

Structured Body





Signing “Module”

Universal Time Long term validation

Digest

Authenticate

Write Signature

Notes: 1) Signer may authenticate and then

review/sign multiple documents at one session

2) Authentication via acceptable two factors -- something you know, something you hold, something you are (e.g. biometric), etc.


17

Provider Setup for Digital Signatures1) Individual provider supplies IDs

and other information as part of credentialing or to a standalone Registration Authority (RA)

2) RA verifies credentials

3) Certificate Authority (CA) receives providers information from the RA

4) CA issues access information (e.g. hard token) to the individual provider

5) CA issues encrypted key to the signing application key store

ProviderSigning

Application

Certificate Authority

Registration Authority

1) 2)

5)

3)4)

Signing Process1) C-CDA created for activity to

be signed (system or on demand)

2) Signer views list of documents (C-CDAs) to be signed

3) Signer reviews documents and indicates ready for signature and where appropriate role and signature purpose (will most likely be defaulted based on signer)

4) Signer authenticates to Signing Application

5) Signer signs list of all reviewed and accepted documents

ProviderSigning

Application

1)

2)

5)

3)

4)

EHR Forms/Templates

History and Physical

Vital signs Visit Summary



Vital Signs

Textual reports

Orders / Treatment

CDA Document

Header

Structured Body

Digital Signatures





Patient Visit Date Document Role Purpose Rev ReadyJames, Sandy 8/15/2013 Complete CDA MD Legal AuthenticatorStanford, John 8/14/2013 Procedure CDA MD Legal Authenticator

Stanford, John 8/15/2013 Complete CDA MD Co-Signer

Sign selected documents

X X...

X XX

5)

New Templates Documents

1) Complete Encounter Document (office visit, consult, home health)

2) Complete Hospitalization Document (hospital admit and discharge)

3) Complete Operative Note Document (operative note)

4) Complete Procedure Document (procedure note)

5) Time Boxed Document (shift, day, period) (for acute / long term care)

Sections

6) Additional Documentation Section (documents that do not have a place in the existing sections)

7) Externally Defined CDE Section (data collection using externally defined templates that produce name value pairs defined by external standards (NLM ...))

8) Orders Placed Section (orders that are instantiated (moodCode RQO))

9) Transportation Section (provider copy of transportation documentation)

Notes – Medicare NCD/LCD1) Provider is not required to use a specific document template or even use a

CDA at this time

2) Attachments rule may change this to require a CDA document

3) Provider is responsible for submitting all documentation required to justify that the services is medically necessary and appropriate

4) Signatures must be applied prior to billing -- based on policy

We are:

5) Not changing the content or use of the existing templates in CCDA R1.1 or R2

6) Not requiring new data collection by provider – they should be documenting based on medical best practice (embodied in NCD/LCDs)

7) Creating templates that ensure that the CDA signed by a provider contains everything documented in the encounter. Provider can withhold information if provider deems appropriate and technology supports.

8) Creating Additional Attachment Templates that meet Medicare requirements and can be used by other payers or providers as they deem appropriate.

additional attachment templates presented to the attachments workgroup december 10, 2013

Documents

digital signature esmd

payer payer

medical documentation

esmd goals

digital signatures

provider registration

esmd background phase

improper payment medicare