Upload
griffin-beverly-williams
View
217
Download
0
Tags:
Embed Size (px)
Citation preview
Improper Payment Medicare receives 4.8 M claims per day.
CMS’ Office of Financial Management estimates that each year
• the Medicare FFS program issues more than $28.8 B in improper payments (error rate 2011: 8.6%).
• the Medicaid FFS program issues more than $21.9 B in improper payments (3-year rolling error rate: 8.1%).
Most improper payments can only be detected by a human comparing a claim to the medical documentation.
www.paymentaccuracy.gov
Medical Documentation Requests are sent by:
• Medicare Administrative Contractors (MACs) Medical Review (MR) Departments
• Comprehensive Error Rate Testing Contractor (CERT)
• Payment Error Rate Measurement Contractor (PERM)
• Medicare Recovery Auditors (formerly called RACs)
Claim review contractors issue over 1.8 million requests formedical documentation each year.
Claim review contractors currently receive most medical documentation in paper form or via fax.
esMD Background
Phase I of esMD was implemented in September of 2011. It enabled Providers to send Medical Documentation electronically
3
Review Contractor
Provider
Request Letter
Paper Medical Record
Phase 1: Doc’n
Request Letter
electronic
electronic
electronicPhase 2:
Before esMD: Healthcare payers frequently request that providers submit additional medical documentation to support a specific claim(s). Until recently, this has been an entirely paper process and has proven to be burdensome due to the time, resources, and cost to support a paper system.
The ONC S&I Framework Electronic Submission of Medical Documentation (esMD) initiative is developing solutions to support an entirely electronic documentation request.
esMD
Goals
1) Reduce administrative burden
2) Reduce improper payment
3) Move from “post payment audit” to prior-authorization or pre-payment review
Requirements
4) Move from paper to electronic communication
5) Replace “wet signatures” with digital signatures
6) Migrate to structured data from unstructured data
4
S&I Framework esMD Overview
Provider EntityPayer Entity
PayerProvider
(Individual or Organization)
Contractors / Intermediaries Agent
Payer Internal System
esMD UC 2: Secure eMDR TransmissionIncludes Digital Signature
esMD UC 1: Provider RegistrationIncludes Digital Signature
esMD AoR Level 1Digital Signature on Bundle
Certificate Authority
Registration Authority
Provider Directories User Story
• All Actors obtain and maintain a non-repudiation digital identity
• Provider registers for esMD (see UC1)
• Payer requests documentation (see UC2)
• Provider submits digitally signed document (bundle) to address request by payer
• Payer validates the digital credentials, signature artifacts and, where appropriate, delegation of rights
• If Documents are digitally signed, then payer validates document digital signature artifacts
esMD AoR Level 2Digital Signature on Document(s)
Wet Signatures– Standards and legal standing
• Standards are based on legal precedence• Non-repudiation inherent in wet signature
– Audit requirement• None• Often requires an attestation to determine validity
– Timing of Signature• Applied at any time (timing policy cannot be enforced)
– Fraud protection • none• Short of forensic evaluation of original signed document
unable to determine when signing occurred
Electronic Signatures– Standards and legal standing
• Standards are based on technology and legal precedence• Currently there are no technically mature techniques that provide the
security service of nonrepudiation in an open network environment, in the absence of trusted third parties, other than digital signature-based techniques.(HHS)
– Audit requirement• Require audit of signing system (e.g. EMR) installation, policies, and
audit logs• May require an attestation to determine validity
– Timing of Signature• Record of time of signing• Can be applied at any time – timing determined by EHR
– Fraud protection • None/Limited – all required a physical audit and attestations
Digital Signatures– Standards and legal standing
• International and US Federal standards• Standards based on cryptography
– Audit requirement• Audit required as part of identity proofing and certificate issuance
– Timing of Signature• Time stamp on document is evidence of when signing occurred• OCSP response is external evidence of timing and certificate validity• Signature when document is complete
– Fraud protection • Absolute – assuming that PKI policies are followed
Author of Record Level 2 Requirements1. Digital signature on documents for provenance (clinical and administrative)
– Meets requirement for encapsulated non-repudiation – Note: electronic signature requires validation of system configuration
and audit log review
2. Signature should be applied at time of document creation, modification, review (Administrative – must be applied prior to claim submission)
3. Multiple signatures on same “document”
4. Certificate must be validated at time it is used (OCSP or CRL)
5. Support for validated delegation of rights assertion
6. Signature and delegation of rights must travel with document
7. Signature bound to signed document for life-time of document
8. Supports transition from unsigned to signed documents over time
Example: Multiple signatures in a pdf document (decoupled from transport)
9
Provider with Signed Documents
SignatureDelegationDocument
Document with embedded signature and delegation
Accepted andstored byall regardless of AoR support
Signature and delegation onlyaccepted by systems with AoR support May drop only signature and delegation or error on entire transaction
10
Signature on CDA
CDA Document
Header
Structured Body
Authenticators and Digital Signatures
Section EntryText Entry Entry Entry
Section EntryText Entry Entry Entry
Structured Body
Unstructured Body CDA Document
Unstructured Body
e.g. PDF
HeaderAuthenticators and Digital Signatures
Solution: Add “signatureText” attribute to Participation occurrences for legalAuthenticator and authenticator in the CDA Header to hold Digital Signature and Delegations of Rights Assertion artifacts -- exclude these Participation occurrences from the calculated digest
11
Implication of Digital Signatures• Once signed, the content may not be altered
without voiding the Digital Signatures• Digital Signatures will not work on anything
where the structure will be altered• Must address individual contributions – do this
through author participation, role and signature purpose
Today – Typical Response to CMS request for Documentation
EHR Forms/TemplatesHistory and
PhysicalVital signs
Visit Summary
History of Present Illness Lab Orders/Results
Allergies Medications
Vital Signs
Textual reports
Orders / Treatment
EHR DatabaseDemographics
Documentation collected via EHR forms and templates and stored in the EHR Database
13
CDA Document
Unstructured Body
HeaderAuthenticators and Digital Signatures
EHR generates PDF of all encounter information (typically)
esMD Phase 1
Current Templates
EHR Forms/TemplatesHistory and
PhysicalVital signs
Visit Summary
History of Present Illness Lab Orders/Results
Allergies Medications
Vital Signs
Textual reports
Orders / Treatment
CDA Document
Header
Structured Body
Authenticators and Digital Signatures
Section EntryText Entry Entry Entry
Section EntryText Entry Entry Entry
Section EntryText Entry Entry Entry
Section EntryText Entry Entry Entry EHR DatabaseDemographics
Create Structured CDA1) Works for all sections and entry templates defined as SHALL or, depending on
the certification requirements, SHOULD2) Sections and entry templates defined as MAY are supported to various degrees,
or not at all, by each EHR vendor3) How does the provider meet documentation requirements?4) Recipient of the document does not know if data does not exist, data is being
withheld, or the implementation does not support the section/entry
14
Use of Current Templates
Sign CDA
EHR Forms/TemplatesHistory and
PhysicalVital signs
Visit Summary
History of Present Illness Lab Orders/Results
Allergies Medications
Vital Signs
Textual reports
Orders / Treatment
CDA Document
Header
Structured Body
Section EntryText Entry Entry Entry
Section EntryText Entry Entry Entry
Section EntryText Entry Entry Entry
Section EntryText Entry Entry Entry EHR DatabaseDemographics
Signing “Module”
Universal Time Long term validation
Digest
Authenticate
Write Signature
Notes: 1) Signer may authenticate and then review/sign
multiple documents at one session2) Authentication via acceptable two factors --
something you know, something you hold, something you are (e.g. biometric), etc.
3) CDA typically contains a subset of the encounter information
Authenticators and Digital Signatures
15Not in CDA
Create Complete CDA
EHR Forms/TemplatesHistory and
PhysicalVital signs
Visit Summary
History of Present Illness Lab Orders/Results
Allergies Medications
Vital Signs
Textual reports
Orders / Treatment
CDA Document
Header
Structured Body
Authenticators and Digital Signatures
Section EntryText Entry Entry Entry
Section EntryText Entry Entry Entry
Section EntryText Entry Entry Entry
Section EntryText Entry Entry Entry EHR DatabaseDemographics
Create Structured CDA from Complete Document Template1) All Document sections and constrained entries are populated or use
appropriate nullFlavor 2) Ensures that all captured documentation is in the CDA prior to signing
16
Prior to or at time of signing – create CDA from Complete Document Template
Sign CDA
EHR Forms/TemplatesHistory and
PhysicalVital signs
Visit Summary
History of Present Illness Lab Orders/Results
Allergies Medications
Vital Signs
Textual reports
Orders / Treatment
CDA Document
Header
Structured Body
Section EntryText Entry Entry Entry
Section EntryText Entry Entry Entry
Section EntryText Entry Entry Entry
Section EntryText Entry Entry Entry EHR DatabaseDemographics
Signing “Module”
Universal Time Long term validation
Digest
Authenticate
Write Signature
Notes: 1) Signer may authenticate and then
review/sign multiple documents at one session
2) Authentication via acceptable two factors -- something you know, something you hold, something you are (e.g. biometric), etc.
Authenticators and Digital Signatures
17
Provider Setup for Digital Signatures1) Individual provider supplies IDs
and other information as part of credentialing or to a standalone Registration Authority (RA)
2) RA verifies credentials
3) Certificate Authority (CA) receives providers information from the RA
4) CA issues access information (e.g. hard token) to the individual provider
5) CA issues encrypted key to the signing application key store
ProviderSigning
Application
Certificate Authority
Registration Authority
1) 2)
5)
3)4)
Signing Process1) C-CDA created for activity to
be signed (system or on demand)
2) Signer views list of documents (C-CDAs) to be signed
3) Signer reviews documents and indicates ready for signature and where appropriate role and signature purpose (will most likely be defaulted based on signer)
4) Signer authenticates to Signing Application
5) Signer signs list of all reviewed and accepted documents
ProviderSigning
Application
1)
2)
5)
3)
4)
EHR Forms/Templates
History and Physical
Vital signs Visit Summary
History of Present Illness Lab Orders/Results
Allergies Medications
Vital Signs
Textual reports
Orders / Treatment
CDA Document
Header
Structured Body
Digital Signatures
Section EntryText Entry Entry Entry
Section EntryText Entry Entry Entry
Section EntryText Entry Entry Entry
Section EntryText Entry Entry Entry EHR DatabaseDemographics
Patient Visit Date Document Role Purpose Rev ReadyJames, Sandy 8/15/2013 Complete CDA MD Legal AuthenticatorStanford, John 8/14/2013 Procedure CDA MD Legal Authenticator
Stanford, John 8/15/2013 Complete CDA MD Co-Signer
Sign selected documents
X X...
X XX
5)
New Templates Documents
1) Complete Encounter Document (office visit, consult, home health)
2) Complete Hospitalization Document (hospital admit and discharge)
3) Complete Operative Note Document (operative note)
4) Complete Procedure Document (procedure note)
5) Time Boxed Document (shift, day, period) (for acute / long term care)
Sections
6) Additional Documentation Section (documents that do not have a place in the existing sections)
7) Externally Defined CDE Section (data collection using externally defined templates that produce name value pairs defined by external standards (NLM ...))
8) Orders Placed Section (orders that are instantiated (moodCode RQO))
9) Transportation Section (provider copy of transportation documentation)
Notes – Medicare NCD/LCD1) Provider is not required to use a specific document template or even use a
CDA at this time
2) Attachments rule may change this to require a CDA document
3) Provider is responsible for submitting all documentation required to justify that the services is medically necessary and appropriate
4) Signatures must be applied prior to billing -- based on policy
We are:
5) Not changing the content or use of the existing templates in CCDA R1.1 or R2
6) Not requiring new data collection by provider – they should be documenting based on medical best practice (embodied in NCD/LCDs)
7) Creating templates that ensure that the CDA signed by a provider contains everything documented in the encounter. Provider can withhold information if provider deems appropriate and technology supports.
8) Creating Additional Attachment Templates that meet Medicare requirements and can be used by other payers or providers as they deem appropriate.