Electronic Submission of Medical Documentation (esMD) to DirectTrust.org December 3, 2014.

Slides:



Advertisements
Similar presentations
HCQ P MEDICARES HEALTH CARE QUALITY IMPROVEMENT PROGRAM QualityNet Exchange Dennis Stricker Director, Information Systems Group Office of Clinical Standards.
Advertisements

HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.
Federal Health IT Priorities Supporting Nationwide Interoperability February 3, 2015.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
Introducing Electronic Submission of Medical Documentation (esMD)
Electronic Submission of Medical Documentation (esMD) Face to Face Informational Session esMD Requirements, Priorities and Potential Workgroups – 2:00pm.
© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.
EsMD Author of Record L1 Use Case Meeting Friday, August 3, 2012.
Identity Assurance at Virginia Tech CSG January 13, 2010 Mary Dunker
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
PPA Use Case Context Diagram – Information Exchange Paths – General Case 0 Payer Organization Payer Organization Provider / Provider Organization Contractors.
Electronic Submission of Medical Documentation (esMD) for Medicare FFS Presentation to HITSC Provenance Workgroup January 16, 2015.
The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,
EsMD Harmonization UC2 Data Element Prioritization 8/1/2012.
Lecture 23 Internet Authentication Applications
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
NHIN Specifications Richard Kernan, NHIN Specification Lead (Contractor), Office of the National Coordinator for Health IT Karen Witting, Contractor to.
User Authentication Recommendations Transport & Security Standards Workgroup December 10, 2014.
Electronic submission of Medical Documentation (esMD) Author of Record Presentation to HITSC July 17, 2013 MELANIE COMBS-DYER, RN Deputy Director, Provider.
Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.
HIT Standards Committee HIT Standards Committee Privacy and Security Workgroup joint meeting with Clinical Operations Workgroup: Digital Signatures for.
EsMD Background Phase I of esMD was implemented in September of It enabled Providers to send Medical Documentation electronically Review Contractor.
Security Standards under Review for esMD. Transaction Timeline An esMD transaction begins with the creation of some type of electronic content (e.g. X12.
Electronic Submission of Medical Documentation (esMD) Face to Face Informational Session Charter Discussion – 9:30am – 10:00am October 18, 2011.
(updated for esMD on ) electronic submission of Medical Documentation (esMD) HL7 Structured Documents and HL7 Attachments May 5-9, 2013 (updated.
Functions of an X.509 Certification Authority (CA)
Additional Attachment Templates Presented to the Attachments Workgroup December 10, 2013.
Electronic Submission of Medical Documentation (esMD) Technical Overview Melanie Combs-Dyer, RN - Deputy Director, CMS/OFM/Provider Compliance Group Daniel.
Secure Electronic Transaction (SET)
Electronic Submission of Medical Documentation (esMD) Digital Signature and Author of Record Pre-Discovery Wednesday May 9,
Electronic Submission of Medical Documentation (esMD) Electronic Determination of Coverage (eDoC) Home Health User Story February 4, 2015.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
Network Security Lecture 26 Presented by: Dr. Munam Ali Shah.
Electronic Submission of Medical Documentation (esMD) January 11, :00 PM – 3:00 PM Community Meeting 0.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
Physician Lunch-N-Learn – PECOS Registration Training Getting Started with PECOS for Physicians June 15, 2010.
Configuring Directory Certificate Services Lesson 13.
Electronic Submission of Medical Documentation (esMD) Digital Signature and Author of Record Pre-Discovery Wednesday May 16,
Electronic submission of Medical Documentation (esMD) Author of Record Presentation to LCC August 8, 2013 ROBERT DIETERLE esMD Initiative Coordinator 1.
Electronic Submission of Medical Documentation (esMD) Digital Identity and Author of Record Sub-Workgroups September 19, 2012.
U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.
Security Standards under Review for esMD. Transaction Timeline An esMD transaction begins with the creation of some type of electronic content (e.g. X12.
Electronic Submission of Medical Documentation (esMD) Identity Proofing Sub-Workgroup October 31, 2012.
Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.
Provider Directory Task Force Karen Trudel, CMS September 30, 2010.
Electronic Submission of Medical Documentation (esMD) Initiative Breakout Session Wednesday, April 11 th, :00 PM – 6:00 PM 1.
DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.
Alternatives for Message Signature from Sender 1.Approach 1 –X12 58 to digitally sign X12 transaction set Optional: X to transmit signer’s public.
Electronic Submission of Medical Documentation (esMD) Author of Record Workgroup Friday, September 7 th,
Electronic Submission of Medical Documentation (esMD) Sub-Workgroup October 10, 2012.
EsMD Harmonization Mapping Analysis for X & X
Matej Bel University Cascaded signatures Ladislav Huraj Department of Computer Science Faculty of Natural Sciences Matthias Bel University Banska Bystrica.
Identity Proofing, Signatures, & Encryption in Direct esMD Author of Record Workgroup John Hall Coordinator, Direct Project June 13, 2012.
DIGITAL SIGNATURE.
HIPAA Summit EDI Enrollment A Manual Process in the EDI Chain Marcallee Jackson ProxyMed, Inc.
1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.
Standard Unique Health Identifier for Health Care Providers April 9, th Annual HIPAA Summit Gail Kocher Highmark.
Electronic Submission of Medical Documentation (esMD)
Task Force CoRD Meeting / XML Security for Statistical Data Exchange Gregory Farmakis Agilis SA.
Attribute Delivery - Level of Assurance Jack Suess, VP of IT
Electronic Security and PKI Richard Guida Chair, Federal PKI Steering Committee Chief Information Officers Council
EsMD Author of Record L1 Use Case Meeting Wednesday, August 1, 2012.
EsMD Author of Record L1 Use Case Meeting Wednesday, July 25, 2012.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
Trust Profiling for Adaptive Trust Negotiation
Presentation transcript:

Electronic Submission of Medical Documentation (esMD) to DirectTrust.org December 3, 2014

Improper Payment  Medicare receives 4.8 M claims per day.  CMS’ Office of Financial Management estimates that each year (based on 2013 audit information) o the Medicare FFS program issues more than $36.0 B in improper payments (error rate: 10.1%). o $21.7 B of improper payment is due inadequate documentation to support payment for services billed o $10.1 B of improper payment is due to services that were not medical necessary based on Medicare coverage policies  1.8 million Medical Documentation Requests are sent annually by: Medicare Administrative Contractors (MACs) Medical Review (MR) Departments Comprehensive Error Rate Testing Contractor (CERT) Payment Error Rate Measurement Contractor (PERM) Medicare Recovery Auditors (formerly called RACs)

PCG/esMD Goals  Prevent improper payment through prior-authorization (e.g. PMD) pre-payment review  Minimize provider burden through electronic communication of medical information (esMD) structured data to facilitate review process digital signatures to establish data integrity and provenance  Adopt/promote standards to facilitate information exchange electronic transaction standards Messaging standards Content standards Digital Signature standards

esMD Background Phase I of esMD was implemented in September of It enabled Providers to send Medical Documentation electronically 4 Review Contractor Provider Request Letter Paper Medical Record Phase 1: Doc’n Request Letter electronic Phase 2: Before esMD: Healthcare payers frequently request that providers submit additional medical documentation to support a specific claim(s). Until recently, this has been an entirely paper process and has proven to be burdensome due to the time, resources, and cost to support a paper system. The ONC S&I Framework Electronic Submission of Medical Documentation (esMD) initiative is developing solutions to support an entirely electronic documentation request.

CMS esMD Utilizes CONNECT Content Transport Services Structured Electronic Requests for Medical Documentation CONNECT Compatible Medicare Recovery Auditors PERM CMS Private Network ECM xml PDF CERT PDF Medicare Administrative Contractors CONNECT Compatible

esMD Direction esMD ZPICs PERM MACs Content Transport Services RACs CERT Baltimore Data Center Medicare Private Network PD HISP Direct EDI Translator HIH or Provider CONNECT Providers & Intermediaries EDI – X12 In Operation In Development Waiting

esMD Process Flow The overall esMD process can be divided into three steps: esMD Phase 2 esMD Phase 1 7

S&I Framework esMD Initiative Overview Provider Entity Payer Entity Payer Provider (Individual or Organization) Provider (Individual or Organization) Contractors / Intermediaries Agent Payer Internal System Gateway esMD UC 2: Secure eMDR Transmission esMD UC 1: Provider Registration Digital signatures on transactions esMD AoR Level 1 and Level 2 Digital Signatures on Document Bundles and Individual Documents Certificate Authority Registration Authority Provider Directories User Story All Actors obtain and maintain a non-repudiation digital identity Provider registers for payer services (see UC1) Payer requests documentation (see UC2) Provider submits digitally signed documents and/or document bundles to address request by payer Payer validates the digital credentials, signature artifacts and, where appropriate, delegation of rights

AoR -- Phased Scope of Work 9 Level 1 – Completed Level 2 - Completed Level 3 - TBD Digital signature on aggregated documents (bundle) Digital signature to allow traceability of individual contributions Digital signature(s) on an individual document Focus is on signing a bundle of documents prior to transmission Define transaction signature requirements and artifacts in conjunction with for esMD UC 1 and UC 2 Focus is on one or more contributors signing an individual document at the time of document creation Focus is on provenance of information with non-repudiation signatures on information at the point of creation

Digital Identities and AoR Workgroups 1.Identity proofing 2.Digital identity management 3.Digital signatures and artifacts 4.Delegation of Rights 5.Author of Record 10

General AoR Requirements  Solution must  scale to all providers and payers  minimize the operational impact required to establish, maintain or use a digital identity  provide for non-repudiation without resorting to audit logs or validation of system configuration  Standards – minimum required  Federal Bridge Certification Authority Medium Level  NIST Level 3 (in-person) /4  NIST Part 1 (Revision 3 July 2012)  X.509v3 Digital Certificates

Standards for Identity Proofing Document LinkTitle & Version / Notes FBCA X.509 Certificate Policy X.509 Certificate Policy for the Federal Bridge Certification Authority, Version 2.25 FICAM Roadmap and Implementation Guidance Federal Identity, Credential, and Access Management Roadmap and Implementation Guidance, Version 2.0 NIST SP Electronic Authentication Guideline

FBCA Identification Requirements for Medium Assurance Level LevelIdentification Requirements Medium (all policies) Identity shall be established by in-person proofing before the Registration Authority, Trusted Agent or an entity certified by a State or Federal Entity as being authorized to confirm identities; information provided shall be verified to ensure legitimacy. A trust relationship between the Trusted Agent and the applicant which is based on an in-person antecedent may suffice as meeting the in-person identity proofing requirement. Credentials required are one Federal Government-issued Picture I.D., one REAL ID Act compliant picture ID1, or two Non-Federal Government I.D.s, one of which shall be a photo I.D. (e.g., Non-REAL ID Act compliant Drivers License). Any credentials presented must be unexpired. Clarification on the trust relationship between the Trusted Agent and the applicant, which is based on an in-person antecedent identity proofing event, can be found in the “FBCA Supplementary Antecedent, In-Person Definition” document. For PIV-I, credentials required are two identity source documents in original form. The identity source documents must come from the list of acceptable documents included in Form I-9, OMB No , Employment Eligibility Verification. At least one document shall be a valid State or Federal Government-issued picture identification (ID). For PIV-I, the use of an in-person antecedent is not applicable.

Standards for Signing Credentials Document LinkTitle & Version / Notes FBCA X.509 Certificate Policy X.509 Certificate Policy for the Federal Bridge Certification Authority, Version 2.25 FICAM Roadmap and Implementation Guidance Federal Identity, Credential, and Access Management Roadmap and Implementation Guidance, Version 2.0

Standards for Digital Signatures and Delegation of Rights Standard and LinkIssued by FBCA X.509 Certificate Policy X.509 Certificate Policy for the Federal Bridge Certification Authority, Version 2.25 FIPS PUB 186-3Digital Signature Standard XML DigSig XML Signature Syntax and Processing (Second Edition), W3C Recommendation OASIS SAML AssertionsAssertions and Protocols for the OASIS Security Assertion Markup Language (SAML), Version 2.0 All SAML v2.0 files

Summary esMD initiative identifies Best Practice for: 1)Establishing the identity of providers 2)Registering providers for payer services 3)Secure transmission of electronic requests for documentation 4)Defining documentation requests standards 5)Addressing Author of Record requirements 6)Defining Digital Identity a)Identity Proofing of all participants b)Digital Credential Lifecycle, c)Digital Signatures, and d)Delegation of Rights Standards 7)Creating implementation guides for payers and providers for all required esMD processes and transactions

What drives CMS Direct Requirements? 1.Federal Security Requirements –FIPS (Federal Information Processing Standards) –FISMA (Federal Information Security Management Act) –NIST (National Institute of Standards) –FPKI (Federal Public Key Infrastructure) –FBCA (Federal Bridge Certification Authority) –HIPAA (Health Insurance Portability and Accountability Act) 2.Medicare FFS Relationship to Providers –No direct contractual relationship with providers –Providers register with NPPES (National Plan & Provider Enumeration Systems) for NPI –Providers enroll with PECOS (Provider Enrollment, Chain and Ownership System) for Medicare FFS 4.CMS requirements for communication of PHI to providers –Communication containing PHI must be sent to validated endpoint Mail address (on CLAIM) Requested endpoint

Requirements for esMD Direct 1)Identity-proof individual or organization at FBCA medium (e.g. NIST LOA3 with in-person requirement) “address owner” –Antecedent allowed based on FBCA guidelines –Validate NPI for all providers 2)X.509 v3 certificate (Direct Cert) from FBCA cross-certified CA issued under FBCA CP or equivalent –Direct Cert must include NPI –Direct Cert must be address bound (not domain) 3)HISP must be inspected and accredited (details TBD) 4)Direct Cert must only be issued to accredited HISP 5)Direct “address owner” must be covered by a BAA with the HISP 6)Last mile and access must utilize an encrypted transport (should meet current FIPS/FISMA requirements -- e.g. TLS 1.1 minimum) Best Practice (not current requirement) 1)Separate signing and encryption Direct Certs 2)All Direct messages stored encrypted in HISP (including audit logs) 3)Two factor authentication for account access where one factor is a hard token