esMD+Author+of+Record+Charter+Consensus+(L2)

include component="page" wikiName="siframework" page="esMD Header" =Consensus Process= The goal is unanimous consent, which is obtained by carefully considering and addressing significant input from the Community of Interest. Where unanimity is not possible, a group SHOULD strive to make consensus decisions where there is significant support and few abstentions. Any significant deliverable of the Initiative Charter will be approved through a formal Consensus process. Each Initiative Member will provide one of the following votes during the Consensus process:
 * **Yes**
 * A Yes vote does not necessarily mean that the deliverable is the ideal one from the perspective of the Initiative Member, but that it is better to move forward than to block the deliverable
 * **Yes with comments**
 * If a Consensus Process attracts significant comments (through Yes with comment votes), it is expected that the comments be addressed in a future revision of the deliverable.
 * **Formal Objection**- with comments indicating a path to address the objection in a way that meets the known concerns of other members of the Community of Interest. "Formal Objection" vote without such comments will be considered Abstain votes.
 * A Formal Objection means that the objector cannot proceed with the project unless the objections are met. It is acceptable and expected to use a Formal Objection in a first consensus round to communicate a point of view or process issue that has not been addressed in the drafting of the initial deliverable.
 * Should a Consensus Process attract even one "Formal Objection" vote with comments from an Initiative Member, the deliverable must be revised to address the "Formal Objection" vote (unless an exceptional process is declared).
 * **Abstain** (decline to vote)


 * Note: If you have comments on multiple sections please submit a new entry for each comment. Only one vote will be counted per committed organization and each comment from members of a single organization must contain the same type of vote.**
 * **E.g. - If one member of ACME Corp. votes "Yes (with comment)" another member from ACME Corp. cannot vote "Object (with comment)." In such cases votes will be considered an "Abstain" vote. Alternatively, if one member of ACME Corp. votes "Objection (with comment)" on one section of the document but has comments regarding another section of the document, they are welcome to provide additional comments but their vote for the new comment must still be "Objection (with comment)."**

If you have any questions about the voting process, please email Sweta Ladwa - sweta.ladwa@esacinc.com. If you have any technical difficulties casting your vote, please email the S&I Admin, Apurva Dharia - apurva.dharia@esacinc.com.

Download a Microsoft Word version of the Draft Author of Record Workgroup Charter:

media type="custom" key="21883186" Note: Comments may take a few minutes to refresh media type="custom" key="21883202"

=Author of Record Workgroup Charter=

Challenge Statement
CMS and other Health Plans/Payers need a standardized, implementable, machine-interoperable electronic solution to reduce the time, expense, and paper required in current manual processing of both medical documentation request letters and the relevant medical documentation exchanged between Healthcare Providers and Health Plans/Payers. The challenge at hand is to identify the requirements to verify the origin and authenticity of data submitted to CMS and other Health Plans/Payers for proper medical documentation processing.

Purpose Statement
The purpose of this workgroup is to investigate and develop operational solutions to address Author of Record, Identity Proofing, Digital Identity Management, Encryption (limited scope, pertaining to payloads containing Personal Health Information (PHI)), Digital Signatures, and Delegation of Rights within a healthcare context. The solution must support the digital signature and identity proofing requirements that allow healthcare Providers to register for and receive eMDRs from CMS and other Health Plans/Payers. This solution must also provide support for CMS and other Health Plans/Payers to accurately authenticate the author of documentation within the medical record, and trust the validity and authenticity of submitted medical documentation.

Value Statement
The value of the esMD Initiative will be to provide consensus-based use cases, functional requirements, standards references and implementation specifications representing combined input from a broad range of stakeholders, including CMS, commercial Health Plans/Payers, Providers, and vendors. This will promote a nationally standardized approach to medical document request letters, claims attachments, and the proof of validity and authorship of medical documentation. Health Plans/Payers and Providers will benefit from this Initiative’s recommendations and implementation guidance on Digital Signatures attached to patient information and electronic transactions. This will enable communications regarding the administrative claims processing between Providers and Health Plans/Payers to occur in a secure electronic format. Additional benefits include:
 * Increased security of information exchange involving PHI
 * Improved ability to identify and verify authorship of medical documentation for administrative purposes, clinical decision making, and care coordination
 * Providing industry best practices for other domains within healthcare where PHI is exchanged
 * Making the process of sending and receiving PHI less burdensome on Health Plans/Payers and Providers
 * Identifying security breaches or tampering of information sent or received that are not always evident in the paper process
 * Saving time, money and resources for CMS, Commercial Health Plans/Payers, and Providers
 * Elimination of the paper process and its associated labor and error rate.
 * Guidance and recommendations on EHR Certification criteria as it relates to document submission (AoR L1), document level signatures (AoR L2) as well as tracking contributions to a document by various authors (AoR L3)
 * Improved timeliness results in improved accounts receivable cycle for Providers, so payments are received sooner
 * Reduced improper payments

Objective
The workgroup will conduct an environmental scan to understand what viable standards and practices are currently in place to support proof of authorship and digital signatures. With the knowledge obtained from the environmental scan, the workgroup will discuss and document requirements relevant to CMS and other Health Plans/Payers regarding signatures for submitted medical documentation. This will include consideration and vendor input with regards to what EHR systems can realistically support, and also include input from healthcare Providers to ensure the solution is not overly burdensome to healthcare Providers and healthcare Provider organizations. Additionally, the Provider Profiles Authentication and Structured Content/Secure Transport of the eMDR use cases will be supported in this workgroup by the following: This workgroup will define the Use Case and Functional Requirements, Analyze and Harmonize standards relevant to author-level signatures that support pilot implementations of the solutions, while taking into account the two Use Cases developed as part of the S&I esMD initiative. Business requirements and standards will focus on the needs of CMS and the CMS Review Contractors, while also considering options to enable re-use by other Health Plans/Payers.
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Cryptographic (or equivalent) verification of all participants (Providers, Intermediaries, and Health Plans/Payers)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Prevention of tampering
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Encryption of Patient Health Information (PHI) contained in the eMDR

Workgroup Scope
<span style="font-family: 'Times New Roman','serif'; font-size: 16px;">This workgroup will investigate and recommend solutions on various levels of Author of Record needs: <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">The scope of effort includes the 5 focus areas for the Author of Record Workgroup, Levels 1, 2, and 3, identified during the initial pre-discovery efforts: Identity Proofing, Digital Identity Management, Digital Signatures, Delegation of Rights, and Encryption (limited scope, pertaining to payloads containing PHI). <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">The workgroup will focus on Identity Proofing, Digital Identity Management and Digital Signatures for NIST E-Authentication SP 800-63 Level 3 Authentication.
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">AoR Level 1 – Digital signature on aggregated documents (Document Bundle)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">AoR Level 2 – Digital signature on an individual document
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">AoR Level 3 – Digital signature to allow traceability of individual contributions to a document

AoR Level 1

 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Solutions to support the signature artifacts identified for esMD Use Case 1 and 2
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Solutions for digital signatures are intended for the Document Bundle level, to attest to the validity and authenticity of the patient information within the Document Bundle (or other relevant medical documentation) - and will be agnostic regarding format of the document content in the Document Bundle.
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">This workgroup may provide suggestions to CMS regarding policies and regulations needed to support the recommended solution
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Digital Identity Management
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Encryption (limited scope, pertaining to payloads containing PHI)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Delegation of Rights function as related to the registration transaction or the Document Bundle-level signature
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Privacy, Security and Delegation of Rights requirements between the **Provider Entity** (which could be Provider, Health System, or Agent/HIH) and **Payer Entity** (which could be Payer, Payer Contractor, or someone else on their behalf)

AoR Level 2
<span style="font-family: 'Times New Roman','serif'; font-size: 16px;">TBD

AoR Level 3
<span style="font-family: 'Times New Roman','serif'; font-size: 16px;">TBD

AoR Level 1

 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Digital signature on an individual document and other items to be defined
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Digital signature to allow traceability of individual contributions to a document and other items to be defined

AoR Level 2
<span style="font-family: 'Times New Roman','serif'; font-size: 16px;">TBD

AoR Level 3
<span style="font-family: 'Times New Roman','serif'; font-size: 16px;">TBD

Targeted Goal & Outcome

 * **<span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Goal – **<span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Achieve highest level of Provider authentication for AoR using available technology
 * **<span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Outcome – **
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Satisfy Statute requirements for AoR
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Medicare error rate reduction to meet CMS requirements set by Congress
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Reduction in improper payment

Timeline
<span style="font-family: 'Times New Roman','serif'; font-size: 16px;">The work group will use an incremental approach for addressing AoR Level 2 and Level 3 that will build on the foundation of AoR Level 1, and will coordinate the Discovery, Implementation and Pilot phases for completing each successive AoR level, per the proposed timeline below.

Relevant Policies

 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">CMS Internet Only Manuals (IOM)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">CMS National Coverage Determination (NCD) / CMS Local Coverage Determination (LCD)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Applicable SSA Statute
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Applicable State regulations and laws
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Applicable Federal regulations and laws

General (multiple categories)

 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">CAQH CORE Connectivity 270 Rule v2.2.0 (Transport, Envelope, and Security)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">NwHIN X12 Document Submission Specification
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">NwHIN-Exchange specifications (IHE: XDS,XCA,XDM,XDR,XUA,XCPD,ATNA)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">HPD+ (Healthcare Provider Directory with S&I Framework PD extension)

Transport

 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">DIRECT Project SMTP/SMIME
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">NwHIN Exchange (Connect)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">SOAP (Simple Object Access Protocol)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">REST (Representational State Transfer)

Message/Content

 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">X12 274 (Healthcare Provider Information)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">X12 277 Request for Additional Documentation
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">X12 275 Additional Information to Support a Healthcare Claim or Encounter
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">IHE XD* (XDM,XDS, XDR)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">HL7 CDA r2 (Including Claims Attachment Workgroup work-product)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">HITSP CCD (multiple standards)

Security

 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Security Assertion Markup Language (SAML)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Cross-Enterprise User Assertion (XUA)/Enterprise User Authentication (EUA)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Records Management and Evidentiary Support (RM-ES) Functional Profile
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">IHE Digital Signatures Profile (DSG)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">NIST SP 800-63
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">X.509 v3

S tandards Groups (supply/support/extend relevant standards)

 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Health Level Seven International (HL7)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Integrating the Healthcare Enterprise (IHE)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Direct
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">National Institute of Standards and Technology (NIST)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">National Strategy for Trusted Identities in Cyberspace (NSTIC)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Federal Bridge/ Federal Public Key Infrastructure (FPKI)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">National Committee on Vital and Health Statistics (NCVHS)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">National Council for Prescription Drug Programs (NCPDP)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">ASC X12
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">CAQH CORE

Exchange Partners (Create / Consume/ Utilize relevant transactions, payloads and specified standards)

 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Health Plans/Payers – CMS, Commercial Payers
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Healthcare Providers and Provider Organizations
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Drug Enforcement Agency (DEA)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Social Security Administration (SSA)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Department of Defense
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Veterans Affairs (VA)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">TRICARE
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Substance Abuse and Mental Health Services Administration (SAMHSA)

Policy Organizations (create relevant policies)

 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Federal Government
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">States

Service Providers (provide services to facilitate transactions and information exchange)

 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Health Information Exchanges (HIE)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Registration Authorities/Identity Verifiers
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Certificate Authorities/Credential Providers
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Electronic Health Record (EHR) Vendors
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Health Information Handlers (HIH)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Healthcare Provider Directory Services
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Other Insurance, Healthcare, Intermediaries, Third Party Administrators (TPAs), Contractors, and Representatives

<span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Note - A complete list of stakeholders will be developed as part of the Use Case

Dependencies

 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">National standards for identity, credentials, and transaction/document authentication Industry technology and expertise
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Current standards and policies set by CMS and Commercial Health Plans/Payers
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Certificate Authorities / Registration Authorities (“Trust Anchors”)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">EHR Technologies
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Payer and contractor technologies
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">State regulations and laws
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Federal regulations and laws

Relevance outside of esMD

 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Drug Enforcement Administration (DEA) – DEA has implemented solutions for similar requirements, and we will seek their input and participation to evaluate if their solutions can be re-used within the scope of this workgroup
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">SSA has implemented solutions for similar requirements, and we will seek their input and participation to evaluate if their solutions can be re-used within the scope of this workgroup
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Health Plans/Payers – They will benefit from a standardized signature process to confirm validity and authenticity of the submitted medical documentation
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Providers / Provider Organization – It is expected that Providers will be able to implement and use this solution, in order to support medical documentation submission, and potentially other transactions requiring signatures. This could enable a common approach by Providers and therefore may enhance the business justification for enabling the solution.
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Vendors
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Patients – They would benefit from the standardized signature process to enhance validity, trust, and privacy of health information, in addition to prevention of identity theft via secure transport of patient information.

Potential Risks

 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Ensuring secure, trustable communications between Health Plans/Payers and Providers
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Compliance with FISMA in sending PHI from Health Plans/Payers to Providers
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Establishing policy regarding signatures or proof of content authorship within structured content
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Identifying implementable solutions to prove authorship that minimize burden to both Providers and Health Plans/Payers

Related Workgroups

 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">esMD Use Cases developed within S&I
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Use Case1 - Provider Registration with a Payer to receive electronic medical documentation requests (eMDRs) from Payer to Provider
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Use Case 2 - Secure Transportation and Structured Content of eMDRs
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Input from S&I initiatives that have similar needs to those identified for esMD
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">S&I Modular Specifications workgroup (esMD Phase I)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">External to S&I: HL7 RMES, DEA, SSA, IHE, Federal Bridge, FICAM, CMS

include component="page" wikiName="siframework" page="space.template.inc_contentleft_end"