esMD+-+Author+of+Record

include component="page" wikiName="siframework" page="esMD Header" =Announcements= =Works Approved Through Consensus=
 * Thank You for your participation!!The Round Robin Consensus Voting for the esMD Author of Record Level 2 Use Case 4 was successfully completed on Wednesday, April 3rd, 2013. The final votes submitted by the committed group members can be found at this link: esMD AoR Level 2 Use Case 4 Consensus Page
 * **Date** || **Artifact Name** || **Artifact Links** ||
 * July 23, 2012 || AoR Workgroup Charter || [|Wiki Link] ||
 * September 20, 2012|| AoR Level 1 Use Case || [|Download] ||
 * February 22, 2013 || AoR Level 1 Use Case IG || [|Download] ||
 * January 7, 2015 || AoR Level 1 Use Case Digital Signature Rerelease || [|Download] ||
 * January 9, 2013 || AoR Level 1 SWG 1: Digital Credentials || [|Download] ||
 * January 9, 2013 || AoR Level 1 SWG 2: Identity Proofing || [|Download] ||
 * January 9, 2013 || AoR Level 1 SWG 3: Digital Signatures and Delegation of Rights || [|Download] ||
 * March 20, 2013 || AoR Level 2 Use Case || [|Download] ||
 * March 20, 2013 || AoR Level 2 Use Case IG || [|Download] ||

=Author of Record and Digital Signatures Pre-Discovery (5/2-5/23/2012)= The esMD Initiative held a four-week Pre-Discovery phase for the Author of Record work stream. This work stream focused on requirements, challenges and industry standards for Author of Record and Digital Authentication related to clinical and administrative content and their associated transactions.

An environmental scan of current S&I initiative requirements and industry best practices in authentication, digital certificates, and e-signatures was performed. Leadership from multiple initiatives within the Standards and Interoperability Framework participated in this discussion due to the broad applicability of digital authentication.


 * **Date** || **Objective(s)** || **Meeting Presentation** || **Meeting Minutes** ||
 * **Wednesday, May 2nd, 2012, 10 AM**
 * (Week 1)** || Identify the needs of other S&I initiatives, the community at large, and esMD || [[file:siframework/esMD AOR and Digital Signature 5-2-2012 V3.0.pptx|esMD AOR and Digital Signature 5-2-2012 V3.0.pptx]] || [[file:siframework/AoR Pre-Discovery Minutes 5.2.2012v2.docx|AoR Pre-Discovery Minutes 5.2.2012v2.docx]] ||
 * **Wednesday, May 9th, 2012, 10 AM**
 * (Week 2)** || Conduct a survey of options applicable to the identified needs from Week 1 || [[file:siframework/esMD AOR and Digital Signature 5-9-2012 V1.1.pptx|esMD AOR and Digital Signature 5-9-2012 V1.1.pptx]] || [[file:siframework/AoR Pre-Discovery Minutes 5.9.2012v1.docx|AoR Pre-Discovery Minutes 5.9.2012v1.docx]] ||
 * **Wednesday, May 16th, 2012, 10 AM**
 * (Week 3)** || Identify implications and obstacles associated with the adoption of various approaches to digital authentication technologies || [[file:siframework/esMD AOR and Digital Signature 5-16-2012 V1.1.pptx|esMD AOR and Digital Signature 5-16-2012 V1.1.pptx]] || [[file:siframework/AoR Pre-Discovery Minutes 5.16.2012v2.docx|AoR Pre-Discovery Minutes 5.16.2012v2.docx]] ||
 * **Wednesday, May 23rd, 2012, 10 AM**
 * (Week 4) – new, stakeholder decision** || Finish Week 3 effort and discuss priorities || [[file:esMD AOR and Digital Signature 5-23-2012 V1.1-1_final.pptx|esMD AOR and Digital Signature 5-23-2012 V1.1-1_final.pptx]] || [[file:AoR Pre-Discovery Minutes 5_23_12.docx|AoR Pre-Discovery Minutes 5_23_12.docx]] ||

=Author of Record Workgroup Charter=
 * Meeting recordings can be found on the initiative WG meetings page.**

Challenge Statement
The Centers for Medicare and Medicaid Services (CMS) and other Health Plans/Payers need a standardized, implementable, machine-interoperable electronic solution to reduce the time, expense, and paper required in current manual processing of both medical documentation request letters and the relevant medical documentation exchanged between Healthcare Providers and Health Plans/Payers. The challenge at hand is to identify the requirements to verify the origin and authenticity of data submitted to CMS and other Health Plans/Payers for proper medical documentation processing.

Purpose Statement
The purpose of this workgroup is to investigate and develop operational solutions to address Author of Record, Identity Proofing, Digital Identity Management, Encryption (encryption only as it pertains to protecting the confidentiality of payloads containing Personal Health Information (PHI)), Digital Signatures, and Delegation of Rights within a healthcare context. The solution must support the digital signature and identity proofing requirements that allow healthcare Providers to register for and receive Electronic Medical Documentation Requests (eMDRs) from CMS and other Health Plans/Payers. This solution must also provide support for CMS and other Health Plans/Payers to accurately authenticate the author of documentation within the medical record, and trust the validity and authenticity of submitted medical documentation.

Value Statement
The value of the esMD Initiative will be to provide consensus-based use cases, functional requirements, standards references and implementation specifications representing combined input from a broad range of stakeholders, including CMS, commercial Health Plans/Payers, Providers, and vendors. This will promote a nationally standardized approach to medical document request letters, claims attachments, and the proof of validity and authorship of medical documentation. Health Plans/Payers and Providers will benefit from this Initiative’s recommendations and implementation guidance on Digital Signatures attached to patient information and electronic transactions. This will enable communications regarding the administrative claims processing between Providers and Health Plans/Payers to occur in a secure electronic format. Additional benefits include:
 * Standardized formats, processes, and technology approaches
 * Increased security of information exchange involving PHI
 * Improved ability to identify and verify authorship of medical documentation for administrative purposes, clinical decision making, and care coordination
 * Providing industry best practices for other domains within healthcare where PHI is exchanged
 * Making the process of sending and receiving PHI less burdensome on Health Plans/Payers and Providers
 * Identifying security breaches or tampering of information sent or received that are not always evident in the paper process
 * Saving time, money and resources for CMS, Commercial Health Plans/Payers, and Providers
 * Elimination of the paper process and its associated labor and error rate
 * Guidance and recommendations on EHR Certification criteria as it relates to document submission
 * Improved timeliness results in improved accounts receivable cycle for Providers, so payments are received sooner
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Reduced improper payments

Objective
<span style="font-family: 'Times New Roman','serif'; font-size: 16px;">The workgroup will conduct an environmental scan to understand what viable standards and practices are currently in place to support proof of authorship and digital signatures. With the knowledge obtained from the environmental scan, the workgroup will discuss and document requirements relevant to CMS and other Health Plans/Payers regarding signatures for submitted medical documentation. This will include vendors’ input with regards to what EHR systems can realistically support, and also include input from healthcare Providers to ensure the solution is not overly burdensome to healthcare Providers and healthcare Provider organizations. Additionally, the Provider Profiles Authentication and Structured Content/Secure Transport of the eMDR use cases will be supported in this workgroup by the following: <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">This workgroup will define the Use Case and Functional Requirements, Analyze and Harmonize standards relevant to author-level signatures that support pilot implementations of the solutions, while taking into account the two Use Cases developed as part of the Standards and Interoperability Framework’s (S&I) esMD initiative. Business requirements and standards will focus on the needs of CMS and the CMS Review Contractors, while also considering options to enable re-use by other Health Plans/Payers.
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Cryptographic (or equivalent) verification of all participants (Providers, Intermediaries, and Health Plans/Payers)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Prevention of tampering
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Encryption of Patient Health Information (PHI) contained in the eMDR

Workgroup Scope
<span style="font-family: 'Times New Roman','serif'; font-size: 16px;">This workgroup will investigate and recommend solutions on various levels of Author of Record needs: <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">The scope of effort includes the five focus areas for the Author of Record Workgroup identified during the initial pre-discovery efforts: 1) Identity Proofing, 2) Digital Identity Management, 3) Digital Signatures, 4) Delegation of Rights, and 5) Encryption (encryption only as it pertains to protecting the confidentiality of payloads containing PHI). <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">The workgroup will focus on Identity Proofing, Digital Identity Management and Digital Signatures for NIST E-Authentication SP 800-63 Level 3 Authentication.
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">AoR Level 1 – Digital signature on aggregated documents (Document Bundle - to be defined during Use Case development)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">AoR Level 2 – Digital signature on an individual document
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">AoR Level 3 – Digital signature to allow traceability of individual contributions to a document

AoR Level 1

 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Solutions to support the signature artifacts identified for esMD Use Case 1 and 2
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Solutions for digital signatures are intended for the Document Bundle level, to attest to the validity and authenticity of the patient information within the Document Bundle (or other relevant medical documentation) - and will be agnostic regarding format of the document content in the Document Bundle.
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">This workgroup may provide suggestions to CMS regarding policies and regulations needed to support the recommended solution
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Digital Identity Management
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Encryption (encryption only as it pertains to protecting the confidentiality of payloads containing PHI)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Delegation of Rights function as related to the registration transaction or the Document Bundle-level signature
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Privacy, Security and Delegation of Rights requirements between the **Provider Entity** (which could be Provider, Health System, or Agent/HIH) and **Payer Entity** (which could be Payer, Payer Contractor, or someone else on their behalf)

AoR Level 2
<span style="font-family: 'Times New Roman','serif'; font-size: 16px;">TBD

AoR Level 3
<span style="font-family: 'Times New Roman','serif'; font-size: 16px;">TBD

AoR Level 1

 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Digital signature on an individual document and other items to be defined
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Digital signature to allow traceability of individual contributions to a document and other items to be defined

AoR Level 2
<span style="font-family: 'Times New Roman','serif'; font-size: 16px;">TBD

AoR Level 3
<span style="font-family: 'Times New Roman','serif'; font-size: 16px;">TBD

Targeted Goal & Outcome

 * **<span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Goal – **<span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Achieve highest level of Provider authentication for AoR using available technology
 * **<span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Outcome – **
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Satisfy Statute requirements for AoR
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Medicare error rate reduction to meet CMS requirements set by Congress
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Reduction in improper payment

Timeline
<span style="font-family: 'Times New Roman','serif'; font-size: 16px;">The work group will use an incremental approach for addressing AoR Level 2 and Level 3 that will build on the foundation of AoR Level 1, and will coordinate the Discovery, Implementation and Pilot phases for completing each successive AoR level, per the proposed timeline below.

Relevant Policies

 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">CMS Internet Only Manuals (IOM)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">CMS National Coverage Determination (NCD) / CMS Local Coverage Determination (LCD)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Applicable SSA Statute
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Applicable State regulations and laws
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Applicable Federal regulations and laws

General (multiple categories)

 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">CAQH CORE Connectivity 270 Rule v2.2.0 (Transport, Envelope, and Security)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">NwHIN X12 Document Submission Specification
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">NwHIN-Exchange specifications (IHE: XDS,XCA,XDM,XDR,XUA,XCPD,ATNA)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">HPD+ (Healthcare Provider Directory with S&I Framework PD extension)

<span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Transport

 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">DIRECT Project SMTP/SMIME
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">NwHIN Exchange (Connect)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">SOAP (Simple Object Access Protocol)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">REST (Representational State Transfer)

<span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Message/Content

 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">X12 274 (Healthcare Provider Information)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">X12 277 Request for Additional Documentation
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">X12 275 Additional Information to Support a Healthcare Claim or Encounter
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">IHE XD* (XDM,XDS, XDR)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">HL7 CDA r2 (Including Claims Attachment Workgroup work-product)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">HITSP CCD (multiple standards)

<span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Security

 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Security Assertion Markup Language (SAML)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Cross-Enterprise User Assertion (XUA)/Enterprise User Authentication (EUA)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Records Management and Evidentiary Support (RM-ES) Functional Profile
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">IHE Digital Signatures Profile (DSG)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">NIST SP 800-63
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">X.509 v3

<span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Potential Stakeholders
===<span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Standards Groups (supply/support/extend relevant standards) ===
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Health Level Seven International (HL7)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Integrating the Healthcare Enterprise (IHE)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Direct
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">National Institute of Standards and Technology (NIST)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">National Strategy for Trusted Identities in Cyberspace (NSTIC)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Federal Bridge/ Federal Public Key Infrastructure (FPKI)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">National Committee on Vital and Health Statistics (NCVHS)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">National Council for Prescription Drug Programs (NCPDP)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">ASC X12
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">CAQH CORE

===Exchange Partners (Create / Consume/ Utilize relevant transactions, payloads and specified standards) ===
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Health Plans/Payers – CMS, Commercial Payers
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Healthcare Providers and Provider Organizations
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Drug Enforcement Agency (DEA)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Social Security Administration (SSA)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Department of Defense
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Veterans Affairs (VA)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">TRICARE
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Substance Abuse and Mental Health Services Administration (SAMHSA)

Policy Organizations (create relevant policies)

 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Federal Government
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">States

===Service Providers (provide services to facilitate transactions and information exchange) ===
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Health Information Exchanges (HIE)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Registration Authorities/Identity Verifiers
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Certificate Authorities/Credential Providers
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Electronic Health Record (EHR) Vendors
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Health Information Handlers (HIH)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Healthcare Provider Directory Services
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Other Insurance, Healthcare, Intermediaries, Third Party Administrators (TPAs), Contractors, and Representatives

<span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Note - A complete list of stakeholders will be developed as part of the Use Case Relevance outside of esMD
 * <span style="color: #4f81bd; font-family: 'Cambria','serif'; font-size: 17.3333px;">Dependencies **
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">National standards for identity, credentials, and transaction/document authentication Industry technology and expertise
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Current standards and policies set by CMS and Commercial Health Plans/Payers
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Certificate Authorities / Registration Authorities (“Trust Anchors”)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">EHR Technologies
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Payer and contractor technologies
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">State regulations and laws
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Federal regulations and laws
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Drug Enforcement Administration (DEA) – DEA has implemented solutions for similar requirements, and we will seek their input and participation to evaluate if their solutions and lessons learned can be re-used within the scope of this workgroup
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">SSA has implemented solutions for similar requirements, and we will seek their input and participation to evaluate if their solutions and lessons learned can be re-used within the scope of this workgroup
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Health Plans/Payers – They will benefit from a standardized signature process to confirm validity and authenticity of the submitted medical documentation
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Providers / Provider Organization – It is expected that Providers will be able to implement and use this solution, in order to support medical documentation submission, and potentially other transactions requiring signatures. This could enable a common approach by Providers and therefore may enhance the business justification for enabling the solution.
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Vendors
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Patients – They would benefit from the standardized signature process to enhance validity, trust, and privacy of health information, in addition to prevention of identity theft via secure transport of patient information.

Potential Risks

 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Ensuring secure, trustable communications between Health Plans/Payers and Providers
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Compliance with FISMA in sending PHI from Health Plans/Payers to Providers
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Establishing policy regarding signatures or proof of content authorship within structured content
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Identifying implementable solutions to prove authorship that minimize burden to both Providers and Health Plans/Payers
 * Potential Related Workgroups <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">esMD Use Cases developed within the S&I Framework
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Use Case1 - Provider Registration with a Payer to receive electronic medical documentation requests (eMDRs) from Payer to Provider
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Use Case 2 - Secure Transportation and Structured Content of eMDRs
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">Input from S&I initiatives that have similar needs to those identified for esMD
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">S&I Modular Specifications workgroup (esMD Phase I)
 * <span style="font-family: 'Times New Roman','serif'; font-size: 16px;">External to S&I (including): HL7 Records Management & Evidentiary Support (RM-ES), DEA, SSA, IHE, Federal Bridge, <span style="color: #000000; font-family: 'Times New Roman','serif'; font-size: 16px; text-decoration: none;">[|Federal Identity, Credential, and Access Management] <span style="font-family: 'Times New Roman','serif'; font-size: 16px;"> (FICAM), CMS, Electronic Healthcare Network Accreditation Commission (EHNAC)

include component="page" wikiName="siframework" page="esMD Contacts"