esMD+Reference+Materials

include component="page" wikiName="siframework" page="esMD PageTabs" toc include component="page" wikiName="siframework" page="esMD SidebarRight" include component="page" wikiName="siframework" page="esMD initiative Announcements" =Reference Materials= Please visit the following Link to find up to date Consensus approved Project Artifacts including Project Charter, Use Cases, Implementation Guide and White Papers. =Reference Materials - PPA and Structured Content of eMDR Workstream= Please note that the tabs for the Data Model are on the bottom and the Integration, Content and Security Profiles are examples and not final sets. || [|https://docs.google.com/spreadsheet/ccc?key=0ApW4Ox66ml2IdHNZVXV3UTRpRDBIaVprSjVXOEp2T1E#gid=1] || Use Case Team for reference || Note- This is a potential list of standards for discussion that can be adopted for the transactions within both PPA Use Cases as well as AoR. This is not meant to be a final recommendation. || || Originally disucssed on 2/17/12. Updated on 11/20/12 || Note- This is a potential list of standards for discussion that can be adopted for the transactions within PPA Use Case for Provider Registration. This is not meant to be a final recommendation. || || For discussion on 2/17. Updated 4/2/12 || || For review - Added 3/9 || Note- These documents include requirements that may be necessary to include in the Use Case 2 code sets for Return Constraints and Return Formats. The final link includes a list of requirements identified thus far. || CMS MAC Medical Review Requests for Medical Records RAC Submission Requirements Return Constraints and Return Formats (Please edit this page to add additional requirements) ||  || =Reference Materials - Standards, Profiles, and Implementation Guides= descriptions of IHE transaction used in the IT Infrastructure Integration Profiles. || Harmonization || descriptions of IHE transaction used in the IT Infrastructure Integration Profiles. || Harmonization || Content Specifications || Detailed overview of XDS metadata. ||  ||
 * CMS esMD website**: [|www.cms.gov/esMD]
 * Twitter**: #cms_esMD
 * **Useful Links** || **Description** ||
 * http://exchange-specifications.wikispaces.com/CMS+esMD || Link to esMD Technical Specifications ||
 * [] || Link to CONNECT/ Nationwide Health Information Network Specifications (Contains technical specs and implementation plan for esMD) ||
 * [[file:siframework/esMDImplementationGuide27.pdf|esMDImplementationGuide27.pdf]] || esMD Implementation Guide ||
 * https://www.certprovider.com/SampleLetters.aspx || Sample ADR letter ||
 * [[file:siframework/HIPAAandClaimsAttachmentsWhitePaper20030920.pdf|HIPAAandClaimsAttachmentsWhitePaper20030920.pdf]] || HL7 White Paper - Claims Attachments ||
 * [] || 21 CFR Part 11 (Addresses electronic signatures) ||
 * [] || Electronic Signature, Attestation, and Authorship (2009) ||
 * [] || NGS EDI enrollment form also known as the TPA (Trading Partner Agreement) ||
 * [] || CMS Overview of Coordination of Benefits Agreement (COBA) ||
 * [[file:siframework/COBA.pdf|COBA.pdf]] || Example of a generic TPA Document ||
 * [[file:siframework/COBAAttachment_V2.pdf|COBAAttachment_V2.pdf]] || Example of a generic TPA Document ||
 * [] || NIST Standards and Guidelines, related to FISMA ||
 * || **Document Description** || **Link to Document** || **Uploaded By** ||
 * 1 || MAC Notification of Project || [[file:siframework/ADR Requirements 12 08 2011.pdf|ADR Requirements 12 08 2011.pdf]] || Trebba Putnam ||
 * 2 || Provider Enrollment document with attestation statement. "Providers must abide by all CMS regulations" || [[file:siframework/cms855b.pdf|cms855b.pdf]] || Trebba Putnam ||
 * 3 || Cahaba EDI application showing all transactions providers are "authorized" to submit || [[file:siframework/PartBEDIApplication 12 09 2011.pdf|PartBEDIApplication 12 09 2011.pdf]] || Trebba Putnam ||
 * 4 || Bullets that outline RAC requirements || [[file:siframework/CMS RAC Request for MDR Bullets 12 12 2011.docx|CMS RAC Request for MDR Bullets 12 12 2011.docx]] || Trebba Putnam ||
 * || Simple diagram that reflects the MDR process using Transaction code sets and exchanges. || [[file:siframework/Provider MDR manual and electronic 12 12 2011.pdf|Provider MDR manual and electronic 12 12 2011.pdf]] || Trebba Putnam ||
 * 6 || Electronic Services Information Use Case || http://wiki.siframework.org/PD+-+Query+for+Electronic+Service+Information+including+Electronic+Address++Use+Case || Use Case Team for reference ||
 * 7 || Behaviors for Query and Response || http://wiki.siframework.org/PD+-+Definitions+and+Examples+of+Use+Case+2+Queries+and+Response || Use Case Team for reference ||
 * 8 || Electronic Services Information (ESI) - Data Model.
 * 9 || Candidate Standards List - Excel List.
 * 10 || Candidate Standards List - Presentation
 * 11 || Samples of medical documentation request letters || [[file:siframework/CGI Additional Documentation Request Letter.pdf|CGI Additional Documentation Request Letter.pdf]]
 * 12 || Medical Documentation Submission Requirements
 * **Document Name** || **Description** || **Uploaded by** ||
 * IHE Technical Framework Volume 1: Integration Profiles || Defines specific implementations of established standards to achieve integration goals that promote appropriate sharing of medical information to support optimal patient care. || Harmonization ||
 * IHE Technical Framework Volume 2a: Transactions || Volume 2a of the IT Infrastructure Technical Framework provides detailed technical
 * IHE Technical Framework Volume 2b: Transactions || Volume 2b of the IT Infrastructure Technical Framework provides detailed technical
 * IHE Technical Framework: Volume 3:Cross-Transaction Specifications and
 * XDR/XDM Metadata || Adjusted metadata requirements for XDR/XDM that has not been integrated into IHE Technical Framework documentation. ||  ||
 * [[file:siframework/Statewide Send and ReceiveTechnical Specification v1.docx|Statewide Send and Receive Patient Record Exchange Technical Specification]] || Includes documentation about HPD Plus || Harmonization ||
 * RFC 4519 || LDAP Schema for User Applications ||  ||
 * esMD Phase 1 Implementation Guide || Defines how esMD program data may be submitted by healthcare providers to review contractors under contract with the CMS. The esMD Implementation Guide also describes how the status of these submissions will be conveyed to providers (e.g., transmission receipt, detailed validation status with errors or success, and delivery confirmation messages). ||  ||
 * NwHIN Specifications || A variety of technical specifications, testing resources, legal agreements and Committee operating policies and procedures developed for NwHIN Exchange. ||  ||

=Reference Materials - Author of Record Level 1 Sub-Workgroups=

Standards
July 2012 || Dec 9, 2011 || Dec 2, 2011 || May 1, 2012 || Aug 31, 2012 || Aug 31, 2012 || Aug 31, 2012 || Aug 31, 2012 || Dec 2012 || See also: All SAML v2.0 files || Version 2.0 Mar 15, 2005 || See also: All DSS Standards || Version 1.0 Apr 11, 2007 || Jun 10, 2008 || CFR Part 482 and 485 (PDF) || Medicare and Medicaid Programs: Changes Affecting Hospital and Critical Access Hospital Conditions of Participation: Telemedicine Credentialing and Privileging ||  ||
 * **Document Link** || **Description** || **Version/Date** ||
 * NIST SP 800-57 Part 1 (PDF) || NIST Recommendations for Key Management - Part 1: General || Revision 3
 * NIST SP 800-63-1 (PDF) || NIST Electronic Authentication Guideline Recommendations || Dec 2011 ||
 * FBCA X.509 Certificate Policy (PDF) || X.509 Certificate Policy for the Federal Bridge Certification Authority || Version 2.25
 * FICAM Roadmap / Implementation Guide (PDF) || Federal Identity, Credential, and Access Management Roadmap and Implementation Guidance || Version 2.0
 * FPKIPA Applicant Requirements (DOC) || Federal Public Key Infrastructure Certification Applicant Requirements || Version 1.0.6
 * ITU-T Recommendation X.509 || Information technology – Open systems interconnection – The Directory: Public-key and attribute certificate frameworks || Nov 2008 ||
 * ITI TF-1 (PDF) || IHE IT Infrastructure Technical Framework: Volume 1: Integration Profiles || Revision 9.0
 * ITI TF-2a (PDF) || IHE IT Infrastructure Technical Framework: Volume 2a: Transactions Part A - Sections 3.1 - 3.28 || Revision 9.0
 * ITI TF-2b (PDF) || IHE IT Infrastructure Technical Framework: Volume 2b: Transactions Part B - Sections 3.29 - 3.51 || Revision 9.0
 * ITI TF-3 (PDF) || IHT IT Infrastructure Technical Framework: Volume 3: Cross-Transaction Specifications and Content Specifications || Revision 9.0
 * OMB M-04-04 (PDF) || E-Authentication Guidance for Federal Agencies || Dec 16, 2003 ||
 * FIPS PUB 140-2 (PDF) || Security Requirements for Cryptographic Modules || May 25, 2001 ||
 * FIPS PUB 186-3 (PDF) || Digital Signature Standard || Jun 2009 ||
 * FIPS PUB 199 (PDF) || Standards for Security Categorization of Federal Information and Information Systems || Feb 2, 2004 ||
 * FIPS PUB 201-1 (PDF) || Personal Identity Verification of Federal Employees and Contractors || Mar 2006 ||
 * IETF RFC 3647 || Internet X.509 PKI Certificate Policy and Certification Practices Framework || Nov 2003 ||
 * IETF RFC 3820 || Internet X.509 PKI Certificate Profile || Jun 2004 ||
 * IETF RFC 3850 || Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Certificate Handling || Jul 2004 ||
 * IETF RFC 3851 || Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message Specifications || Jul 2004 ||
 * IETF RFC 4998 || Evidence Record Syntax || Aug 2007 ||
 * IETF RFC 5055 || Server-Based Certificate Validation Protocol (SCVP) || Dec 2007 ||
 * IETF RFC 5276 || Using the Server-Based Certificate Validation Protocol to Convey Long-Term Evidence Records || Aug 2008 ||
 * IETF RFC 5280 || Internet X.509 PKI Certificate and CRL Profile || May 2008 ||
 * IETF RFC 5698 || Data Structure for the Security Suitability of Cryptographic Algorithms || Nov 2009 ||
 * IETF RFC 6277 || Online Certificate Status Protocol Algorithm Agility || Jun 2011 ||
 * IETF RFC 6283 || XML Evidence Record Syntax || Jul 2011 ||
 * IETF RFC 6711 || An IANA Registry for Level of Assurance (LoA) Profiles || Aug 2012 ||
 * IETF RFC 6712 || Internet X.509 PKI - HTTP Transfer or Certificate Management Protocol || Proposed Standard
 * OASIS SAML Assertions (PDF) || Assertions and Protocols for the OASIS Security Assertion Markup Language
 * OASIS DSS Core Spec || Digital Signature Service Core Protocols, Elements, and Bindings.
 * XMLdigsig || XML Signature Syntax and Processing, W3C Recommendations || Second Edition
 * Federal Register, Vol. 76, No. 8742
 * The Joint Commission Hospital Record of Care || //TJC standards are proprietary.// || Jul 2009 ||
 * IGTF OID Proxy Delegation Tracing (PDF) || International Grid Trust Federation OID Proxy Delegation Tracing || Feb 28, 2008 ||

Industry Implementations
Jan 6, 2010 || (CSOS) PKI Certificate and Certificate Revocation List Profile || Version 2.2 Jan 26, 2009 || Apr 16, 2012 || Part 6: Identity management Landscape: IdM standards, organizations and gap analysis, Version 2.0 || Version 2.5 Apr 2012 || Re: Automated Fingerprint Identification System (AFIS) || Nov 2011 || See also: Current CLIA Regulations || Jan 24, 2004 ||
 * **Document Link** || **Description** || **Version/Date** ||
 * SAFE-BioPharma Expert Panel Report (PDF) || Interoperable Digital Identity Management in the Electronic Exchange of Health Information || Dec 17, 2007 ||
 * 21 CFR Part 1305 || Orders for Schedule I and II Controlled Substances (DEA) || Apr 1, 2012 ||
 * 21 CFR Part 1311 || Requirements for Electronic Orders and Prescriptions (DEA) || Apr 1, 2012 ||
 * DEA CSOS Certificate Policy (PDF) || DEA Controlled Substance Ordering System (CSOS) Certificate Policy || Version 4.0
 * DEA CSOS PKI Certificate & CRL Profile (PDF) || DEA Diversion Control, Controlled Substance Ordering System
 * CertiPath X.509 Certificate Policy (PDF) || CertiPath X.509 Certificate Policy || Version 3.18
 * Form I-9 (OMB 1615-0047) (PDF) || Employment Eligibility Verification || Aug 9, 2009 ||
 * ITU Security Standards Roadmap || International Telecommunication Union Security Standards Roadmap. Of particular note is
 * HHS - Sample Business Associate Contract Provisions || HIPAA Business Associate Agreement (BAA) example || Aug 14, 2002 ||
 * HHS - OCR HIPAA Privacy - Business Associates (PDF) || HIPAA Business Associate Agreement (BAA) brief || Apr 3, 2003 ||
 * NIST SP 500-290 (PDF) || NIST Data Format for the Interchange of Fingerprint, Facial & Other Biometric Information
 * Best Practices for HISPs || The Direct Project - Best Practices for HISPs ||  ||
 * 42 CFR Part 493 || Laboratory Requirements

White Papers/Industry Reports
Digital Identities, Digital Signatures and Cloud Computing to Accelerate Drug Development ||  || This paper is summarized here and includes the following reports:
 * **Document Link** || **Description** || **Version/Date** ||
 * INCIT Study Report (PDF) || Study Report on Biometrics in E-Authentication, InterNational Committee for Information Technology Standards || Mar 30, 2007 ||
 * SAFE Bio-Pharma Document Link (PDF) || Research collaboration in the cloud: How NCI and Research Partners are using Interoperable
 * INCIT Study Report (PDF) || Study Report on Biometrics in E-Authentication, InterNational Committee for Information Technology Standards || Mar 30, 2007 ||
 * OECD Digital Identity Management (PDF) || Digital Identity Management - Enabling Innovation and Trust in the Internet Economy.
 * Guidance on Digital Identity Management for Enabling Innovation and Trust in the Internet Economy
 * National Strategies and Policies for Digital Identity Management in OECD Countries
 * Role of Digital Identity Management in the Internet Economy: A Primer for Policy Makers
 * OECD Workshop on Digital Identity Management || Winter 2011 ||
 * EU eSignatures Report || Report on the operation of Directive 1999/93/EC on a Community framework for electronic signatures || Mar 15, 2006 ||
 * EU eSignatures Action Plan || Action Plan on e-signatures and e-identification to facilitate the provision of cross-border public services in the Single Market || Nov 28, 2008 ||

Federal Requirements
CMS Authentication Standards || Version 1.2 Jul 31, 2012 ||  · __Identity Proofing__ - The process by which the credential issuer validates sufficient information to uniquely identify a person or entity applying for the credential. It proves that the identity exists, proves the applicant is entitled to that identity, and address the potential for fraudulent issuance of credentials based on collusion.  · __Encryption__ - In cryptography, encryption is the process of transforming information (referred to as plaintext) using an algorithm (called a cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key.
 * **Document Link** || **Description** || **Version/Date** ||
 * RMH Vol. III Standard 3-1 Authentication || CMS Risk Management Handbook Volume III, Standard 3.1:
 * You can also view Sub-Workgroup-specific reference materials on each of the SWG pages:**
 * **Digital Credentials**
 * **Identity Proofing**
 * **Digital Signatures & Delegation of Rights**

=esMD Pilots Reference Materials=  
 * ~ Reference Material Description ||~ Link to Reference Material ||
 * esMD Pilots Launch Presentation || [[file:esMD Pilots V1.1.pptx]] ||
 * esMD Pilot Project Profile || [[file:esMD_PilotProjectProfile_v2.docx]] ||
 * eClinical Template for PMD Pilot Description || [[file:PMD Pilot V1.2.docx]] ||
 * Provider Profiles Authentication/Provider Registration Pilot Description || [[file:Provider Registration Pilot V1.2.docx]] ||
 * Digital Signatures Pilot Description || [[file:Author of Record Pilot Description V1.2.docx]] ||
 * Pilot Organizations, PoCs, and Organization Types || [[file:Pilot Organizations, PoCs, and Organization Types _ Version2.xlsx]] ||

 · __Delegation of Rights__ - The ability to delegate rights or authority to another to act in a specific capacity on behalf of the grantor of the right.  · __Digital Signatures__ - An individual digitally signs a document using the private key component of his certificate.  · __Author of Record__ – The signature of an individual that pertains to a patient’s document entry made at the time of service.  · __Digital Identity Management__ - A trusted authority is responsible for creating the key pair, distributing the private key, publishing the public key and revoking the keys as necessary. The “Passport Office” of the Digital World. Example – Digital Certificate. Certificate Contents typically include Owner's public key, Owner's unique name, Expiration date of the public key, Name of the issuer (the CA that issued the Digital Certificate, Serial number of the Digital Certificate, and Digital signature of the issuer. They are typically stored as software tokens, browser certificate stores, and hardware tokens (Smart Cards, USB Tokens).