1.0 Preface and Introduction
To fully realize the benefits of health IT, the Office of the National Coordinator for Health Information Technology (ONC), as part of the Standards and Interoperability (S&I) Framework is developing Use Cases that define the interoperability requirements for high priority health care data exchange; maximize efficiency, encourage rapid learning, and protect patients’ privacy in an interoperable environment. These Use Cases address the requirements of a broad range of Communities of Interests including: patients, their significant others and family members, caregivers, providers, payers, vendors, standards organizations, public health organizations, and Federal agencies.
These Use Cases describe:
- The operational context for the data exchange
- The stakeholders with an interest in the Use Case
- The information flows that must be supported by the data exchange
- The types of data and their specifications required in the data exchange
The Use Case is the foundation for identifying and specifying the standards required to support the data exchange and developing reference implementations and tools to ensure consistent and reliable adoption of the data exchange standards.
2.0 Initiative Overview
Note: This section provides an overview of Centers for Medicare and Medicaid Services (CMS)’ esMD program as an overall initiative and also as part of the Standards & Interoperability Framework. The specific scope of this Use Case is discussed in the 3.0 Use Case Scope section.
Healthcare payers frequently request that providers submit additional medical documentation in order to adjudicate and support the processing of a specific claim or set of claims and perform other administrative functions, including identification of improper payments. Currently, Medicare Review Contractors send over 1 million requests for medical documents per year manually using a paper request letter and mailing it through the US Postal Service to healthcare providers. Until recently, healthcare providers had only two options for submitting the requested records to Medicare Review Contractors: 1) mail paper or 2) send a fax. The manual paper process is costly, time consuming and can delay proper claims processing on both the senders’ and receivers’ end.As of September 15, 2011, a pilot group of Health Information Handlers (HIHs) and Medicare Review Contractors began accepting electronic submissions from providers, as part of the first phase of esMD. These electronic submissions consist of an unstructured .PDF format of a scanned image, within an Integrating the Healthcare Enterprise Cross-Enterprise Document Reliable Interchange (IHE XDR) wrapper. This initiative will provide added value to CMS, Commercial Payers, and Providers by defining the interoperability requirements for additional automation of the electronic request and submissions process.CMS continues to investigate additional capabilities of electronic submission of medical documentation. esMD Phase 2 will enable Medicare Review Contractors to send electronic medical documentation requests (eMDRs), eliminating the need to send the paper letters via mail or fax. CMS joined the Standards & Interoperability (S&I) Framework to accomplish their short-term goals for Phase 2 and to address their long-term requirement for replacement of wet signatures. In joining the S&I Framework, the esMD stakeholders were broadened beyond CMS to include discussions with other payers in the esMD Community including Commercial Payers. With a goal of promoting consistency across payers and standardizing processes for providers dealing with multiple payers, the requirements of multiple payer entities were incorporated into the Use Case.
The key objectives for the overall S&I Framework esMD Initiative include:
- Develop a registration process to allow Providers to sign up to receive electronic medical documentation requests from CMS Review Contractors
- Identify a standards-based machine-interoperable electronic format to provide an alternate electronic method for the current paper version of the medical documentation requests that are sent to providers
- Identify a secure method of sending medical documentation requests from CMS review contractors to providers
- Identify a solution that will enable an electronic replacement of wet signatures, for medical documents submitted from providers to CMS
In order to address the objectives above, this Initiative included the following three workgroups:
- Provider Profiles Authentication (PPA) workgroup: Addresses the registration process, technical transport and authentication needed to allow Payers to identify Providers and send requests to them. This workgroup is dependent on the Provider Directories Use Case #2 (Electronic Service Information Discovery) outputs, as well as the Exchange support (for the CMS User Story) for secure transport and other infrastructure.
- Structured Content (SC) workgroup: Determines the structured electronic format of medical document request letters to be sent to Providers, with consideration for the technical transport, expected response and information needed to support the response.
- Author of Record workgroup: Evaluates the business needs and implementable solutions to address the ability to prove the authorship and authenticity of any message or documentation that is part of the electronic submission of medical documentation (esMD).This includes all messages that are part of provider registration (esMD UC 1), the electronic submission of the structured medical documentation request (esMD UC 2) and the response by the provider or their agent to the payer or payer contractor.
2.1 Initiative Challenge Statement
The Centers for Medicare and Medicaid Services (CMS) and other Health Plans/Payers need a standardized, implementable, machine-interoperable electronic solution to reduce the time, expense, and paper required in current manual processing of both medical documentation request letters and the relevant medical documentation exchanged between Healthcare Providers and Health Plans/Payers. The challenge at hand is to identify the requirements to verify the origin and authenticity of data submitted to CMS and other Health Plans/Payers for proper medical documentation processing.
3.0 Use Case Scope
This workgroup will investigate and recommend solutions on various levels of Author of Record needs:
- AoR Level 1 – Digital signature on aggregated Medical Documentation bundle*
- AoR Level 2 – Digital signature on an individual document
- AoR Level 3 – Digital signature to allow traceability of individual contributions to a document
*This Use Case document only focuses on AoR Level 2 Use Case. AoR Level 1 is complete and available to the community for reference and Level 3 Use Case will be developed at a later time.
The scope of effort includes the five focus areas for the Author of Record Workgroup identified during the initial pre-discovery efforts: 1) Identity Proofing, 2) Digital Identity Management, 3) Digital Signatures, 4) Delegation of Rights, and 5) Encryption (encryption only as it pertains to protecting the confidentiality of payloads containing Personal Health Information (PHI)). The workgroup will focus on Identity Proofing, Digital Identity Management and Digital Signatures for Federal Bridge Certification Authority (FBCA) Medium Assurance.
3.1 Background
The purpose of this workgroup is to investigate and develop operational solutions to address Author of Record Level 2 requirements for Digital Signatures on individual documents. To the extent solutions recommended during AoR Level 1 for Identity Proofing, Digital Identity Management, Digital Signatures, and Delegation of Rights are insufficient to support AoR Level 2, these topics will be revisited. However, there is no intent to review or revise AoR Level 1 recommendation regarding these topics without a clear need within the scope of AoR Level 2 use cases. This solution must allow CMS and other Health Plans/Payers to accurately authenticate the author of individual documents within the medical record, and trust the validity and authenticity of submitted medical documentation.
3.2 In Scope
A. Solutions for individual or organizational digital signatures for discrete Documents to attest to the validity and authenticity of the patient information (or other relevant medical documentation) within the Document or actions performed on the Document (e.g. review) - and will be agnostic regarding format of and the content in the Document.
B. Documents include, but are not limited to: PDFs, Word documents, text “blobs” with or without formatting, summary document (e.g. Consolidated Clinical Document Architecture (C-CDA)), Diagnostic Imaging files, and other instantiations of discrete or aggregate information that are persistent (persistence shall be defined in context of this use case).
C. Actions include,but are not limited to: document creation, document completion, document modification, document review and document exchange (including device signature).
D. The following products of AoR Level 1 may be reviewed and expanded as necessary to meet the requirements of AoR Level 2.
a. Identity Proofing
b. Digital Identity Management
c. Encryption (encryption only as it pertains to protecting the confidentiality of payloads containing PHI)
d. Digital Signature and Delegation of Rights artifacts
E. Persistence of Digital Signature and Delegation of Rights artifacts
F. Exchange of Documents and the associated Digital Signature and Delegation of Rights Artifacts between the Provider Entity (which could include one or more of the following: Provider, Health System, Agent/HIH) and Payer Entity (which could be Payer, Payer Contractor, or someone else on their behalf)
G. Defining delegation of rights between Providers and other authors
H. Specific envelope metadata used to store or transmit the Documentation, Digital Signature Artifacts and associated Delegation of Rights
I. Exchange of Documents between Provider Entities and the persistence of the associated Digital Signatures and Delegation of Rights Artifacts by the recipient where required by this use case.
J. Validation of signature and delegation of rights artifacts by recipient
K. Interactions between Provider Entity or Payer Entity and :
a. Certificate Authority
b. Registration Authority
c. And each other
3.3 Out of Scope
A. Digital Signatures and Delegation of Rights Artifacts as required by AoR Level 1 for Document Bundles and Use Case 1 (PPA) or Use Case 2 (secure eMDR) transactions
B. Identity Proofing, Digital Credential Management, Digital Signatures and Delegation of Rights as defined by and required for AoR Level 1
C. Digital signature to allow traceability of individual contributions to a document and other items to be defined as part of AoR Level 3
D. Interactions between:
a. Payer and its Payer Contractors
b. Provider and its Agent
c. Payer or Payer Contractor and its Gateway
E. Transactio level encryption
F. A definition of electronic transactions between RA and CA
G. A definition of electronic transactions between Payer Entity and RA or CA
H. A definition of electronic transactions between Provider Entity and RA or CA
I. Consent,privacy, and use of the document in situations other than providing documentation to payers for the sake of program or benefits administration
J. Signature by patient or their authorized representative
3.4 Communities of Interest
The Communities of Interest section identifies relevant stakeholders that are potentially affected by the content of the Use Case.
Note - All items pulled from the Use Case simplification tables are marked with an asterisk. Some have been further modified to fit the working definition or newly added to fit the initiative or Use Case needs. Click here to view the list of definitions: http://wiki.siframework.org/UC+Simplification+-+Stakeholder+Classification+SWG
| | Members of Communities of Interest | Working Definition |
| 1 | Individual Providers | Healthcare providers with patient care responsibilities including, but not limited to, physicians, advanced practice nurses, physician assistants, nurses, psychologists, emergency care providers, home health providers, definitive care providers, pharmacists, caregivers and other personnel involved in patient care. |
| 2 | Provider Organizations* | Organizations that are engaged in or support the delivery of healthcare to include Hospitals, Ambulatory Centers, Provider Practices, Integrated Delivery Networks, and Rehabilitation Centers. |
| 3 | Healthcare Administrators and Managers | Healthcare administrators with patient information and medical records management responsibilities including Health Information Management (HIM) personnel, Registered Health Information Administrator (RHIA), Registered Health Information Technicians (RHIT) , Inpatient/Outpatient Clinical Coding Specialists, Medical Transcription Specialists, Medical Records Safety and Security staff, Quality Control personnel, Physician Practice Managers, Pharmacy Benefit Managers, and other management personnel or entities involved in managing patient information. |
| 4 | Payer Contractors | Claims review programs and/or their specific implementation through associated contractors that are established to prevent improper payments before a claim is processed as well as identify any improper payments that can be recovered after a claim is paid. These programs include but are not limited to:
MAC – Medicare Administrative Contractors MRA – Medicare Recovery Auditor (formerly Recovery Audit Contractors, RAC) PERM – Payment Error Rate Measurement Program CERT – Comprehensive Error Rate Testing Program ZPIC – Zone Program Integrity Contractors
SMRC – Supplemental Medicare Review Contractor |
| 5 | Payers* | Any private or public entity that finances heath care delivery or organizes health financing. This includes commercial for-profit health insurers, non-profit health insurers, ERISA self-insured, state and federal department agencies that oversee Medicaid and Medicare health services delivery. |
| 6 | EHR/EMR/PHR Vendors* | Vendors which provide specific EHR/PHR solutions to clinicians such as software applications and software services. These suppliers may include developers, providers, resellers, operators, and others who may provide these or similar capabilities. |
| 7 | Other Healthcare Vendors* | Vendors that provide health care solutions other than EHR/EMR/PHR solutions such as plans of care coordination, software applications, and covered services. Examples include, but are not limited to: integration vendors, data providers, medical device vendors, Durable Medical Equipment (DME) suppliers, RMMS (Remote Monitoring Management System) vendors, diagnostic imaging service provider, clinical order system supply vendor, transcription service vendors, clearinghouses, drug knowledge suppliers, network infrastructure provider, Clinical Decision Support (CDS) resource system, practice-based registry system suppliers, public health registry system, immunization information system providers, clinical genetic database/repository system vendor, practice management systems, and patient accounting systems, etc. |
| 8 | Patients* | Members of the public who receive healthcare services from, but not limited to, ambulatory medical and/or surgical departments, emergency department, physician’s and/or Non-Physician Provider’s (NPP) office, Inpatient hospitals including Critical Care Hospitals and the VAH, Medical Home Care Models, Home Health and Hospice (HHH) entities that provide care within the patient’s home environment. and/or a public health agency/department , including services provided within the criminal justice system. While patient information is being digitally signed, the patient is not a direct participant in this use case. |
| 9 | Certificate Authority* | An organization that is responsible for the creation, issuance, revocation, and management of Certificates. The term applies equally to both Root CAs and Subordinate CAs. |
| 10 | Registration Authority* | Any entity that is responsible for identification and authentication of subjects of certificates, but is not a CA, and hence does not sign or issue certificates. An RA may assist in the certificate application process or revocation process or both. |
| 11 | Standards Organizations* | Organizations whose purpose is to define, harmonize and integrate standards that will meet clinical and business needs for sharing information among organizations and systems |
| 12 | Licensing and Certification Organizations* | Federal, Nationally approved and State Licensure Boards and local organizations , including accredited teaching academies, responsible for developing guidelines for Implementation, providing Licensure and defined scope of practice (healthcare services), to ensure that relevant parties qualify and adhere to those guidelines, ensuring proper licensing and certification under systems and other healthcare solutions related to delivery of safe healthcare services. |
| 13 | Operating Rule Authoring Entities | As defined in Affordable Care Act Section 1104, such entities develop operating rules that define the necessary business rules and guidelines for the electronic exchange of information that are not defined by a standard or its implementation specifications. Rules developed under ACA Section 1104 may not necessarily apply to this Use Case. |
| 14 | Beacon Communities* | Selected communities of groups who have received federal funding through the ONC to build and strengthen their health information technology (health IT) infrastructure and exchange capabilities to improve care coordination, increase the quality of care, and slow the growth of health care spending. |
| 15 | Federal Agencies* | Organizations within the federal government that deliver, regulate or provide funding for health and health care |
| 16 | Agent – (Healthcare Clearinghouses and Business Associate as defined by Health Insurance Portability and Accountability Act (HIPAA) including Health Information Handlers) | Any organization that handles health information on behalf of a provider as a covered entity or under a Business Associate Agreement (BAA) is an Agent. Many providers already use Agents to submit claims, provide electronic health record systems, etc. Organizations that are Agents include but are not limited to Healthcare Clearinghouses, Release of Information vendors, Health Information Exchanges, Electronic Health Record vendors, etc. |
| 17 | Health Information Exchange (HIE)/ Health Information Organization (HIO)* | HIE/HIO - Health Information Exchange (HIE) is defined as the mobilization of healthcare information electronically across organizations within a region, community or hospital system |
| 18 | Regional Extension Centers (REC)* | Entities that support and serve health care providers to help them quickly become adept and meaningful users of electronic health records (EHRs). RECs provide training and support services to assist doctors and other providers in adopting EHRs, offer information and guidance to help with EHR implementation, give technical assistance as needed. |
| 19 | Health Information Service Providers (HISP)* | Entities that serve as a node on the eHealth Exchange to enable a private, secure and safe alternative method to send and receive sensitive health information. |
4.0 Value Statement
The value of the esMD Initiative will be to provide consensus-based use cases, functional requirements, standards references and implementation specifications representing combined input from a broad range of stakeholders, including CMS, commercial Health Plans/Payers, Providers, and vendors. This will promote a nationally standardized approach to medical document request letters, claims attachments, and the proof of validity and authorship of medical documentation.
Health Plans/Payers and Providers will benefit from this Initiative’s recommendations and implementation guidance on Digital Signatures attached to patient information and electronic transactions. This will enable communications regarding the administrative claims processing between Providers and Health Plans/Payers to occur in a secure electronic format. Additional benefits include:
- Standardized formats, processes, and technology approaches
- Increased security of information exchange involving PHI
- Improved ability to identify and verify authorship of medical documentation for administrative purposes, clinical decision making, and care coordination
- Providing industry best practices for other domains within healthcare where PHI is exchanged
- Making the process of sending and receiving PHI less burdensome on Health Plans/Payers and Providers
- Identifying security breaches or tampering of information sent or received that are not always evident in the paper process
- Saving time, money, and resources for CMS, Commercial Health Plans/Payers, and Providers
- Elimination of the paper process and its associated labor and error rate
- Improved timeliness results in improved accounts receivable cycle for Providers, so payments are received sooner
- Reduced improper payments
- Guidance and recommendations on EHR Certification criteria as it relates to proof of document authorship and document submission
5.0 Use Case Assumptions
A. All Payer Entities and Provider Entities must obtain a Digital Identity from a Federal Bridge cross-certified Certificate Authority in order to participate in Author of Record
B. Federal Bridge medium assurance credentials are available
C. Registration Authority models (RA) and registration authority processes exist for Federal Bridge medium assurance identity proofing
D. Certificate Authorities (CA) exist and are capable of providing the necessary X.509v3 digital credentials for document signing
E. Technology exists to utilize the digital credentials for signing of documents
F. Document signature process requires support for delegation of rights
G. The RA process, CA process, and digital credentials in combination with the signing process provide all of the necessary information and security context for non-repudiation of the signer and integrity of the Document, including any delegation of rights
H. Payer, Payer Contractors and Payer Gateway shall be treated as the Payer Entity
I. A Provider, Group of Providers, Agent, and Hospital/Health Systems shall be treated as Provider Entity
J. The signature on a document attests that the associated action(s) have been performed on the document at the indicated time
K. All entities involved in AoR L2 transactions will maintain appropriate audit logs
L. All actors shall create all transactions utilizing current industry accepted standards
M. All actors shall ensure all transactions will have appropriate security to ensure data is transmitted with integrity, confidentiality, and reliability
N. All actors and systems shall ensure all transactions will be delivered in a timely manner
O. All actors shall have signed any required participation or data use agreements
P. X.509v3+ public certificates can be stored in the Provider Directory data model (Provider Directory UC 2) and are associated with the subject of the Certificate (e.g. the individual or entity to which the certificate is issued)
Q. In general, documents should be signed to attest to authorship when they are completed
R. Documents supporting services delivered should be digitally signed with the date/time and action (creation, review ...) at or prior to the time of billing. These signed documents and the digital signature artifacts should be maintained for the time required by the payer’s retention policy.The specific policies for payers should be followed for services covered by each payer.Subsequent changes to these documents that will be used for payment determination should be digitally signed with the action code indicating an update, addendum, or modification. The signed modified documents and any predecessor documents should be maintained and submitted as documentation for payment determination.
S. Document revision or addenda should be signed at the time the revisions are competed, indicating the appropriate action(s) [requirement to maintain antecedent signed documents should be based on medical legal documentation requirements (e.g. CMS Medicare Program Integrity Manual Chapter 3) and industry best practice]
T. EHRs will support the Document signature process and delegation of rights process defined in this use case. This support may be part of the EHR itself or an integrated module or service.
U. Signed Documents must be available to meet Payer Documentation requirements.
V. Document requirements may be defined by the specific transaction type (for example as definedby payer’s policy) and include metadata that is unique for a specific use case. Individual Document may include any of the following:
- PDF
- Text blobs
- Permanent representation of a transaction (order/ receive results lab test/imaging/pharmaceutical)
- Summary document such as a C-CDA (external signature, not as part of the CDA 2.0)
- Any valid Mime type
W. Relevant Documents must be signed prior to billing CMS and the Documents, signature artifacts, public X.509V3 certificates, validated Delegation of Rights Assertion (if required) must be maintained by the provider based on CMS record retention policies. (for other payers, see responsible payer policies)
X. Documents can be signed as actions are performed and the signatures / Documents added to an ongoing archive to meet payer documentation requirements.
6.0 Pre-Conditions
- Provider Entity, Payer Entity, and recipient of Delegation of Rights has:
- Been identity proofed at Federal Bridge Medium Assurance
- Received and is maintaining X.509v3+ signing certificate
- Provider Entity has the ability to perform the functions on a document that the Digital Signature will attest to, for example: creation, modification, review
- Provider Entity has the ability to store and exchange the document and digital signature artifacts
- Provider Entity systems shall have and maintain the ability to sign documents using X.509v3 signing certificates, and creates the digital signature artifacts defined by this use case.
- Provider Entity systems shall have and maintain the ability to send the public certificate, signed document and the signature artifacts in transactions defined by relevant esMD Use Cases.
- Provider Entity systems shall have the ability to create delegation of rights artifacts
- Provider Entity systems shall have the ability to sign delegation of rights artifacts at the time they are used for document signing by the delegated agent.
7.0 Post Conditions
- Recipient of documents with associated digital signature artifacts shall be able to validate the public certificate, signature and integrity of the document to ensure non-repudiation of authorship and/or the declared action
- Provider Entity systems shall maintain the documents, signature artifacts and,here appropriate, the delegation of rights artifacts for the period required by appropriate law regarding medical documentation
- Any entity receiving a digitally signed document must maintain the associated public certificates, signature artifacts and, where appropriate, the delegation of rights artifacts if they wish to prove non-repudiation in the future or retransmit the document to a third party as a digitally signed document
8.0 Actors and Roles
This table outlines the business actors that are participants in the information exchange requirements. A business actor is a person or organization that directly participates in a scenario. Thus, as a person or organization, the actor can (and should) be a stakeholder.The business actor must use a system to perform the functions and to participate in the information interchange. NOTE: A Business Actor may be a Stakeholder and also can have more than one role.
| Actor | System | Role |
Provider Entity
- An individual provider
- Caregiver
- A group of providers or caregivers
- A Hospital/Health System
* | Provider Information System | - Requests Digital Identity
- Receives Digital Certificate / Credentials
- Digitally signs documents attesting to specific actions
- Creates and Signs Delegation of Rights assertion
- Cancels Delegation of Rights assertion
|
Delegatee
- An individual provider
- A group of providers
- A Hospital/Health System or
- An Agent on their behalf
| Provider or Agent Information System | - Requests Digital Identity
- Receives Digital Certificate / Credentials
- Receives Delegation of Rights assertion
- Digitally signs documents attesting to specific actions
|
Payer Entity
- Payer
- Payer Contractor
- Payer Gateway
| Payer Information System | - Receives digitally signed documents
- Authenticates signature and delegation of rights artifacts and data integrity
|
| Certificate Authority | CA Information System | - Receives requests for, creates, issues and manages security credentials and revocation lists
- May provide RA services
|
| Registration Authority | RA Information System | - Validates and assist in completion of information required to obtain a certificate
- Provides Identity proofing
|
External Provider Directory
Used by other Actors to obtain ESI | Provider Directory | - Stores and manage Provider Information / Electronic Service Information (ESI)
- Responds to queries for Provider Information
|
9.0 Use Case Diagram
Image AddedUC 4.4.13.jpg
Figure 2 : AoR Context Diagram
Image Addedcontext diagram.jpg
10.0 Scenario
A Provider Entity or its delegated agent must attest to actions taken (e.g. creation, modification, review) with respect to a specific individual Document at the time the action is taken/completed. This attestation must be non-repudiable and verifiable by a third party from the artifacts created at the time of signing. The Provider Entity or its delegated agent has a need to send the Document to a third party accompanied by the attestation and, where necessary, the proof of delegation.
10.1 User Story
In order to participate in AoR Level 2 signing, the Provider Entity and any delegated agent must obtain and maintain a non-repudiation digital identity. Both actors initiate the process to obtain a Medium Assurance X.509v3 digital signing certificate from a Federal Bridge cross-certified Certificate Authority. Entities approved by a Registration authority will receive Credentials from a Certificate Authority to incorporate into their business process.
If required, Provider Entity creates and digitally signs a Delegation of Rights assertion (see AoR L1) to permit a delegated agent to sign Documents on their behalf. It is the responsibility of the Provider Entity to ensure that the Delegation of Rights is validated with each signature by using methods defined in the esMD AoR Level 1 Implementation Guide.
When a Provider Entity or their delegated agent completes an attestable action with respect to a Document, the Provider Entity or delegated agent will create a digital signature artifact (see AoR L1) attesting to the date/time and action taken by encrypting a digest of the Document, the date/time, and action code with the private key of signing digital certificate.
The Provider Entity who has satisfied any payer registration (e.g. UC 1) that may be required for a specific exchange of documentation with a payer, sends (directly or through a delegated agent) the Document, the digital signature artifacts and any delegation of rights artifacts in a secure transaction to the payer using the methods described in other esMD use cases.
Upon receiving the digitally signed Document and signature artifacts, the Payer Entity validates the following: each Digital Certificate and its chain to the appropriate Federal Bridge Certificate Policy (CP), delegation of rights where required, and Signature Artifact. Additionally, the Payer Entity decrypts the hash of the Document and validates data integrity of the Document received. (Note - The Payer Entity does not validate the accuracy of the contents of the Documentation received as part of determining the document integrity.) Any responses to the sending Provider Entity regarding success or failure of validation of the digital signature, delegation of rights, and integrity of the document shall be defined in the specific esMD use case.
10.2 Activity Diagram
The Activity Diagram illustrates the Use Case flows graphically and represents the flow of events and information between the actors. It also displays the main events/actions that are required for the data exchange and the role of each system in supporting the exchange.
Image AddedActivity Diagram.jpg
Notes:
- The following are alternative paths (1A/1B, 4A/4B, 6A/6B+6C+6D, and 7A/7B)
- Activities related to Delegatee (1B, 4B, 5, 6B, 6C, 6D, and 7B) occur only if the is a need for a Delegation of Rights
10.2.1 Base Flow
The Base Flow presents the step by step process of the information exchange depicted in the activity diagram (above). It indicates the actor who performs the action, the description of the event/action, and the associated inputs (records/data required to undertake the action) and outputs (records/data produced by actions taken).
| Step# | Actor | Role | Event/Description | Inputs | Outputs | Interoperability or System Step |
| 1A | Provider Entity | Requests Digital Identity | Provider Entity requests Digital Identity from Registration Authority | Provider Entity need for Digital Identity | Relevant Provider Entity identification information | Interoperability |
| 1B | Non-Provider Delegatee | Requests Digital Identity | Non-Provider Delegatee requests Digital Identity from Registration Authority | Non-Provider Delegatee need for Digital Identity | Relevant Non-Provider Delegatee identification information | Interoperability |
| 2 | Registration Authority | Validates Identity | Registration Authority approves (or rejects) the request for Identity Proofing and upon approval sends information to Certificate Authority | Relevant Provider Entity /Non-Provider Delegatee identification information | Response to Provider Entity or Non-Provider Delegatee request for a Digital Identity and request to Certificate Authority to issue Digital Certificate/ Credentials | Interoperability and System |
| 3 | Certificate Authority | Creates, Issues and manages security credentials and revocation lists | Certificate Authority generates the Digital Certificate/Credentials and informs the Provider Entity or Non-Provider Delegatee of their availability | Registration Authority’s approved Provider Entity / Non-Provider Delegatee identification information | Digital Certificate/ Credentials made available by Certificate Authority | Interoperability and System |
| 4A | Provider Entity | Receives Digital Certificate / Credentials | Provider Entity obtains and incorporates Digital Certificate/ Credentials into its business process | Digital Certificate / Credentials / issued by Certificate Authority | END | Interoperability and System |
| 4B | Non-Provider Delegatee | Receives Digital Certificate / Credentials | Non-Provider Delegatee obtains and incorporates Digital Certificate/ Credentials into its business process | Digital Credentials / Certificate issued by Certificate Authority | END | Interoperability and System |
| 5 | Provider Entity | Delegation of Rights Creator | Provider Entity creates and signs Delegation of Rights Assertion | Provider Entity and Delegatee Digital Certificate Information and need to delegate a right | Delegation of Rights Assertion available | Interoperability and System |
| 6A | Provider Entity | Attests to action on Document | Provider Entity completes action on a Document and applies a non-repudiation digital signature attesting to the action | Document and completed action | Digitally Signed Document and Signature Artifact | System |
| 6B | Delegatee | Attests to action on Document | Delegatee completes action on a Document and applies a non-repudiation digital signature attesting to the action and requests validated Delegation of Rights Assertion | Document and completed action | Digitally Signed Document and Signature Artifact and request for validated Delegation of Rights Assertion | Interoperability and System |
| 6C | Provider Entity | Delegation of Rights Validator | Provider Entity system validates and signs Delegation of Rights Assertion | Delegatee request for a validated Delegation of Rights Assertion | Validated Delegation of Rights Assertion | Interoperability and System |
| 6D | Delegatee | Applying Delegation of Rights Assertion | Delegatee associates the validated Delegation of Rights Assertion with the signed document | Validated Delegation of Rights Assertion | Digitally Signed Document Signature Artifact and the validated Delegation of Rights Assertion | Interoperability and System |
| 7A | Provider Entity | Document Sender | Provider Entity sends signed Document and Signature Artifacts to Payer Entity | Digitally Signed Document and Signature Artifact and need to send to payer entity | Digitally Signed Document and Signature Artifact | Interoperability |
| 7B | Delegatee | Document Sender | Delegatee sends signed Document , Signature Artifacts, and validated Delegation of Rights Assertion to Payer Entity | Digitally Signed Document, Signature Artifacts and validated Delegation of Rights Assertion and need to send to payer entity | Digitally Signed Document, Signature Artifacts and validated Delegation of Rights Artifacts | Interoperability |
| 8 | Payer Entity | Receiver and validator of Document | Payer Entity receives Document , authenticates Signature Artifacts, where appropriate any Delegation of Rights Assertions, and validates data integrity of submission from the Provider Entity or Delegatee | Digitally Signed Document and Signature Artifact, and where appropriate Delegation of Rights Assertion | Success or failure of Signature Artifact validation, Delegation of Rights Artifacts validation, and Data integrity authentication | System |
10.3 Functional Requirements
Functional Requirements identify the capabilities a system playing a role must have in order to enable interoperable exchange of the healthcare data of interest. They provide a detailed breakdown of the requirements in terms of the intended functional behaviors of the application. The Functional Requirements include Information Interchange Requirements and System Requirements.
The Information Interchange Requirementsdefine the system’s name and role. They also specify the actions associated with the actual transport of content from the sending system to the receiving system.
| | Initiating System | Action | Information Interchange Requirement Name | Action | Receiving System |
| I | Provider Entity Information System | Send | Request for Digital Identity | Receive | Registration Authority Information System |
| II | Non-Provider Delegatee Information System | Send | Request for Digital Identity | Receive | Registration Authority Information System |
| III | Registration Authority Information System | Send | Digital Identity request response and request to issue Digital Certificate/Credentials by Certificate Authority | Receive | Certificate Authority Information System |
| IV | Certificate Authority Information System | Send | Availability of Digital Certificate/Credentials | Receive | Provider Entity Information System |
| V | Certificate Authority Information System | Send | Availability of Digital Certificate/Credentials | Receive | Non-Provider Delegatee Entity Information System |
| VI | Provider Entity Information System | Send | Link for Delegation of Rights Assertion | Receive | Delegatee Information System |
| VII | Delegatee Information System | Send | Request for validated Delegation of Rights Assertion | Receive | Provider Entity Information System |
| VIII | Provider Entity Information System | Send | Validated Delegation of Rights Assertion | Receive | Delegatee Information System |
| IX | Provider Entity Information System | Send | Document and Signature Artifact | Receive | Payer Entity Information System |
| X | Delegatee Information System | Send | Document, Signature Artifact, validated Delegation of Rights Assertion | Receive | Payer Entity Information System |
10.3.2 System Requirements
This sectionlists the requirements internal to the system necessary to participate successfully in the transaction. System requirements may also detail a required workflow that is essential to the Use Case.
| System | System Requirement |
| Payer Entity Information System | a) Verify Delegation of Rights (if any), digital signatures, traceability to registered provider, and validates integrity of Document |
| Provider Entity Information System | a) Incorporate signing Digital Certificate
b) Create Delegation of Rights if required
c) Respond to request to Validate Delegation of Rights Assertion
d) Performs actions on a Document (create, modify, read)
e) Apply non-repudiation Digital Signature to Delegation of Rights Assertion, and Documents and creates Signature Artifacts |
| Delegatee Information System (usually the same as Provider Entity Information System | a) Incorporate signing Digital Certificate
b) Request Validated Delegation of Rights
c) Performs actions on a Document (create, modify, read)
d) Apply non-repudiation Digital Signature to Documents, creates Signature Artifacts and attaches validated Delegation of Rights Assertion |
| Registration Authority Information System | a) Process Provider and Non-Provider Delegatee identification information
b) Validate identification information for approval/rejection |
| Certificate Authority Information System | a) Generate Digital Certificate/Credentials
b) Manage Digital Certificate/Credential life cycle |
10.4 Sequence Diagram
A Sequence Diagram is primarily used to show the interactions between objects in the sequential order that they occur. This representation can make it easy to communicate how the exchange works by displaying how the different components interact. The primary use of the diagram is in the transition from requirements expressed as use cases to the next and more formal level of refinement.
Image Addedseq dig.jpg
11.0 Dataset Requirements
This table lists the data elements and data element sets that will be available within the certificate information, document signature, and delegation of rights assertion. Historically, the optional/required nature of each data element is deferred to the discussions during the harmonization phase of the Initiative; however, some data elements do contain recommendations for optionality. Each data element listed below is necessary for some aspect of the Use Case; however, the table does not specify exactly how they may be used together.
- Signing Certificate Information
- Delegation of Rights Assertion
- Validated Delegation of Rights Assertion
- Document Signature
- Code Sets
Signing Certificate Information
Note: Additional X.509v3+ specific field or extension requirements will be expanded during harmonization.
| Section | Data Element | Multiple Values (yes/no) | Data Element Description | Additional Notes |
| Signing Certificate Information | Version | No | Version of X.509 | All must be version 3 or later (X.509v3+) |
| Serial Number | No | Unique Serial Number of Certificate from the CA | |
| Algorithm ID | No | Algorithm used by the CA to sign the certificate | |
| Issuer | No | Name of CA that issued certificate | |
| Validity | No | Period of time for which the certificate is valid | Not Before, Not After |
| Subject | No | Subject Name -- Name of whom the certificate is issued to | |
| Subject Public Key Info | No | The subject’s public key | |
| Issuer Unique Identifier | No | | |
| Subject Unique Identifier | No | NPI or Alternate Payer ID | For billing entities only |
| Extensions | Yes | Describes specific purpose of use, values, and critical or non-critical identifier | Object Identifier for each extension; this is where the non-repudiation “flag” is located (which must be set) |
| Certificate Signature | Certificate Signature Algorithm | No | Algorithm used to sign the certificate | |
| Certificate Signature | No | | |
Delegation of Rights Assertion
| Section | Data Element | Multiple Values (yes/no) | Data Element Description | Additional Notes |
| Delegation of Rights | Public Digital certificate of assertion signer | | X.509v3+ Token Profile | Signed by trust authority, certificates must be issued by authorities cross- certified with the Federal Bridge |
| Signature Artifact | | Signature Artifact encrypted by signer’s private key | Exact nature of artifact to be determined during harmonization At a minimum the Signature Artifact will include the digest (hash) of the Delegation of Rights Assertion |
| Delegation of Rights | | Assertion for the Delegation of Rights | Exact nature of artifact to be determined during harmonization At a minimum the Delegation of Rights must include the CA and Serial Number of the Delegatee Signing Digital Certificate, the effective date range of the Delegation of Rights, and the rights granted |
Validated Delegation of Rights Assertion
| Section | Data Element | Multiple Values (yes/no)
es (yes/no) | Data Element Description | Additional Notes |
| Validation Signature | Public Digital certificate of Validation Server | | X.509v3+ Token Profile | Signed by trust authority, certificates must be issued by authorities cross- certified with the Federal Bridge |
| Signature Artifact | | Signature Artifact encrypted by signer’s private key | Exact nature of artifact to be determined during harmonization At a minimum the Signature Artifact will include the digest (hash) of the Signature Artifact and Delegation of Rights Assertion below |
| Delegation of Rights | Public Digital certificate of assertion signer | | X.509v3+ Token Profile | Signed by trust authority, certificates must be issued by authorities cross- certified with the Federal Bridge |
| Signature Artifact | | Signature Artifact encrypted by signer’s private key | Exact nature of artifact to be determined during harmonization At a minimum the Signature Artifact will include the digest (hash) of the Delegation of Rights Assertion |
| Delegation of Rights | | Assertion for the Delegation of Rights | Exact nature of artifact to be determined during harmonization At a minimum the Delegation of Rights must include the CA and Serial Number of the Delegatee Signing Digital Certificate, the effective date range of the Delegation of Rights, and the rights granted |
Document Signature
| Section | Data Element | Multiple Values (yes/no) | Data Element Description | Additional Notes |
| ID | Unique Transaction ID | No | Provider Entity Assigned Unique ID for the signed Document | IDs must be globally unique across all Provider Entities (e.g., UUID). Unique ID may be a concatenation of more than one data element. |
| Digital Identity and Signature of Signer | Public Digital Certificate of Signer | | X.509v3+ Token Profile | Signed by trust authority, certificates must be issued by authorities cross- certified with the Federal Bridge |
| Signature Artifact | | Signature Artifact encrypted by signer’s private key | Exact nature of artifact to be determined during harmonization At a minimum the Signature Artifact will include the digest (hash) of the Document, Date/time of Signature and action |
Code Sets
| Section | Data Element | Multiple Values (yes/no) | Data Element Description | Additional Notes |
| Code Sets | Document Action | Yes | Action performed on document | Needs code table (see IHE DSG) |
| | | Create | author |
| | | Modify | Author of changes |
| | | Read | Attesting to the review of the signed document |
| Delegation of Rights Assertion Action | Yes | Action performed on the Delegation of Rights Assertion | Needs code table |
| | | Validation | Delegation of Rights Assertion is valid as of the time stamp |
12.0 Risks, Issues and Obstacles
The Risks, Issues and Obstacles section lists the concerns that might interfere with meeting the requirements of the Use Case.
A. The burden to individual providers to obtain and manage certificates. Some reasons include that providers will need to learn how to obtain the certificates, undergo ID-proofing, implement enrollment policies, manage renewals, etc.
B. Acceptance of AoR Level 1 Use Case solution for Digital Signatures on Medical Documentation Bundle as sufficient solution to Author of Record problem and not proceeding to AoR Levels 2
C. Provider or Payer Entities unable or unwilling to participate in esMD as a result of not being able to successfully obtain and maintain Digital Identities and the required Certificates/Credentials
D. Provider Entities or Payer Entities that have Digital Certificates that are not issued by CAs cross-certified with the Federal Bridge that will need to obtain or have new Certificates issued to itself and its trading partners to be compliant with the identify proofing and certificate requirements
E. Unintended disclosure of Personal Health Information
F. Unintended disclosure of Medical Identifier information during the identity proofing
G. Technical and/or operational barriers to scaling participating platforms or services to meet volume of Documents to be signed
H. Technical and/or operational barriers to creating Delegation of Rights Assertions
I. Technical and/or operational barriers to validating Delegation of Rights Assertions when requested
J. Delays related to inconsistencies in information provided to obtain Digital Certificates/Credentials
K. Risks associated with the digital identity process
a) Compliance with Identity Proofing Requirements
b) Compliance with Certificate Lifecycle (including revocation)
c) Compliance with Delegation of Rights (including revocation)
d) Issues inherent in the creation and use of X.509v3+ Digital Certificates
Appendices
Appendix B: Glossary
A. Authentication (NIST) - Security measure designed to establish the validity of a transmission, message, or originator, or a means of verifying an individual's authorization to receive specific categories of information. [NS4009]
B. Author (of Record) - The individual that creates a record.
C. Certificate Authority (NIST)- An authority trusted by one or more users to issue and manage X.509 Public Key Certificates and CARLs or CRLs.
D. Data Integrity (NIST) - A property whereby data has not been altered in an unauthorized manner since it was created, transmitted or stored. Alteration includes the insertion, deletion and substitution of data.
E. Decryption - The reverse process of encryption, i.e., to make the encrypted information readable again.
F. Delegation of Rights - The ability to delegate rights or authority to another to act in a specific capacity on behalf of the grantor of the right. Digital Certificate (NIST) - A digital representation of information which at least (1) identifies the certification authority issuing it, (2) names or identifies its subscriber, (3) contains the subscriber's public key, (4) identifies its operational period, and (5) is digitally signed by the certification authority issuing it.
G. Digital Identity Management - A trusted authority is responsible for creating the key pair, distributing the private key, publishing the public key and revoking the keys as necessary. The “Passport Office” of the Digital World. The keys and their associated information (e.g. Digital Certificate) are typically stored as software tokens, browser certificate stores, and hardware tokens (Smart Cards, USB Tokens).
H. Digital Signatures - “An artifact appended to a record as a result of a user’s intended action wherein that entity memorializes a signing event by a process that digitally signs a document or transaction using the private key component of his certificate.(From NIST - The result of a transformation of a message by means of a cryptographic system using keys such that a Relying Party can determine: (1) whether the transformation was created using the private key that corresponds to the public key in the signer’s digital certificate; and (2) whether the message has been altered since the transformation was made.)
I. Electronic Medical Documentation (eMD)
- Submitting electronic Medical Documentation (eMD), upon request or unsolicited, is the act or an instance of furnishing authored structured or unstructured electronic documents that are digitally signed authenticating Provider/Supplier as Author of Record (AoR) for stated dates of service, services rendered, devices and/or items provided as billed on a claim submitted or in request for determination of coverage.
- Structured eMD is electronic information that can be stored in one or more computer file(s) in entirety as a single document, as a document having individual sections or sets of data elements, and/or as part of a database.
J. Encryption - In cryptography, encryption is the process of transforming information (referred to as plaintext) using an algorithm (called a cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key.
K. Identity - A unique name of an individual person or legal entity. Since the legal names of persons and entities are not necessarily unique, the identity of a person or entity must include sufficient additional information (for example an address and NPI number) to make the complete name unique.
L. Identity Proofing - The process by which the credential issuer validates sufficient information to uniquely identify a person or entity applying for the credential. It proves that the identity exists, proves the applicant is entitled to that identity, and address the potential for fraudulent issuance of credentials based on collusion.
M. Medical Documentation - Clinical documentation or non-clinical documentation necessary to support the process for a claim or preauthorization for the delivery of health care services. Examples include, but are not limited to, medical records created during the delivery of services that are subject of the claim, records related to costs associated with the delivery of services (e.g. receipts for devices or transportation), and records that establish the need for covered services.
N. Non-repudiation (NIST) - A service that is used to provide assurance of the integrity and origin of data in such a way that the integrity and origin can be verified by a third party. This service prevents an entity from successfully denying involvement in a previous action.
O. Public Key Infrastructure - A set of policies, processes, server platforms, software and workstations used for the purpose of administering certificates and public-private key pairs, including the ability to issue, maintain, and revoke public key certificates.
P. Record- A completed body of data that is intended to represent an accurate and persistent report of actions, events, or evidence.
- From ISO: A record is a document, and can be used as an input from one process to another, but in contrast to documents that are purely informative, a record is generated to state results achieved or to provide evidence of activities performed.
Q. Registration Authority (NIST) -An entity that is responsible for identification and authentication of certificate subjects, but that does not sign or issue certificates (i.e., a Registration Authority is delegated certain tasks on behalf of an authorized CA).
R. X.509v3+ - Includes X.509 version 3 and all subsequent versions [RFC 5280 and its predecessors]
Appendix C: References