Current through Register Vol. 49, No. 18, September 16, 2024
PURPOSE: This rule establishes the basis on which
Health Care Providers and participants under Missouri Medicaid Title XIX
Programs may utilize electronic signatures when validating services rendered
and received.
(1) As used in
this rule, the following terms shall mean:
(A)
"Electronic Medical Record" means a record from which symptoms, conditions,
diagnosis, treatments, prognosis, and the identity of the patient to which
these things relate can be readily discerned and verified with reasonable
certainty. Electronic Medical Records may be referred to as "Electronic Health
Records;"
(B) "Electronic Record"
means an electronic record of health-related information on an individual, from
which services rendered and the amount of reimbursement received by a provider
can be readily discerned and verified with reasonable certainty;
(C) "Electronic Signature" means a computer
data compilation of any symbol or series of symbols executed, adopted, or
authorized by an individual with the intent to be the legally binding
equivalent of the individual's handwritten signature. The use of biometrics
does not constitute an electronic signature; however, biometrics may be used as
part of electronic signature verification. A signature stamp does not
constitute an electronic signature;
(D) "Participant" means any individual who is
a participant in the Missouri Medicaid Title XIX or Title XXI programs;
(E) "Provider" means any health
care provider that participates or provides services under Title XIX and under
Title XXI of the federal Social Security Act.
(2) This rule applies to any Electronic
Record, Electronic Health Record or Electronic Medical Record, or Electronic
Signature, as defined herein.
(3)
If a law or regulation requires a record to be in writing, an electronic record
shall satisfy such law for MO HealthNet purposes. If a law or regulation
requires a signature to be in writing, an electronic signature shall satisfy
such law for MO HealthNet purposes.
(4) An electronic signature has the same
legal effect and can be enforced in the same manner as a written
signature.
(5) Electronic records
and electronic medical records are subject to the retention requirements set
forth in
13
CSR 70-3.030 and
13 CSR
70-3.210.
(6) Nothing herein shall require a provider
to conduct business electronically, but if a provider chooses to conduct
business electronically, the following requirements shall apply:
(A) Only employees or agents designated by
the provider may make entries in a participant's electronic record or
electronic medical record;
(B) All
entries in a participant's electronic record or electronic medical record must
be authenticated with a method established to identify the author. The method
utilized may include computer keys/codes or biometric identification systems
that utilize a personal identification number (PIN). When computer key/code(s),
biometric identification systems, or other codes are used, these methods must
be under the sole control of the employee or agent using them. Providers must
be able to demonstrate that adequate safeguards are maintained to protect
against improper or unauthorized use of these methods;
(C) A provider shall have a process in place
to deactivate and disable an employee's or an agent's access to electronic
records and electronic medical records upon suspension or termination of an
employee's or agent's employment or agency relationship;
(D) Providers' electronic records and
electronic medical records systems shall maintain an activity tracking system
to monitor and record user activity for all documents in a participant's record
that are viewed, created, updated, or modified. The tracking system must record
the following for each activity:
1. User
log-in and log-out dates and times;
2. User identification;
3. Device identification, such as a Media
Assigned Control (MAC) address; and
4. Dates and times when records are viewed,
created, updated, or modified; and
(E) Providers shall ensure measures are in
place to assure that the signer cannot deny having signed the record.
(7) Electronic medical records
shall contain the following:
(A) The name,
title, and signature of the MO HealthNet enrolled provider delivering the
service; and
(B) The date the
electronic signature was executed.
(8) The process of affixing an electronic
signature shall require at least two (2) distinct identification components,
such as an identification code and a password.
(9) When a change is made to an electronic
record or electronic health record, the following requirements apply:
(A) All original records shall be maintained;
and
(B) Any edits or changes to the
record shall be saved, and the record shall contain the date of the edit or
change, the reason for the edit or change, and the author of the edit or
change.
