Electronic signature transactions have skyrocketed from $89 million to $754 million in just five years in the United States. In addition to the convenience they offer, e-signatures save money and time, increase productivity, and reduce errors. In fact, among businesses who use e-signatures, 81% experience an ROI in a single 12-month budget cycle, while 25% experience that in three months or earlier, according to AIIM, an association for information professionals.
The CMS Internet-Only manual (IOM) Publication 100-08, Medicare Program Integrity Manual, requires that any service provided or ordered be authenticated by the author with a legible identifier. The method may be handwritten or electronic and each entry must include the practitioner’s first and last name. Medicare requires all patient medical record entries to be legible, complete, dated, timed and authenticated in written or electronic form by the person responsible for providing or evaluating the service provided.
The purpose of requiring a practitioner’s signature in patients’ medical records, reports, orders, test results and other records, is to show that services submitted to Medicare in the form of claims have been accurately and fully documented, reviewed and authenticated. It also confirms that the provider has certified the medical necessity and reasonableness for the service(s) submitted to Medicare for payment. Hospitals must be able to verify written and e-signatures, written initials, codes and stamps when used for authorship identification, as well as demonstrate the integrity of entries and verification of e-signatures and authorizations for auditors.
HIPAA allows e-signatures to be used for authorization, but the law doesn’t provide any specific requirements. However, HIPAA does require that covered entities put proper security safeguards in place.
Examples of Acceptable E-Signatures:
- Chart “Accepted by” with provider’s name
- “Electronically signed by” with provider’s name
- “Verified by” with provider’s name
- “Reviewed by” with provider’s name
- “Released by” with provider’s name
- “Signed before import by” with provider’s name
- Digitalized signature: Handwritten and scanned into the computer
- “This is an electronically verified report by John Smith, MD”
- “Authenticated by John Smith, MD”
- “Digital Signature: John Smith, MD”
- “Confirmed by” with provider’s name
- “Closed by” with provider’s name
- “Finalized by” with provider’s name
- “Electronically approved by” with provider’s name
When you submit medical records to a Medicare contractor with an e-signature, you must also include a copy of the electronic signature protocol/procedure. The protocol/procedure should describe the requirements that the physician uses his own ID and password to enter the system to sign the medical records. The Medicare contractor will keep a copy of the protocol/procedure on file for each provider for future documentation request, so only one copy will need to be submitted.
To avoid unnecessary payment denials, rejections or overpayments, make sure your current signature processes comply with CMS instructions.
E-Signature Security Tips
- Your e-signature system should include a process that can verify that the individual signing his/her name has reviewed the contents of the entry and determined it contains what he/she intended.
- Put safeguards in place to protect against unauthorized access and inappropriate use of e-signatures.
- Each e-signature should be unique to the individual and not reassigned nor reused by someone else.
- Protect against unapproved alteration through removal, copying or transfer.
- Make sure your e-signature software meets or exceeds industry security standards so you can preserve the integrity of the documentation and signatures.