This appears to need a richer Security and Privacy model and review than has been provided here. - PAS #76

XMLWordPrintableJSON

    • Type: Change Request
    • Resolution: Persuasive with Modification
    • Priority: Medium
    • US Da Vinci PAS (FHIR)
    • STU3
    • Financial Mgmt
    • (profiles) [deprecated]
    • 5.2.4
    • Hide

      Will add the following discussion to the Privacy & Security section:

      In order to access information about a prior authorization, the provider system will need to access the payor system. This will require that the provider system authenticates to the payer system or an intermediary. The specifics of how this authentication are covered is handled within HRex.

      Once the system authentication has occurred, there will be presumed authorization for the provider to see the current state of the prior authorization. The space will rely on audit and regulatory/payer consequences to ensure that prior authorizations are not accessed without a legitimate business requirement. This approach is used because there is no reasonable way for a payer to know 'a priori' whether a given provider has a legitimate need to know tha prior authorization status or for the patient to be involved in verifying their need to know.

      Show
      Will add the following discussion to the Privacy & Security section: In order to access information about a prior authorization, the provider system will need to access the payor system. This will require that the provider system authenticates to the payer system or an intermediary. The specifics of how this authentication are covered is handled within HRex. Once the system authentication has occurred, there will be presumed authorization for the provider to see the current state of the prior authorization. The space will rely on audit and regulatory/payer consequences to ensure that prior authorizations are not accessed without a legitimate business requirement. This approach is used because there is no reasonable way for a payer to know 'a priori' whether a given provider has a legitimate need to know tha prior authorization status or for the patient to be involved in verifying their need to know.
    • Kathleen Connor / Robert Dieterle: 20-0-1
    • Enhancement
    • Non-substantive

      Existing Wording: Servers SHALL permit access to the prior authorization response to systems other than the original submitter.

      Comment:

      This appears to need a richer Security and Privacy model and review than has been provided here.

      Summary:

      This appears to need a richer Security and Privacy model and review than has been provided here.

            Assignee:
            Unassigned
            Reporter:
            Paul Knapp
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: