NCPDP Executive Vice President of Business Development /External Affairs
Hubert H. Humphrey building
Room 705 A
200 Independence Avenue, SW
Washington DC 20201
I would like to thank you for the opportunity to testify this afternoon to discuss the status of digital/electronic signatures in the pharmacy services sector of the health care industry. My name is Dan Staniec, the National Council for Prescription Drug Programs’ (NCPDP) Executive Vice President of Business Development/External Affairs.
As you know, NCPDP is a 1300 member, ANSI accredited standards development organization in the pharmacy services sector of the health care industry. NCPDP’s Work Group Twelve (12), which is called Data Security and Patient Confidentiality, has taken on the responsibility of working on the topic of electronic signatures. This work group has created a smaller task group to evaluate not only the electronic signatures/digital certificates being used in retail pharmacy today, but to evaluate the other standards development organizations’ standards and see if they make business sense for our members.
NCPDP had a representative, Margaret Weiker, who attended the multi-SDO Digital Signature Meeting on January 8, 2001 in Orlando, Florida. Margaret is one of the NCPDP Standardization Co-chairs and she is also a NCPDP Board of Trustees member. As you recall, Margaret testified earlier this morning about the DSMO process and status. NCPDP has made a commitment to work together with all of the SDOs to cooperatively agree on a work product that benefits everyone in health care.
Here are NCPDP’s responses to your nine questions presented to us earlier:
Why is your SDO interested in electronic signatures at this time and what business processes will be enabled or improved by electronic signatures in the future?
NCPDP has been instrumental in the development of electronic prescriptions over the past several years. NCPDP has an ANSI accredited standard called SCRIPT that is an electronic prescriber/ pharmacist interface standard used for transmitting electronic prescriptions prescriptions Also, it is important to note that NCPDP has a Telecommunication Claim standard 5.1, which was mentioned in the HIPAA Final Rule on Transactions/Code Set. Only the SCRIPT standard would be directly affected in the near term by digital signature legislation
Even though NCPDP developed SCRIPT, the rules and regulations governing the usage of the standard is governed by state laws. The individual state Boards of Pharmacy vary as to whether they allow electronic prescribing or not. Some states do not allow electronic prescribing at all. Among those that do, few address electronic signatures. By implementing digital signatures, additional states may be convinced to allow online prescription submission, furthering the goals of administrative simplification.
On the pharmacy side of the prescriber – pharmacy transaction, one of the biggest challenges is authenticating a prescriber. NCPDP is aware that the DEA is looking into this issue and has placed documents on their website regarding their work on prescribing controlled substances that will require electronic signatures. This is exceptionally important to our constituents.
We are also interested in other potential use cases, such as prior authorization and medical necessity issues.
What electronic signature standards are practically being used today, to what extent are they being implemented, and for what purpose, in connection with the standards developed by your SDO?
NCPDP does not have an electronic signature standard. A small number of our member companies, when allowed by state law, use a variety of identification and authentication methodologies for this business function.
What are the problems or limitations of your current electronic signature methods?
The United States health care industry today does not have one electronic signature standard. There are a number of electronic signature standards available today for certain business needs.
There seems to be widespread confusion over what constitutes an electronic signature. On the Internet, digital certificates is emerging as the answer. However, most of our constituents use more secure value added networks or dedicated telephone lines instead of the Internet, and prescriber-pharmacist transactions are often transmitted via fax. Via these channels, some companies are arguing that digitized images of a physician’s signature or codified identifiers constitute a physician’s signature, and some state Boards of Pharmacy have agreed. This needs clarification.
As it pertains to digital certificates, there are a number of companies that offer digital certificates, which complicates the issue even further. Will pharmacists be required to have more than one electronic signature, as well as pharmacy technicians? If a pharmacist works in different settings, i.e. hospital versus retail, will he need multiple digital certificates? Will a physician need more than one, if he/she practices in multiple settings? Who will act as certificate authority? We are concerned about future regulations that require such certificates and the burden that they would impose. NCPDP will be discussing these issues in detail.
To what extent do you believe that a HIPAA standard for electronic signatures will benefit the health care industry? Do you believe a HIPAA standard for signatures is possible? How would you go about adopting such a standard?
A HIPAA standard for electronic signatures would benefit the health care industry by mandating a federal law, one standard to be used by everyone, versus the multiple standards in use today. Over the long term, costs would be reduced with only one implementation to follow.
A HIPAA standard for signatures is possible, but other issues need to be addressed for this business functionality to succeed. Interoperability issues must be addressed and solved, otherwise a HIPAA mandated electronic signature standard would not work. The WEDI AFEHCT interoperability project did have some challenges with interoperability, and we can learn from their experiences as we move forward to resolve this issue.
NCPDP is concerned with multiple certificate authorities. What happens when you have multiple pharmacists and technicians in the pharmacy? How will pharmacies verify physicians that are at different sites? How many negative files will be stored and where? The certificate authority issue needs to be addressed at the same time as the electronic signature standard issue.
What will be impact of adopting a standard under HIPAA that is different from the electronic signature methods you are using today? What will be the advantages and disadvantages? Will your SDO support such a standard?
As you know, there is no one electronic signature standard today in the health care marketplace. NCPDP members will have to make modifications that will increase costs initially, such as machinery, software enhancements, digital certificates, etc. For example, what is the cost of obtaining a digital certificate, and who will pay for it?
However, we do agree that adopting one standard will be cost effective over the long term.
Another advantage is that one signature would eliminate the need to deal with the plethora of formats that currently exist today. As I mentioned earlier, NCPDP will work with the other SDOs to help solve the Certificate authority and other interoperability issues.
Regarding disadvantages, there will be some up front costs that pharmacy will have to deal with (programming, purchase of machinery, and staff training). Also, there are more transport methods used today besides just the Internet. These would have to be taken into consideration. In addition, not all pharmacies have Internet access.
Yes, NCPDP would support such a standard, as long as the standard met the business and technical needs of the pharmacy services sector of the health care industry,
How could your SDO work with other SDOs and with NIST in coming up with such a consensus electronic signature standard?
As mentioned earlier, NCPDP has agreed to participate with the Multi SDO Digital Signature Project. I will be the primary contact for NCPDP on this project. I agree to participate, along with NCPDP members, on joint meetings between the SDOs, conference calls, and emails. As I mentioned earlier, we may also learn from the issues experienced during the WEDI AFECHT interoperability project.
What do you estimate will be the time frame for development of a consensus electronic signature standard that could be adopted under HIPAA?
Glen Marshall from HL7 will be creating a project plan document by March 31, 2001. As you have heard earlier, Glen Marshall has agreed to lead this multi SDO digital signature project. After the project plan document is created and reviewed, the implementation guides will need to be created. These guides need to comply with past HIPAA regulations. We are anticipating time frames for this development to be included in the project plan document.
Other factors that will affect the time frame for development include the costs of implementing the standard. For example, software for encryption scanners will be needed in retail pharmacies. These devices and other software enhancements must be integrated in the existing pharmacy practice management systems. Also, the costs for storage of the scanned material must be addressed.
HL7 has agreed to fund this project. NCPDP has agreed to help with costs by offering conference calls with the other SDOs in a round robin fashion.
Regarding implementation cost issues, the private health care industry has the burden of paying for all of this. We would like to ask if federal funding could help pay for implementing this standard. Another suggestion is that the Certificate Authority companies to possibly come up with funding.
What should be the role of the HISB and or NIST in developing such a consensus standard?
HISB does not develop standards in the health care industry, and NIST does provide security standards for the federal government. NCPDP welcomes their members to join the multiple SDO Digital Signature Group. We appreciate any feedback from them on these issues.
What role would you like the NCVHS to play in this area?
NCPDP would like to ask the NCVHS to work with all of the SDOs and help monitor the process as we move forward with this project. As you know, standards development does take time in order to reach consensus, not only with our members companies but also with other SDOs. We would like to ask for the necessary time for consensus on this standard, versus putting one out there that will have problems and high costs.
We would appreciate any guidance regarding federal pre-emption. As you have heard earlier, state laws via the state board of pharmacies dictate the rules and regulations of NCPDP standards. Also, interstate commerce direction would be appreciated.
I want to thank you again for allowing me to share NCPDP’s comments on these issues, and I look forward to responding to other questions that you may have.