“Requirement ID Number”;”Requirement Statement”;”Comment” (CSV was exported with semi-colon separator, strings enclosed in quotes)
Note that this list does not include requirement rows that were “hidden” in RTM.xlsx. We later determined that the should be included, but the repair process is easier if they’re in a separate file, so see hidden-RTM-rows.org.
The entire “psm-SQ-*” category is new (it has been added as a new sheet in RTM.xlsx) and there are also some newly-created requirements in existing categories. See added-reqs.org for details. The short story is: some of the new reqs will likely go away because they are redundant with reqs that we discovered later when we un-hid some rows. For now, they are all listed at the end, after the “SQ” set, even though in RTM.xlsx they have been added to appropriate sheets.
Very likely this whole file will go away soon. We can now use the show-reqs script in this directory to print out all the requirements whenever we need, as long as the CSV exports in csv-exports/ are up-to-date with RTM.xlsx. So whatever unredundifiying we do, we should just do it in RTM.xlsx (or whatever our master location for reqs is), export all the sheets to CSV, and then use the CSV files to port reqs to textual formats as needed.
“The PSM shall accept a form that shows a tax ID number and legal name for each provider (ex forms: CP 575 or 147C letter;941 Employers’ Quarterly Federal Tax Return; 8109 Tax Coupon; or letter from IRS with the Federal Tax Identification Number and legal name).”;
COMMENT: “Does this include how the provider is legally organized and structured? Does this include info regarding whether the provider is private vs non-profit, a public entity, state government agency? Yes. data field entity type under ownership tab, user can specify all these provider business types.”
“The PSM shall ensure that tax ID number is 9 digits”;
“The PSM shall screen providers for managed care plans.”;
COMMENT: “Is this based on Final Managed Care Rules and 21st Century Cures Act? Need to check with LA to verify this is the same requirement”
“The PSM shall have the capability to identify providers by Employer identification number unless the provider is in solo practice or the provider is not in solo practice but billing is by the individual practitioner in which case the PSM shall have the capability to identify providers by social security number.”;
“The PSM shall have the capability to escalate the intensity of screening for providers that are flagged as higher risk.”;
“The PSM shall collect and store standardized W-9 information that reflects the owner of the EIN and the Doing Business As (DBA) name.”;
“The PSM shall have the option of zipcode + 4 for all address fields”;
“The PSM shall allow multiple locations for the provider.”;
“The PSM shall associate multiple Medicare IDs with the same provider, if the provider has multiple locations.”;
“The PSM shall allow applicant to upload attachments to support the application.”;
“The PSM shall indicate what kinds of documents/attachments are required by provider type.”;
“The PSM shall require the following fields: Provider Name, Business Phone, Provider Street Address, City, State, Zip Code, County, SSN, Date of Birth, License Number, IRS Payee Name, DBA Name, Payee Address, Payee City, Payee State, Payee Zip Code, Payee Tax ID, Provider Email address”;
COMMENT: “Will the PSM identify whether the provider is a rendering (eligible to directly bill) or an ordering/referring/prescribing (eligible to enroll but not directly bill state Medicaid agency)? Not currently plan for PSM functionality”
“The PSM shall accept the following fields: Practice Type, Specialties (1 or more), NPI, HIPAA Taxonomy Codes, CLIA number, DHSS certification, Optical and Audiology y/n, Collaborative Practice Agreement y/n, RHC y/n, Medicare Provider Number, Case Mgmt y/n, Rural Health Rate”;
“The PSM shall require the following fields: Contact email, Merger y/n, Owner/board names and addresses, Care settings, DEA controlled substances certification y/n, DEA revocation y/n”;
COMMENT: “Dos this include SSN for owners and others with >5% ownership? Yes!”
“The PSM shall accept the following fields: Applicant Name, Contact Person, Contact phone, Medicaid number”;
COMMENT: “To clarify: Applicant is person completing the application, not necessarily provider. Correct! Will contact person info differentiate between contact for billing vs practice locations. Yes, under Alternative Mailing Addresses.”
“The PSM shall notify managed care plans when a provider becomes eligible (has been screened) and/or allow a managed care plan to check a provider’s eligibility.”;
“The PSM shall detect and ask specific questions of bordering-state providers.”;
“The PSM shall share NPI between individual providers, for group practices.”;
“The PSM shall limit enrollment to providers in the following categories: (1) in-state, (2) out-of-state in-network, (3) within a defined “”border”” region of neighboring states.”;
“The PSM shall use consistent provider naming conventions to differentiate between first names, last names, and business or corporate names and to allow flexible searches based on the provider name.”;
COMMENT: “Will all individual’s names include generation (Jr., III, etc.) Currently we don’t have a separate field for generation indication, but could use the last name field.”
“The PSM shall maintain a flag for providers who are eligible to use electronic funds transfer (EFT) and electronic claims submission.”;
COMMENT: “Will PSM allow for provider application fee to be accepted/processed electronically? Will PSM ask if provider owes state Medicaid agency monies that have not been paid and collect those monies or arrange for repayment at time of enrollment? No, not currently a PSM function.”
“The PSM shall accept, validate, and process transactions or user entries to update and maintain provider information.”;
“The PSM shall maintain providers’ drug enforcement administration (DEA) numbers.”;
“The PSM shall have the capability to ensure that providers that have a history of fraud are flagged with a higher risk level at the time of screening”;
“The PSM shall have the capability to capture critical attributes including licensing information, financial data, and any other data attributes which could impact a risk level.”;
“The PSM shall collect and maintain licensure information to include at a minimum, licensing state, license number, licensure begin and end dates.”;
“The PSM shall provide a rejection reason if an application is rejected.”;
“The PSM shall have the capability to create a high-risk list to ensure that providers that are suspected or known to be fraudulent are flagged at the time of screening.”;
“The PSM shall flag and route records for action if multiple internal state assigned provider numbers are associated with a single provider.”;
“The PSM shall separate providers into risk categories limited, moderate, and high based on provider type, as established by CMS.”;
“The PSM shall screen limited-risk providers by verifying that the provider or supplier meets all applicable federal regulations and state requirements for the provider or supplier type, conducting license verifications, including licensure verifications across state lines for physicians, non-physician practitioners, providers and suppliers, and conducting database checks on a pre-and post-enrollment basis to ensure that providers and suppliers continue to meet the enrollment criteria for their provider/supplier type.”;
“The PSM shall conduct a fingerprint-based criminal background check for high-risk provider types.”;
COMMENT: “Will process to conduct FCBC include coordination with state’s program that is part of National Background Check Program? Possible but no specific requirement for this external interface currently. How will result be communicated to State agency’s Fiscal Agent? Unknown at this point. Will be part of the integration with the other components of MMIS.”
“The PSM shall change a provider’s risk level due to: imposition of a payment suspension within the previous 10 years; termination from billing Medicaid; exclusion by the OIG; revocation of billing privileges by a Medicare contractor within the previous 10 years (and such provider/supplier is attempting to establish additional Medicare billing privileges by enrolling as a new provider or supplier or establish billing privileges for a new practice location); exclusion from any federal health care program; subject to any final adverse action (as defined in 42 CFR 424.502) within the past 10 years; instances in which CMS lifts a temporary moratorium for a particular provider or supplier type and a provider or supplier that was prevented from enrolling based on the moratorium, applies for enrollment as a Medicare provider or supplier at any time within 6 months from the date the moratorium was lifted.”;
“The PSM shall compare monitoring statistics (e.g. license expirations that were not caught within a month, total number of sanctions) from one month to the next.”;
“The PSM shall have the capability to create a learning system to ensure that observed negative trends factor back into screening rules so as to flag suspicious enrollments early in the screening process, ensuring the ability to detect and reduce/eliminate the incidence of false positives.”;
“The PSM shall send letter confirming enrollment.”;
COMMENT: “How will this work if the State Medicaid agency has enrollment requirements outside of what is collected/processed via PSM? What else is required from WV for the PSM? It is possible for PSM to use workflow to configure outside enrollment - will need additional requirements. Otherwise, content of the letter could be configurable to indicate what processes are completed.”
“The PSM shall notify providers 90 days before their enrollment expires, so that they can go through revalidation.”;
“The PSM shall automatically reject applications that do not include all mandatory information.”;
“The PSM shall have the capability to track and support the screening of applications (and ongoing provider updates) for National Provider Identifier (NPIs), State licenses, Specialty Board certification as appropriate, review team visits when necessary, and any other State and/or Federal Requirement.”;
“The PSM shall cross-reference license and sanction information with other state or federal agencies.”;
“The PSM shall have the turnaround time for performing automated checks typical for a web based system”;
“The PSM shall provide comprehensive verification of all (verifiable) data fields for all providers enrolled”;
“The PSM shall improve efficiency of the Screening Solution in terms of cost and schedule to actually implement “;
“The PSM shall Improve effectiveness of the risk-screening model in detecting fraud based issues”;
“The PSM shall Improve technical soundness of risk-scoring in flagging potential fraudulent patterns and tendencies”;
“The PSM shall define a common workflow for collecting enrollment information of individual providers”;
“The PSM shall save administrative/infrastructure cost by providing a multi-tenant provider screening solution”;
“The PSM shall reduce the time needed by providers to submit new/renewal application information and resolve discrepancies.”;
“The PSM shall reduce processing and transaction time for submitting and receiving queries to authoritative data sources regarding provider credentials and sanctions.”;
“The PSM shall validate, and/or verify that all data items that contain self-checking digits (e.g., National Provider Identifier) passes a specified check-digit test.”;
“The PSM shall show a list of settings in which a provider might see clients/patients, including “”Other.”“”;
“The PSM shall allow applicants to choose multiple care settings.”;
“The PSM shall allow providers to update information and initiate re-screening process (e.g., in the following situations: name change, change of ownership/operator - whether or not it is the same practice location, address change, Federal Tax Identification Number change at same practice location, change from Social Security Number to Federal Tax Identification Number at same practice location, change from Federal Tax Identification Number to Social Security Number at same practice location, payment name or address change, and additional service location)”;
“The PSM shall provide space for results of on-site visits, for moderate- and high-risk provider types.”;
“The PSM shall support the Extract, Transform and Load (ETL) processes from real-time web services or batch processes.”;
“The PSM shall issue Medicaid provider ID number to each approved provider.”;
COMMENT: “Medicaid provider ID aka Atypical Provider Identifier (API). Could be part of the help tip to include API. If necessary, could change the Medicaid provider ID text field by adding the following: (or Atypical Provider Identifier).”
“The PSM shall allow providers to terminate their enrollment on a specified date.”;
COMMENT: “PSM should capture a termination reason code. Need a list of termination reason code from WV. Have requirement for termination screen but not implemented yet in PSM. ”
“The PSM shall require providers to give 30 days notice before terminating enrollment.”;
“The PSM shall require PC Plus providers to give 90 days notice before terminating enrollment.”;
“The PSM shall maintain the capability to limit billing and providers to certain benefit plans, services, by procedure codes, ranges of procedure codes, member age or by provider type(s) or as otherwise directed by the State.”;
“The PSM shall require revalidation period to be configurable.”;
“PSM shall terminate enrollment if revalidation is not completed. “;
“The PSM shall capture a termination reason code that is provided by the State”;
“The PSM shall download all monitoring risk scores for each month as a CSV”;
“The PSM shall maintain date-specific provider enrollment and demographic data.”;
“The PSM shall maintain an audit trail of all updates to the provider data, for a time period specified by the state.”;
“The PSM shall remember previous rejected providers and reasons for rejection corresponding form fields”;
“The PSM shall, to extent permitted by law, make screening data available for analytics and other reporting purposes.”;
COMMENT: “Does this include development of and tech support for common enrollment reports? Tech support for ad hoc reports? Tech support report will be provided separately and not part of PSM. Currently no reporting against database with PSM, this would be a separate requirement for ad-hoc report generation. Question for WV: what reports are you interested in?”
“The PSM shall keep a record of the date of each screening/monitoring event, the score, and the agencies decision for each provider.”;
“The PSM shall store monthly audit record for a provider even if their information has not changed.”;
“The PSM shall provide an input to document the nature for the type of screening/monitoring event, the score, and the agencies decision for each provider.”;
“The PSM shall provide per-field instructions on the application screen.”;
“The PSM shall provide detailed instructions for completing the application via a Help link.”;
“The PSM shall not send re-screening results to admin for review if provider information has not changed.”;
“The PSM shall provide a screen to verify entered information.”;
“The PSM shall allow applicant to edit entered information.”;
“The PSM shall allow applicant to print application for their records.”;
“The PSM shall allow applicant to save a partial application as a draft.”;
“The PSM shall indicate which fields are required.”;
“The PSM shall prevent application submission if required fields are empty.”;
“The PSM shall show integrated history of a provider record – allow users to scroll back in history to see changes over time without needing to navigate to separate files.”;
“The PSM shall validate entered information as provider fills out application (not at the end of the process).”;
“The PSM shall provide a configurable time frame for a “”stale”” enrollment draft application. “;
“The PSM shall support communications to and from providers and track and monitor responses to the communications.”;
“The PSM shall generate information requests, correspondence, or notifications based on the status of the application for enrollment.”;
“The PSM shall support automated criminal background checks for all providers as specified by the State.”;
“The PSM shall produce notices to applicants of pending status, approval, or rejection of their applications.”;
“The PSM shall add a attestation, using configurable link or text, to the reading and understanding of the required state Medicaid agency materials prior to enrollment. “;
“The PSM shall integrate provider-type business rules described in the Enrollment Information Guide into the system.”;
“The PSM shall integrate records with MO HealthNet.”;
“The PSM shall support a provider appeals process in compliance with federal guidelines (42 CFR 431.105)”;
“The PSM shall verify provider eligibility in support of other system processes, i.e. payment of claims.”;
“The PSM shall ensure proprietary interfaces and protocols between modules are not used.”;
“The PSM shall validate HIPAA Taxonomy codes against http://www.wpc-edi.com/codes/taxonomy”;
“The PSM shall use a mix of manual and automated business processes.”;
“The PSM shall perform advanced information monitoring and routes system alerts and alarms to communities of interest when the system detects unusual conditions.”;
COMMENT: “Log file and screen alert to the operator (e.g. lost connectivity to external system/database)”
“The PSM shall use a standards for message format to ensure interoperability (e.g. XML JSON)”;
“Transport interoperability - The PSM shall comply with standard data transfer protocols as applicable to health IT systems, their constituent elements/modules, and services”;
COMMENT: “Currently using FHIR protocol ”
“Syntactic interoperability - The PSM shall comply with national standards for data message formatting, as applicable to health IT systems, their constituent elements/modules, and services “;
“Semantic interoperability - The PSM shall use standardized code sets to enable the processing and interpretation of received data as applicable to health IT systems.”;
COMMENT: “Evidence: PSM is currently using NPI as a standardized code set demonstration, allowing loading of the provider type code ”
“The PSM shall adopt MITA-recommended ESB, automated arrangement, coordination, and management of system.”;
“The PSM shall conduct reliable messaging, including guaranteed message delivery (without duplicates) and support for non-deliverable messages.”;
COMMENT: “Evidence: documentation for ESB integration”
“The PSM shall use RESTful and/or SOAP-based web services for seamless coordination and integration with other U.S. Department of Health & Human Services (HHS) applications and intrastate agencies.”;
“The PSM shall document all interfaces in an Interface Control Document (ICD), along with how those interfaces are maintained.”;
“Loosely coupled APIs - The PSM module dependencies shall be minimized to the greatest extent possible.”;
“Clearly documented - The PSM shall provide detailed API documentation provided for every API. “;
“The PSM shall support the architecture adopted to preserve the ability to efficiently, effectively, and appropriately exchange data with other participants in the health and human services enterprise.”;
COMMENT: “Satified with the API requirements”
“The PSM design documents shall utilize a widely supported modeling language (e.g., UML, BPMN).”;
“The PSM shall support a Logical Data Model (LDM) in the identification of data classes, attributes, relationships, standards, and code sets for intrastate exchange.”;
“The PSM of shall use standardized business rules definitions that reside in a separate application or rules engine.”;
“The PSM shall provide an architecture diagram depicting how it is technically structured.”;
COMMENT: “This is requested by Anshuman during the 8/10/17 PSM status meeting”
“To the greatest extent possible, the PSM shall be browser agnostic. “;
“The PSM shall support a user security profile that controls user access rights to data categories and system functions.”;
“The PSM shall have standard Access Control specifications to include: (i) Assigning a unique name and/or number for identifying and tracking user identity. (Required) (iii) Implementing electronic procedures that terminate an electronic session after a predetermined time of inactivity. (Addressable) “;
“The PSM shall support roles and responsibilities of individuals that are separated through assigned information access authorization as necessary to prevent malevolent activity.”; C.f. psm-AD-5.2,
“After 15 minutes of inactivity, the PSM shall initiate a session lock; the session lock should remain in place until the user reestablishes access using established identification and authentication procedures.”;
“The PSM shall use only FIPS Pub 140-2-approved (or higher) encryption algorithms.”;
“The PSM shall verify that required data items are present and retained (See SMM 11375) including all data needed for State or Federal reporting requirements.”;
“The PSM shall check Provider Screening Applications to ensure that all required attachments, per the reference records or edits, have been received and maintained for audit purposes or have been submitted prior to the Provider Screening Applications and a prior authorization has been established.”;
“The PSM shall verify that all data necessary for legal requirements are retained.”;
“The PSM shall verify that all dates are valid and reasonable.”;
“The PSM shall have an open source repository and source code base organized to be welcoming to outside contributors.”
“The PSM shall include and undergo automated testing at regular intervals, through continuous integration and deployment processes. The PSM shall also undergo manual testing and QA as needed.”
“The PSM shall use modern source code dependency management techniques, and shall use up-to-date versions of upstream third-party dependencies.”
“The PSM shall use documented build, test, release, and installation processes that are automated as much as possible, for both development and production use.”
“The PSM shall use D.R.Y. coding principles to avoid unnecessary complexity, inflexibility, redundancy, and denormalization in the source code and database schemas, and to use precise terminology in data structures and operations.”
“The PSM shall use system resources efficiently and in proportion to operational demands and data size.”
“The PSM shall be configurable where feasible.”
“The PSM shall be secure from unauthorized access or use, and shall sanitize inputs and outputs where possible so as to avoid compromising itself or other systems.” C.f. psm-AD-5.1
“The PSM shall be accessible in compliance with Section 508 of the Rehabilitation Act.” C.f. psm-AD-2.1, psm-AD-2.2
“The PSM’s user interface shall be as simple, comprehensible, navigable, reliable, robust in the face of error, and responsive as possible.”
“The PSM shall support searching and pattern-matching based on all fields accepted as input (and based on all reasonable combinations of such fields).”
“The PSM shall have the ability to enforce limits on the number of providers of a given type enrolled simultaneously.”
“The PSM shall support admin-configurable automated re-screening. C.f. psm-FR-7.3.”
“The PSM shall support provider agents (a.k.a. service agents a.k.a. non-provider users) who act on a provider’s behalf and whose authorization may be a subset of that provider’s.”