Pago Pago, AMERICAN SAMOA — The American Samoa Medicaid State Agency “lacks a documented policy to control and manage the use of the electronic signatures, e-signatures,” says the Territorial Audit Office (TAO) in one of its findings following a Performance Audit for the Medicaid Agency, for fiscal years ending Sept. 30, 2022.

Part four of the Samoa News reports on this audit looks at what the TAO auditors said about e-signatures, and four lawmakers — who have reviewed the Performance Audit — told Samoa News that they hope TAO looks at this same important issue for other ASG agencies that use e-signatures, as it’s becoming commonly used throughout the government.

And the lawmakers also hope that suggestions made by TAO for  the Medicaid Office, can be adopted by other ASG agencies that use e-signatures.

“As the use of the e-signatures become more prevalent in businesses, it may be useful to consider adopting a policy for the use of e-signatures,” TAO auditors suggest. Such policy, they say, can provide guidance and authorization on:

•           Who within the Agency is authorized to utilize the e-signature?

•           What types of transactions are appropriate for the e-signature?

•           When should the e-signature be used?

•           Who in the Agency is to oversee the administration of the e-signature policy?

•           Who will be held accountable for any misuse of the e-signature?

“We understand that a designated senior employee was given the approval to use the Medicaid Director’s e-signature,” the auditors said, but the auditors point out that they were unable to validate the pre-approval for use of e-signature from the documentation sample reviewed for the audit.

According to TAO, this raises concerns about whether transactions were properly authorized.

“Given the nature of work at the Agency and the need for the Director to represent the Agency in off- island meetings, e-signatures are a necessary tool,” TAO noted.

“However, according to the Agency Director, documenting and filing the e-signature authorization was overlooked due to the Director's busy schedule but an area the Agency is committed to addressing going forward,” the auditors said.

TAO recommends that the Medicaid Agency develop procedures for the use and acceptance of e-signatures and ensure that proper controls are in place to respond to any risk of misuse or unauthorized use of the signature.

In its response to the finding, Medicaid Agency management agrees that a policy for the use of the Medicaid Director's e-signature and all staff and external signatures “need to be expressly documented and communicated,” according to the TAO report, which included the response.

The Medicaid Agency explained that it conducts nearly 80% of its work over email with electronic documents being shared over email and HIPPA compliant secured email with Hawaii and federal agencies.

(HIPAA — the Health Insurance Portability and Accountability Act — is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient's consent or knowledge.)

The Medicaid Agency response said it has an internal policy that the use of the Medicaid Director's e-signature shall only be used when the Medicaid Director is on work travel and not available on island to personally provide her signature on work documents.

Medicaid further notes that the use of e-signatures has become a necessary and common practice to streamline digital communication — often times communication that cannot be delayed due to the unavailability of the Medicaid Director.

“E-signatures are an accepted protocol that makes the execution and delivery of legal documents — reports, email, Medicaid State Plan Amendments, letters — efficient and is a standard operating procedure in digital communication with the US Centers for Medicare and Medicaid Services (CMS) and other federal agencies,” Medicaid management explained.

Furthermore, the Medicaid Agency “shall finalize and formally adopt an e-signatures policy.”