An e-Government Interoperability Framework to ...

7 downloads 242 Views 1MB Size Report
15 Office of Inspector General (OIG). (2016). Medicare and Medicaid Program Integrity: Combatting Improper Payments and Ineligible Providers. Retrieved from.
An e-Government Interoperability Framework to Reduce Waste, Fraud, and Abuse Full Paper

Peter B. Nichol, MBA, BSCIS, PMP, Six Sigma MBB, CMPI, CQM, CSM, SA, SP Digital and Innovation Expert Managing Director Oroca Innovations [email protected]

Abstract — The aim of this paper is to present a practical approach for separate entities to share information within the United States through an e-Government Interoperability Framework. Waste, fraud, and abuse have increased year-over-year in Medicare, Medicaid, and the Children's Health Insurance Program (CHIP). Interoperability frameworks based on a foundation of digital ledger technologies have the potential to connect disparate information systems. This paper presents an Interoperability Framework to connect the public and private sector together, with minimal impact to legacy federal, state, and private information systems. The Interoperability Framework is a distributed (no central operator), heterogeneous (connects systems on any platform), and secure (authenticity, integrity, and non-repudiation of exchanged data) approach to an inter-organizational data exchange framework without changing the ownership or location of data. Keywords — Blockchain, Interoperability, e-Government, Distributed Digital Ledger, Medicare, Medicaid, CHIP, and eIdentity.

I.

I NTRODUCTION

Waste, fraud, and abuse of government programs can be dramatically improved by leveraging distributed ledger technologies without placing undue burden on fragile legacy systems. Medicare, Medicaid, and the Children's Health Insurance Program (CHIP) are federal programs that provide health insurance coverage to 100 million low-income, elderly, and disabled individuals. Medicare is a federal health insurance program for individuals who are 65 or older, certain younger people with disabilities, and people with end-stage renal disease (permanent kidney failure requiring dialysis or a transplant, sometimes called ESRD).1

Medicare is comprised of four primary parts that help cover specific services: 1.

Medicare Part A (Hospital Insurance).

2.

Medicare Part B (Medical Insurance).

3.

Medicare Part C (Medicare Advantage Plans).

4.

Medicare Part D (Prescription Drug Coverage).2

The federal and state Medicaid programs cover children, the elderly, blind, and disabled and other people who are eligible to receive federally assisted income maintenance payments. The Children’s Health Insurance Program “provides low-cost health coverage to children in families that earn too much money to qualify for Medicaid. In some states, CHIP covers pregnant women. Each state offers CHIP coverage, and works closely with its state Medicaid program.”3 Waste, abuse, and fraud are rising in government-sponsored programs. The burden to US taxpayers is not measured in millions; this significant vulnerability is measured in billions. The U.S. Government Accountability Office reported improper payments across the U.S. government were $236.7 billion for the FY 2015, up $30 billion over FY 2013. The Improper Payments Elimination and Recovery Act of 2010 (H.R. 3393) requires federal agencies to periodically review and report on major programs that are susceptible to improper payments. 4 The 2016 U.S. Government Accountability Office found in a report to Congressional Committees Improper Payments Report that for FY 2014 “15 of the 24 Chief Financial Officers Act (CFO Act) agency inspectors general (IG) determined that their agencies did not comply with criteria in the Improper Payments Elimination and

U.S. Centers for Medicare &, & Medicaid Services. (2017). What’s Medicare? Retrieved from https://www.medicare.gov/sign-up-change-plans/decide-how-to-getmedicare/whats-medicare/what-is-medicare.html 2 Ibid. 3 U.S. Centers for Medicare & Medicaid Services. (2017). Children’s Health Insurance Program (CHIP) Eligibility Requirements. Retrieved from https://www.healthcare.gov/medicaid-chip/childrens-health-insurance-program/ 4 Murphy, P. (2010). Text - H.R.3393 - 111th Congress (2009-2010): Improper Payments Elimination and Recovery Act of 2010 [legislation]. Retrieved from https://www.congress.gov/bill/111th-congress/house-bill/3393/text 1

1

Recovery Act of 2010 (IPERA).” 5 II.

WASTE, FRAUD, AND ABUSE IS A PROBLEM FOR GOVERNMENT PROGRAMS

The U.S. Department of Health and Human Services FY 2017 budget is $1.013 trillion with a proposed law pending to expand the FY 2017 budget to $1.017 trillion with a net increase of $25.317 billion over 2016 levels.6 Improper payments through Medicare for 2015 totaled $43.3 billion with an average improper payment rate of 12 percent.7 Durable medical equipment, prosthetics, orthotics, and supplies (DMEPOS) had an improper payment rate of 39.9 percent. Medicare Part A (hospital insurance) had a 14.7 percent improper error rate when the hospital inpatient prospective payment system (IPPS) was excluded. Improper payments are not all fraudulent, a common misperception. Fraud is defined as an intentional misuse of funds. The vast majority of improper payments result from unintentional error, for example, “payments made in error due to lack of documentation validating payment accuracy e.g. a state program does not have documentation to support a beneficiary’s eligibility for a benefit.”8 Improperly high or low payments to beneficiaries also can be due to manual entry mistakes. It is worth noting that not all improper payments are fraud. Some of the payments labeled improper may have actually been proper. However, without proper documentation, payments were sent to beneficiaries without eligibility – giving away taxpayer income. Four primary categories classify improper payments: (1) Federal Funds Going to the Wrong Beneficiary, (2) Incorrect Amount of Payment Received (Over or Under Payment), (3) Payments Made Without Sufficient Documentation (Paying Ineligible Beneficiaries), and (4) Improper Use of Funds by Beneficiaries. The Payment Error Rate Measurement (PERM) program of 2002 (later amended in 2010 by the Improper Payments Elimination and Recovery Act or IPERA) requires program administers to review “at risk” government sponsored programs for improper payments. Program administration must review programs they administer, identify potentially improper payments, provide a financial estimation of the improper payments, and submit an improper payment report to Congress. These actions cumulate with an action plan identifying the steps the agency is taking to reduce improper payments.9

going to the wrong person, wrong amount, or paid out for the wrong reason. However, all improper payments erode the credibility of government programs and compromise citizens’ trust in government.10 The objective of IPERA is to identify programs susceptible to improper payments and establish these programs as high risk. The regulation defines “high risk” as programs exceeding Medicare payments of either: (1) $10,000,000 and 1.5 percent of the program’s expenditures or (2) just $100,000,000. Stricter reporting requirements do apply when the Director of the Office of Management and Budget (OMB) identifies a high-risk program. This action triggers additional reporting. Additionally, high-risk programs must use statistically valid methods approved by the Director of OMB.11 The Office of the Inspector General, U.S. Department of Health & Human Services has identified their “Top Management and Performance Challenges” in an effort to fulfill its mission “to enhance the health and well-being of Americans by providing effective health and human services and by fostering sound, sustained advances in the sciences underlying medicine, public health, and social services.’12 The top management and performance challenges were defined as the following: (1) Overseeing the Health Insurance Marketplaces, (2) Transitioning to Value-Based Payments for Heath Care, (3) Ensuring Appropriate Use of Prescription Drugs in Medicare and Medicaid, (4) Protecting the Integrity of an Expanding Medicaid Program, (5) Fighting Fraud and Waste in Medicare Parts A & B, (6) Preventing Improper Payments and Fraud in Medicare Advantage. (7) Ensuring Quality of Care in Nursing Facilities and Home and Community-Based Settings, (8) Effectively Using Data and Technology to Protect Program Integrity, (9) Protecting HHS Grants and Contract Funds from Fraud, Waste, and Abuse, and (10) Ensuring the Safety of Food, Drugs, and Medical Devices.13 Management challenge number six identifies the prevention of improper payments and fraud in Medicare Advantage (MA) as a top ten management challenge for the U.S. Department of Health and Human Service. Medicare makes capitated payments to MA, Part C of Medicare, for a specific set of healthcare benefits. “MA organizations submit bids to CMS related to their expected costs for the upcoming year to calculate a standard monthly payment rate per beneficiary. This standard rate is then risk-adjusted (increased or decreased) based on the health characteristics of individual enrolled beneficiaries; i.e., Medicare will make higher monthly payments on behalf of sicker beneficiaries.” 14

The government defines “improper payments” as payments 5

United States Government Accountability Office. (2016). Report to Congressional Committees June 2016 GAO-16-554: IMPROPER PAYMENTS CFO Act Agencies Need to Improve Efforts to Address Compliance Issues. Retrieved from http://www.gao.gov/assets/680/678154.pdf 6 U.S. Department of Health & Human Services. (2017). FY 2017 Budget in Brief - CMS - Overview. Retrieved from https://www.hhs.gov/about/budget/fy2017/budgetin-brief/cms/index.html 7 Centers for Medicare and Medicaid Services. (2015). Medicare Fee-For-Service 2015 Improper Payments Report. Retrieved from https://www.cms.gov/ResearchStatistics-Data-and-Systems/Monitoring-Programs/Medicare-FFS-Compliance-Programs/CERT/Downloads/MedicareFeeforService2015ImproperPaymentsReport.pdf 8 Payment Accuracy. (2017). FAQ – Payment Accuracy. Retrieved from https://paymentaccuracy.gov/faq/ 9 U.S. Centers for Medicare & Medicaid. (2017). Payment Error Rate Measurement (PERM). Retrieved from https://www.cms.gov/Research-Statistics-Data-andSystems/Monitoring-Programs/Medicaid-and-CHIP-Compliance/PERM/index.html?redirect=/perm 10 Payment Accuracy. (2017). FAQ – Payment Accuracy. Retrieved from https://paymentaccuracy.gov/faq/ 11 Project On Government Oversight. (2016). Federal Improper Payments Are Significant, Costing Taxpayers Billions. Retrieved from http://www.pogo.org/ourwork/reports/2016/introduction-to-improper-payments.html#title-what-are-improper-payments 12 Office of Inspector General (OIG). (2017). Top Management and Performance Challenges. Retrieved from https://oig.hhs.gov/reports-and-publications/topchallenges/2016/ 13 Ibid. 14 Ibid.

2

III.

INELIBILE BENEFICIARIES CONTINUE TO RECEIVE PAYMENTS

implement a new category system in 2015. The result was the additional of seven new root-cause categories.

Medicare and Medicaid accounted for $88.8 billion or 99 percent (98.88 precisely) of the improper payments reported by HHS for FY 2015. Improper Medicaid payments totaled $29.1 billion, and improper Medicare traditional fee-for-service accounted for $43.3 billion.15 Improper payment rates must improve to protect the viability of Medicare and Medicaid. During testimony before the United State House of Representative Committee on Energy and Commerce, the Subcommittee on Oversight and Investigations, Ann Maxwell Assistant Inspector General, Office of the Evaluation and Inspections, Office of the Inspector General for the Department of Health and Human Services discussed the improper payments in Medicare and Medicare and the safeguards for prevention. To better understand improper payments, let’s split them into two categories for identification:

1.

Insufficient Documentation Accuracy of Payment Errors.

to

Determine

2.

Inability to Authenticate Eligibility Errors.

3.

Administrative or Process Errors.

4.

Medical Necessity Errors.

5.

Failure to Verify Data Errors.

6.

Issues with Program Design or Structure.

7.

Other Reasons, Including Fraud.

the

Reviewing the annual improper payment totals reported by agencies between 2003 and 2015 offer helpful insights into the fraud trend line – the cumulative improper payments have exceeded $1 trillion.

1.

Overpayments: paying an entity more than it was owed.

For FY 2015, overpayments accounted for $126 billion (92 percent) and underpayments accounted for $11 billion (8 percent).

2.

Underpayments: paying an entity less than it was owed.

Observing the history of improper payments shows an escalating problem: 2003 ($35 billion), 2004 ($46 billion), 2005 ($39 billion), 2006 ($41 billion), 2007 ($49 billion), 2008 ($72.5 billion) 2009 ($109.2 billion), 2010 ($120.6 billion), 2011 ($115.7 billion), 2012 ($107.1 billion), 2013 ($105.8 billion), 2014 ($124.6 billion), and 2015 ($136.9 billion).17

Agencies are required to determine root causes after they analyze their payment data and historical estimates. Before 2015, agencies were only required to classify improper payments into three categories. 1.

Documentation and Administrative Errors: The agency administering the program lacks supporting documentation necessary to verify the accuracy of the recipient’s claim for federal benefits.

2.

Authentication and Medical Necessity Errors: The agency administering the program is unable to confirm that the recipient meets all the requirements for receiving payment; the verifying information does not exist or is not accessible.

3.

Verification Errors: Errors caused by the failure to verify recipient information, including earnings, income, assets, or work status, even though verifying information does exist and is accessible.16

Documentation and administrative errors included incorrect inputting, classifying, or processing of applications or payments by a federal agency, state agency, or third party who is not the beneficiary. Authentication and medical necessity errors occurred when services were provided when not medically necessary. For example, a patient that did not require a wheelchair might have been provided a power wheelchair. Verification errors occur when beneficiaries fail to report information or changes in status. For example, changes in earnings that resulted in the beneficiary no longer being eligible for unemployment insurance payments. Insufficient and vague “root cause” categories prompted the Office of Management and Budget, the largest office within the Executive Office of the President of the United States (EOP), to

The improper payments by agency sorted by improper payment amounts over $1 billion FY 2015 included: Department of Health and Human Services ($89.775 billion), Department of the Treasury ($15.6 billion), Social Security Administration ($9.8 billion), Department of Agriculture ($6.339 billion), Department of Veterans Affairs ($4.976 billion), Department of Labor ($3.638 billion), Department of Education ($1.866 billion), Department of Housing and Urban Development ($1.311 billion), Department of Defense – Military Programs ($1.256 billion), and Small Business Administration ($1.054 billion). The improper payments by programs with over $1 billion in improper payments for FY 2015 include: Medicare Fee-for-Service ($43.3 billion), Medicaid (29.1 billion), Earned Income Tax Credit (EITC) (15.6 billion), Medicare Advantage (Part C) ($14.1 billion), Retirement, Survivors, and Disability Insurance (RSDI) ($5 billion), Supplemental Security Income (SSI) ($4.8 billion), Unemployment Insurance (UI) ($3.5 billion), Supplemental Nutrition Assistance Program (SNAP) ($2.6 billion), Medicare Prescription Drug Benefit (Part D) ($2.2 billion), National School Lunch Program (NSLP) ($1.8 billion), Rental Housing Assistance Programs ($1.3 billion), and William D. Ford Federal Direct Loan Program ($1.3 billion). The improper payments total for programs with over $1 billion in improper payments sorted by error rate for FY 2015 include: Earned Income Tax Credit (EITC) (23.8 percent), National School Lunch Program (NSLP) (15.7 percent), Medicare Fee-for-Service (12.1 percent), Unemployment Insurance (UI) (10.7 percent),

15

Office of Inspector General (OIG). (2016). Medicare and Medicaid Program Integrity: Combatting Improper Payments and Ineligible Providers. Retrieved from https://oig.hhs.gov/testimony/docs/2016/maxwell-testimony05242016.pdf 16 Payment Accuracy. (2016). About Improper Payments. Retrieved from https://web.archive.org/web/20160201102842/https://paymentaccuracy.gov/about-improperpayments 17 Project On Government Oversight. (2016). Federal Improper Payments Are Significant, Costing Taxpayers Billions. Retrieved from http://www.pogo.org/ourwork/reports/2016/introduction-to-improper-payments.html#title-what-are-improper-payments

3

Medicaid (9.8 percent), Medicare Advantage (Part C) (9.5 percent), Supplemental Security Income (SSI) (8.4 percent), Rental Housing Assistance Programs (4 percent), Supplemental Nutrition Assistance Program (SNAP) (3.7 percent), Medicare Prescription Drug Benefit (Part D) (3.6 percent), William D. Ford Federal Direct Loan Program (1.3 percent), and Retirement, Survivors, and Disability Insurance (RSDI) (.6 percent).

Interoperability, therefore, is not determined by the interaction of a single entity but rather the ecosystem of interaction and the relationships among a network of entities. Context-dependent influencing factors must be designed into interoperable systems to consider both technical and non-technical factors.

The four agencies with the highest improper payments for FY 2015 include:

A practical framework for secure e-Governments requires technical architecture areas supported by seven interoperability principles. The technical architecture must address six areas:

1.

Department of Health and Human Services (HHS) with $89.8 billion.

2.

Department of the Treasury (Treasury) with $15.6 billion.

3.

Social Security Administration (SSA) with $9.8 billion

4.

Department of Agriculture (USDA) with $6.3 billion.18

The four agencies with the highest error rates for FY 2015 include: 1.

Treasury with 23.78 percent.

2.

HHS with 10.18 percent.

3. 4.

THE SEVEN PRINCIPLES OF INTEROPERABILITY

1.

Application Development Architecture.

2.

Infrastructure Architecture.

3.

Security Architecture.

4.

Data & Information Architecture.

5.

Business Intelligence Architecture.

6.

Services Oriented Architecture (SOA) and Integration Architecture.

Similarly, the seven e-Government Interoperability Framework principles must be addressed within one or more architecture layers. 1.

Policies, Standards, Guidelines, & Procedures.

Department of Labor (Labor) with 9.47 percent.

2.

Common Standards & Protocols.

USDA with 5.70 percent.

3.

Secure Data Exchange.

4.

Entity & Transaction Authenticity.

5.

Abnormal Activity Monitoring & Thresholds.

6.

Audit Capabilities.

7.

Entity Collaboration.

The Office of the Inspector General recommended several areas of improvement during the subcommittee on Oversight and Investigations hearing when Medicare and Medicare did not meet the target for reduction in improper payments of 10 percent (a statutorily required target level). The FY 2015 target for Medicare was 8.5 percent that was missed by 10.5 percent, and the FY 2015 target for Medicaid was 6.7 percent that missed by 31.6 percent. 19 There is significantly more work remaining to reign in the improper payments for Medicare, Medicaid, and the Children's Health Insurance Program (CHIP). IV.

V.

INTEROPERABLE INFORMATION SYSTEMS REDUCE WASTE, FRAUD, AND ABUSE

Interoperability is the alignment of Data Exchange, Meaning Exchange, and Process Agreement among heterogeneous systems. Data exchange relates to whether information can be exchanged between entities. Meaning Exchange addresses whether all involved entities assign the same meaning to information. Process Agreement captures how entities act on information that has been exchanged.20 Organizational (Process Agreement), semantic (Meaning Exchange), and technical (Data Exchange) interoperability are influenced by political, social, economic, technological, environmental, and legal factors. This complex mix of forces increases pressures on entities to resolve issues independently, resulting in duplicative efforts and financial expenditures.

The seven e-Government Interoperability Framework principles establish the foundation for government collaboration. (1) Policies, Standards, Guidelines, & Procedures ground the initiative with a structural framework for collaboration and compliance to consensus driven standards. The defined policies set high-level standards. Standards introduce low-level mandatory controls. Guidelines supplement standards by presenting recommended, non-mandatory controls while procedures offer step-by-step instructions to assist actors in implementing the various policies, standards, and guidelines. (2) Common Standards & Protocols provide instruction for communication. (3) Secure Data Exchange allows providers and consumers of data to send and receive data securely. (4) Entity & Transaction Authenticity protect messages by ensuring data integrity of data transmitted. (5) Abnormal Activity Monitoring & Threshold define the upper and lower boundaries for acceptable activity tolerances. (6) Audit Capabilities dynamically audit activity once tolerances have been exceeded. (7) Entity Collaboration is the model for establishing consensus among the entities. VI.

18

INTEROPERABILITY TERMINOLOGY

Ibid. Office of Inspector General (OIG). (2016). Medicare and Medicaid Program Integrity: Combatting Improper Payments and Ineligible Providers. Retrieved from https://oig.hhs.gov/testimony/docs/2016/maxwell-testimony05242016.pdf 20 Novakouski, M., & Lewis, G. A. (2012). Interoperability in the e-Government Context (p. 35). Carnegie Mellon University. Retrieved from www.sei.cmu.edu/reports/11tn014.pdf 19

4

18. Web services: software accessible over the Internet, using a standardized XML message system.

For the purpose of this paper, I use the following definitions: 21

1.

Authentication: identification plus verification.

2.

Blockchain: a distributed database of records shared among participating parties.

VII.

3.

Certificate Authorities: the issuing authority for digital certificates.

4.

Cryptographic Hash Function: a deterministic procedure to map data of arbitrary size to data of a fixed size.

5.

Data Exchange Layer: an interoperability framework for data exchange for information systems using digital registers.

Interoperability rests on the foundation that data transferred between entities has not been altered or tampered. Until the 1990s, the most accepted method of establishing cryptographic timestamping (evidence or proof that data transferred had not been altered) was the use of a trusted third-party, called a timestamping authority (TSA).23 Introduced by Haber and Stornetta, this model’s primary flaw was that every entity or member, in the e-Government network, was required to trust tokens that were issued by the TSA.

6.

Distributed Digital Ledger: a permanent record of who owns what.

7.

Distributed Systems: independent systems linked by a network.

8.

Electronic identification (eID) and Electronic Trust Services (eTS): key enablers for secure cross-border electronic transactions and central building blocks of the Digital Single Market.22

9.

Entity: members that wish to communicate with each other.

TIME-STAMPING TO ENSURE ACCURACY OF DITIAL DATA

In the early 1990s, cryptographic hash functions were found to be an alternative solution that did not require trusting a thirdparty TSA.24 25 This new concept proposed a time-stamping scheme where each token would include data from the proceeding hash and the succeeding hash, called “hash-linking.”26 The TSA still issued tokens; however, every issued token would be nested into a linear list. The elegance of this solution was that the hash function could be used to time-stamp a message without disclosing the message itself. The “message” refers to the data encapsulated, and the “message digest” or “digest” is the hash value. The cryptography hash function evolved in 2008 when Satoshi Nakamoto extended this scheme with the application of distributed ledger technology. When Keyless Signature Infrastructure (KSI) is combined with distributed hashes stored across a network of peers, entities can validate the authenticity of data transmitted, stored, and received.27

10. Identification: the procedure whereby an entity claims a certain identity. 11. Non-repudiation: the assurance that an entity cannot deny something. 12. Secure Messaging: messages with nonrepudiation where a secure platform logs the identity of the sender receiver and transaction.

Keyless Signature Infrastructure (KSI) is an industrial scale blockchain that rather than scaling O(n) or growing linearly with transactions, scales at O(t), grows linearly with time independent of other transactions. KSI verifies data by asserting signing time, signing entity, and data integrity using hash-function based cryptography, which eliminates the dependency to trust a TSA.28

13. Security Servers: servers that establishes secure communications with the Internet. 14. Service Catalogs: producers create, manage, and distribute web services to consumers, who consume the services functionality. 15. Services Adapters: transform messages for systems designed for web services as well as legacy systems. 16. Trust Services: these services include electronic time-stamps, electronic certificates, e-Signed documents storage or management, e-Documents delivery services, e-Signed preservation of edocuments, and e-Signed documents with signature validation. 17. Verification: the procedure whereby a claim is checked. 21

Woo, T. & Lam, S. (1997). Authentication for distributed systems. In Internet besieged, Dorothy E. Denning and Peter J. Denning (Eds.). ACM Press/Addison-Wesley Publishing Co., New York, NY, USA 319-355. 22 European Commission. (2016). Trust Services and eID. Retrieved from https://ec.europa.eu/digital-single-market/en/trust-services-and-eid 23 Truu, Ahto. (2010). Standards for Hash-Linking Base Time-Stamping Schemes. dspace.ut.ee/bitstream/10062/15188/1/Truu_Ahto.pdf. 24 Haber, S. & Stornetta, W. (1991). How to Time-Stamp a Digital Document. Journal of Cryptology 3, no. 2: 99–111. 25 Haber, S. & Stornetta, W. (1997). Secure Names for Bi-Strings.” ACM: In CCS ’97: Proceedings of the 4th ACM Conference on Computer and Communications Security. 28–35. 26 Truu, Ahto. (2010). Standards for Hash-Linking Base Time-Stamping Schemes. dspace.ut.ee/bitstream/10062/15188/1/Truu_Ahto.pdf. 27 Nakamoto, S. (2008). Bitcoin: A Peer-to-Peer Electronic Cash System. Retrieved from https://bitcoin.org/bitcoin.pdf 28 Merkle, R. C. (1979). Secrecy, Authentication, and Public Key Systems (Ph.D. thesis). Stanford University.

5

Keyless Signature Infrastructures provide immutability of permissioned blockchains even when entities (TSA) are unable to monitor the blockchain. The KSI process, to provide proof of existence works, in the following manner: 1.

Hash Signed: the hash of data is signed and sent to the KSI server.

2.

KSI Server Signed: the input (only the hash value) sent to the KSI server is signed.

3.

4.

Send Request (Message)

Encrypt Message

Token Generated: a signed token is created for the given input (immutable proof the input or block existed).

Decrypt Message

State Systems

Translate Message

Federal Systems

Receipt of Transaction Generated: receipt provided to the user as proof the transaction existed.

Hashes (proof of transactions) are stored in a global hash calendar that is accessible to all participating entities and can be used to prove the existence of transactions when combined with the signature token for the given transactions.29 By using distributed ledger technologies, governments are better able to protect infrastructure and data against cyber-attacks by being able to verify data authenticity. VIII.

uc state and federal interoperability

ENTITY TO ENTITY INTEROPERABILITY EXAMPLE

Figure 1.0

browser, or mobile access point) resulting in six primary workflows: three flows into the system and three flows out of the system. The outflow of the system would be the reverse of the inflow.

The interoperability principles enable the coordination (certification, time-stamping, and secure directory access) to upstream and downstream systems among entities. Entity to entity communication occurs through web services that exchange data across heterogeneous platforms. Web services are self-contained and use a secure, standardized protocol for message transmission. Web services provide three functions: (1) service provider, implements and publish, (2) service registry (stores information about it), and (3) service requester discovers and invokes functionality.30

act state and federal interoperability

 Inflow 2: Web browser, web portal, security server, the Internet, security service, adapter server, and citizen database (Medicaid, Medicare, or CHIP).

Send Message

Entities, using a network of web services, can exchange information using web services or Web APIs, one of many protocols that use a secure communication layer.31 Web services can use the eXtensible Markup Language (XML) or REST architectures (use HTTP methods explicitly, be stateless, expose directory structure-like URIs, and transfer XML, JavaScript Object Notation (JSON), or both) to share messages. The term REST Web services typically refers to a resource-based Web services architecture that uses HTTP and XML. Different protocols transmit messages by web services are defined by the web services making these services easier to maintain.

Transform Message (Adapter)

 Inflow 3: Mobile access point, mobile access (WAP, SMS), security server, the Internet, security service, adapter server, and citizen database (Medicaid, Medicare, or CHIP).

Add Security (security Server)

Internet

Figure 1.0 illustrates the UML Use Case State and Federal Interoperability for events of the system. This process is further elaborated in Figure 2.0, which is a UML Activity Diagram of State and Federal Interoperability showing the actions in the process. Figure 3.0 is a UML Sequence Diagram of Request Data from State and Federal Systems. Below provides a simple example of two entities (entity A and entity B) communicating using an e-Government Interoperability Framework. Entity A beneficiary could access the system using a heterogeneous environment (client program, web

Add Security (security Server)

Add Security (security Server)

Transform Message (Adapter)

Transform Message (Adapter)

Federal Systems

State Systems

Figure 2.0

 Inflow 1: Client program, integrated information system security server, the Internet, security server, adapter server, and citizen database (Medicaid, Medicare, or CHIP).

After the request is initiated, it moves from the heterogeneous environment into the unified security environment. This environment is secured by using a security server prior to entering the Internet and immediately upon exiting the Internet. Security servers ensure confidentiality, integrity, availability, and

Emmadi, N., & Narumanchi, H. (2016). Reinforcing Immutability of Permissioned Blockchains with Keyless Signatures’ Infrastructure (p. 6). Presented at the ACM: In Proceedings of the 18th International Conference on Distributed Computing and Networking (ICDCN ’17), New York, NY, USA. https://doi.org/https://doi.org/10.1145/3007748.3018280 30 Sulina, J. (2016). X-Road Web services migration adapter (p. 59). Helsinki Metropolia University of Applied Sciences. Retrieved from https://www.theseus.fi/bitstream/handle/10024/109218/Sulina_Julia.pdf 31 Ibid. 29

6

sd request data from State and Federal systems

Mobile & Browser

Citizen

Web Services

State System

Federal System

requestService askSecureServer findServiceFromProvider1 findServiceFromProvider2 responseServiceProvder1 responseServiceProvider2 responseFromService responseFromService

Figure 3.0

proof, system scalability, detect misuse – however, data does not pass through the central services),32 (3) certificate authority (issues certificates), (4) adapter server (convert request to security server into format understandable by the platform entity and converts into data exchange layers proprietary format for security servers), and (4) monitoring station (check system components).

non-repudiation in a unified way, using a single protocol and single interface Web API. This allows for multiple methods to describe web services such as Universal Description, Discovery, and Integration (UDDI) or Web Services Description Language (WSDL). After passing through the security server, the adapter translates the end point heterogeneous environment (different database systems, technologies, protocols, and interfaces). The result is the end point technical structure (Oracle, SAP, MS SQL, etc.) is irrelevant for establishing data communications.

Using a certificate authority to provide qualified certificates, these certificates enable access to a catalog of services through a secure virtual private network that connects all entities, agencies, institution, and companies sharing information. Established and legacy systems have existing data processing and workflows designed to align with their intended use within the organization. These workflows constrain cross-organizational communication and interoperability. Technical limitations frequently prevent heterogeneous systems from direct interaction between entities.

The Central Authority (CA) approval is required for membership and is a requirement for communication with the network of information system entities. Each entity publishes web services into a register, from which approved entities can consume services. The standardized protocol enables information transmission between heterogeneous platforms.

The beauty of an e-Government Interoperability framework for the State and Federal system is simplicity. By connecting heterogeneous systems, information can move to and from citizen, browser, web service, State system, and Federal systems seamlessly. With properly aligned architecture layers supporting the seven principles, a shared communication is constructed.

The following sequence identifies the six steps from the composition of the message to the message receipt between heterogeneous platforms. 1.

Compose Web services request.

2.

Send request to Security Server.

3.

Transform request by Security Server.

4.

Sent to service provider.

5.

Response from service provider using Web API protocol(s).

6.

Data exchange layer routes message (real-time from system, real-time from user, scheduled, received message).

This shared communication framework enables networked systems to interchange information using a common protocol. The network interoperability decreases system complexity when exchanging data with legacy or disparate systems, a requirement for interconnecting legacy and modern information systems. IX.

GOVERNMENT, CITIZEN, AND BUSINESS BENEFIT OF INTEROPERABLE INFORMATION SYSTEMS

Embracing e-Government Interoperability Frameworks presents financial and non-financial benefits. Medicare, Medicaid, and CHIP can benefit in twelve areas: reduction of improper payments, single data entry, faster registrations,

The data exchange layer includes (1) security servers (authentication, authorization), (2) central servers (third-party

Casey, T., Valovirta, V., & Heino, I. (2016). Interoperability Environment for Smart Cities (InterCity) Report of Phase 1 – Current State. Retrieved from www.vtt.fi/sites/InterCity/en/Documents/InterCity_Report_Phase_1_FINAL.pdf 32

7

improved data quality, reduction in fraud, timelier case decisions, improved C2B and private sector to personal interactions, improved employee satisfaction, expedited eligibility determinations, automated process across entities, and replacement of paper. Let’s briefly elaborate on these twelve benefits. 1.

propositions based on my research of e-Government Interoperability Frameworks that can be applied to government entities within the United States. Virtually all aspects of a digital government stem from connected communications: ePrescription, e-ID, e-School, e-Police, e-Tax, e-Pension Account, e-Health, e-Customs, e-Parking, e-Healthcare, e-Banking, eVoting, e-Business Register, and e-Land registers.

Reduce Improper Payments: improved data is shared with public authorities collected individually initially.

2.

Single Data Entry: citizens are only required to enter their data, documents, and verifications once.

3.

Faster Registration: register and onboard new users (beneficiaries) more quickly into the networked systems.

4.

Data Quality: reducing manual data errors ensures decisions are uniformly based on the same data.

5.

Fraud Reduction: enhanced communication and standard data sharing enables earlier detection of fraud.

6.

Timelier Case Decisions: with complete data, the time to make decisions is reduced, minimizing call backs, and determining eligibility faster.

7.

Improve Citizen-to-Business Interaction with Government: improved communications through sharing of data between citizens and government.

8.

Improve Private Sector and Personal Interactions: improved communications through sharing of data between citizens and businesses.

9.

Improved Employee Satisfaction: improved efficiency saves employees from performing duplicate activities.

Three propositions (P1, P2, and P3) are offered that have the potential to transform interactions between citizens, government, and businesses. The identification of practical extensions to existing government information systems becomes a formable challenge within the traditional government ecosystem. A.

Utilizing distributed ledger technologies as a foundational technology stack for e-Government Interoperability Frameworks, entities such as Medicaid, Medicare, and CHIP will have proof beneficiaries are who they say they are (authentication) and proof that they have permission to do what they ask (authorization). The distribution of data across platforms will decrease fraud, lower improper payments, and streamline registration to deliver faster support to the most vulnerable citizens. Total improper payments for FY 2015 totaled $136.9 billion respectively with a remarkable $45 billion of the governmentwide improper payments in FY 2015 caused by insufficient documentation.33 A streamlined e-Government Interoperability Framework would remove the need for duplicate paperwork from beneficiaries who use multiple government services. An improvement of 5 percent ($2.25 billion) in improper payments would provide $500 per week, for a year in aid, to an additional 86,538 families. B.

Proposition 2: Protecting Critical Government Infrastructures and Data Assets to Improve Citizen Trust

The efficiency and utility of interoperable information systems require systems be connected and share data. Traditionally, routers, switches, and infrastructures were physically inside the perimeter of defense for government networks. However, with the internet of things (IoT), devices are rapidly moving to bridges, tunnels, energy installations, and railways. Therefore, the probably of attack and the risk of data loss is increasing. Distributed ledger technologies can ensure that critical infrastructure components have not been altered by monitoring the integrity of data and components of digitally accessible assets.

10. Expedited Eligibility Determination: the integrated digital framework allows for beneficiary decisions to be communicated by entities digitally, reducing manual processing. 11. Automate Processes Across Entities: reduce the need for manual intervention of processes. 12. Replace Paper Documents: the transition from paper documents and verifications to electronic documentations and verifications leading to more accurate and faster eligibility determinations.

In 2016, there were 1,093 total breaches, exposing 36,601,939 records across all industry sectors in the United States. Banking (52 breaches, 72,262 records), business (495 breaches, 5,669,711 records), education (98 breaches, 1,048,342 records), government (72 beaches, 13,942,053 records), and healthcare (376 breaches, 15,942,053 records) were impacted by data breaches. In total, government breaches accounted for 6.6 percent of total breaches, but 37.9 percent of records lost were due to unauthorized operators.34 35

Together the benefits of implementing an e-Government Interoperability Framework enhance the value for citizens, government, and businesses alike. X.

Proposition 1: Distributed Ledger Technologies Remove Duplicate Beneficiary Documentation and Verifications

RESEARCH PROPOSITIONS

The purpose of these propositions is not to theorize on conceptual possibilities based largely on anticipated outcome predictions, but rather to identify next generation areas of future work that are worthy of exploratory efforts. I developed these

Government Accountability Office. (2016). Financial Audit: U.S. Government’s Fiscal Years 2015 and 2014 Consolidated Financial Statements (p. 286). Retrieved from http://www.gao.gov/assets/680/675425.pdf 34 Identity Theft Resource Center. (2017). ITRC Data Breach Report: 2016 End of Year Report. Retrieved from http://www.idtheftcenter.org/images/breach/2016/DataBreachReport_2016.pdf 35 Nichol, P. B. (2017). How CIO’s prepare for tomorrow’s healthcare data breaches. Retrieved from http://www.cio.com/article/3152861/security/how-cios-prepare-fortomorrows-healthcare-data-breaches.html 33

8

C.

limitations require deeper exploration for integration into the eGovernment Interoperability Framework prior to widespread adoption.

Proposition 3: Seamless Registration for Government Healthcare

The Medicare, Medicaid, and CHIP average turnover was 25 percent when monthly enrollments were compared to the percent of the annual count. Medicare enrollment was 55,504,005 in 2015, and the Medicaid and CHIP enrollment has hovered around 74.407,191.36,37 Assuming a more conservative turnover rate of 20 percent, roughly 11.1 million Medicare beneficiaries and 14.8 million are determined eligible more than once per year. This results in government agencies processing duplicate paperwork, documents, and verifications.

1.

Design Technical Complexity: the sophistication and cost of designing interoperable systems

2.

National Center for Certifications and Digital Signatures, Certifying Authority: a central authority or distributed trust authority to establish system integrity.

3.

Competing Projects: in-flight competition from existing projects pulling against resources required to new initiatives.

4.

Trust Federation: a trust paradigm between entities that allows subscribers to use the same identification data to obtain access across the federation (group).

5.

Use of Open Standards: standards accessible by the public using a consensus driven process for development and maintenance.

6.

There are limitations to this conceptual analysis. First, the existing policy and regulatory landscape may restrict entity to entity contracting. Second, legal compliance to standards frameworks does not assure interoperability or proficiency. Third, data sharing among entities must be uniform.

Evolution of Cryptography: the maturation of the technology for codes and ciphers used to protect data.

7.

After agreement and entity to entity consensus are achieved, the following four challenges remain as the primary obstacles to adoption.

Loss or Compromise of Service’s Signature Creation Data: if the certificate authority or distributed trust authority is compromised, without distributed ledger technology, data could be altered.

8.

Unavailability of Services: web service disruption due to hardware, software, network or unplanned physical or virtual disruptions could impact the network of entities and their associated downstream services.

9.

Non-Confidential Public Data: adding undo controls to data that is not typically classified as restricted or sensitive.

The adoption of an e-Government Interoperability Framework, using distributed ledger technologies could reduce the cost of paper-intensive processes that result in improper payments, manual errors, and lost efficiency. The quasicentralized model has resulted in poor customer service and falls short of the personalized, real-time, and digital services, which citizens expect. Distributed ledger technology is changing business structures and will ultimately impact societal economics with the principles of distributed consensus, transparency, and open source standards. XI.

THEORETICAL AND REGULATORY IMPLICATIONS

1.

2.

3.

XII.

Regulatory Contract Hurdles: binding contractual agreements or at least broad consensus are required for alignment, and current legal policy may restrict interactions among government, citizens, and businesses. Standard Adherence: the alignment of standards does not guarantee interoperability as political, economic, technological, social, environmental, and legal forces impact the direction of government programs.

10. Expert Knowledge: the lack of expert knowledge of interoperability frameworks that do not require an overhaul of legacy systems. 11. PKI (Public Key Infrastructure) policy: the process of obtaining, storing, and retrieving public and private keys.

Uniform Data Sharing: the exchange of data attributes must be uniform, for example, units (e.g., metric versus imperial units), validity (e.g., retirement-related information is valid only if the age of the person is greater than 65), and time period (e.g., a policy may not apply if an event occurred during a certain period of time).38

12. e-Seal: qualified certificates ensure entity authenticity and acceptance in cross entity interactions. 13. Transfer of e-Services: an e-Service may be transferred in principle depending on the phase of its lifecycle: conceived, sponsored or funded, championed, designed, developed, deployed, owned, governed, operated, maintained, evolved or adapted.

LIMITATIONS AND DIRECTIONS FOR FUTURE WORK

First, this paper contributes to the advancement of eGovernment Interoperability Frameworks as a means to promote the reduction of waste, fraud, and abuse without impacting legacy systems. While I stand behind the vision of a unified government for the betterment of citizens, government, and business, I acknowledge that there are limitations. The following

14. Compromised Security: the risk to security infrastructure due to seemingly ubiquitous access to services.

36

Kaiser Family Foundation. (2015). Total Number of Medicare Beneficiaries. Retrieved from http://kff.org/medicare/state-indicator/total-medicare-beneficiaries/ Kaiser Family Foundation. (2016). Total Monthly Medicaid and CHIP Enrollment. Retrieved from http://kff.org/health-reform/state-indicator/total-monthly-medicaidand-chip-enrollment/ 38 Novakouski, M., & Lewis, G. A. (2012). Interoperability in the e-Government Context (p. 35). Carnegie Mellon University. Retrieved from www.sei.cmu.edu/reports/11tn014.pdf 37

9

15. Compromised Privacy: the risk to citizen, government, and business data loss resulting from seemingly ubiquitous access to services.

Framework), Finland (Palveluväylä), Brazil (e-PING), New Zealand (e-GIF or e-Government Interoperability Framework), Malaysia (MyGif or Malaysian Government Interoperability Framework), Kingdom of Saudi Arabia (Yesser Framework for Interoperability), Germany (SAGA or e-Government Applications framework), Europe (EU–EIF or EU–European Interoperability Framework), UK (UK eGIF or e-Government Interoperability Framework), Denmark (Offentlig Information Online catalogue), Netherlands (NORA or ederlandse Overheids Referentie Architectuur), and USA (Federal Enterprise Architecture).

16. e-Security: the protection against unauthorized use of electronic data. 17. Electronic Payment: payment for buying or selling value over the Internet. 18. Fiber Optic Cables and VPN Network: limitations on media for communication over the Internet to improve reliability, speed, and quality.

e-Government interoperability covers services across four layers (1) semantic (share meaning, context, process models), (2) syntactic (share formats, encodings, (3) logical (share messages, objectives transactions, sessions), and (4) technological (share wires, waveforms, bits, networks).40 This model can be further reduced to three layers: (1) user (perform semantically meaningful activities), (2) system (maintain sessions, translate data formats), and (3) connectivity (transmit and route bits reliably). The challenge is that interoperability for government entities involves more than government-to-government interoperability.

19. Innovation Training Center: an education for emerging technology being deployed in eGovernments. 20. Blockchain stacks: emerging and developing platforms that combine identities, network, routing, exchange, objects, files, naming and applications to form a complete distributed, peerto-peer self-certified filesystem. 21. Emergence of IPFS: IPFS or InterPlanetary File System is a peer-to-peer (P2P) distributed system that connects all networks using the same system of files and can be integrated into blockchain stacks to streamline asset transfer.

The scope of e-Government interoperability is not limited to G2G (Government-to-Government) interactions but extends to G2C (Government to Citizen), G2B (Government-to-Business), B2B (Business-to-Business), B2C (Business-to-Consumer), and C2C (Citizen-to-Citizen). This expanded scope implies that G2G systems should interact with each other, but G2C and G2B should also be interoperable for an interoperable government.

The proposal addressed how entities can interoperate using the seven foundational principles. However, further research is required in four areas: 1.

IPFS: The Impact of InterPlanetary File Systems (IPFS) on the Internet of Data Structures (IoDS).39

2.

Blockchain: The transformation effect blockchain as a foundational technology.

3.

aPaaS: Encapsulation of functionality by Application Platform as a Services (aPaaS) to ease adoption.

4.

Dapps: The role of decentralized applications (Dapps) to accelerate mainstream usage.

A major obstacle to the adoption of e-Government Interoperability Frameworks for government entities is the requirement for consensus among entities on one or more of the following 18 components of a robust interoperability framework: (1) Definitions, (2) Interoperability Policies and Principles, (3) Governance Policies and Models, (4) Compliance Criteria, (5) Legal and Legislative Considerations, (6) Architecture Advisement, (7) Infrastructure Components, (8) Data, (9) Metadata, (10) Semantics, (11) Relationships to Other Efforts, (12) Adoption or Implementation Advise and Best Practices, (13) Standardization Policies, (14) Technical Standards, (15) Process Models, (16) Measurement and Evaluation Framework, (17) Use Cases, and (18) Roadmap.41

of

For example, applying IPFS to store medical information could remove the need for provider-to-provider trust and eliminate providers as the single point of failure. The result would allow patients to access their medical records anytime and from anywhere.

e-Government Interoperability Frameworks, when combined with distributed ledger technologies, establish new foundational technologies that have the power to make existing intermediaries redundant.

These additional challenges must be solved to create an eGovernment Interoperability Framework that can support the United States’ government ecosystem. XIII.

I believe that an e-Government Interoperability Framework is required to reduce waste, fraud, and abuse.

CONCLUSION

Government entities can create interoperable services by introducing an e-Government Interoperability Framework with adoption by participating entities.

XIV.

ACKNOWLEDGEMENT

The author would like to acknowledge the contributions of numerous anonymous reviewers from Medicaid, Medicare, CHIP, and the blockchain community, who reviewed and commented on portions of this paper.

Several countries have already adopted interoperability standards: Estonia (EstIF or Estonian IT Interoperability Framework), Palestine (Zinnar or Palestinian Interoperability 39

Benet, J. (2014). IPFS - Content Addressed, Versioned, P2P File System (DRAFT 3). Retrieved from https://ipfs.io/ipfs/QmR7GSQM93Cx5eAg6a6yRzNde1FQv7uL6X1o4k7zrJa3LX/ipfs.draft3.pdf 40 Rothenberg, J., Botterman, M., & van Oranje-Nassau, C. (2008). Towards a Dutch Interoperability Framework: Recommendations to the Forum Standaardisatie. Retrieved from www.rand.org/content/dam/rand/pubs/technical.../RAND_TR552.pdf 41 Ibid.

10

XV.

Measurement (PERM). Retrieved from https://www.cms.gov/ResearchStatistics-Data-and-Systems/Monitoring-Programs/Medicaid-and-CHIPCompliance/PERM/index.html?redirect=/perm

ABOUT THE AUTHOR

Peter B. Nichol

[10] Payment Accuracy. (2017). FAQ – Payment Accuracy. Retrieved from https://paymentaccuracy.gov/faq/

Peter is a business and technology executive, recognized for Digital Innovation by CIO 100, MIT Sloan, Computerworld, and the Project Management Institute. As Managing Director at OROCA Innovations, Peter leads the CXO advisory services practice that drives digital strategies.

[11] Project On Government Oversight. (2016). Federal Improper Payments Are Significant, Costing Taxpayers Billions. Retrieved from http://www.pogo.org/our-work/reports/2016/introduction-to-improperpayments.html#title-what-are-improper-payments

Peter was honored as an MIT Sloan CIO Leadership Award Finalist in 2015 and is a regular contributor to CIO.com on innovation. As Head of Information Technology, Peter was responsible for Connecticut’s Health Insurance Exchange’s (HIX) industry-leading digital platform, which has transformed consumerism and retail-oriented services for the health insurance industry. Peter championed the Connecticut marketplace digital implementation with a transformational cloud-based SaaS platform and mobile application recognized as a 2014 PMI Project of the Year Award finalist, CIO 100, and awards for best digital services, API, and platform. He also received a lifetime achievement award for leadership and digital transformation and was honored as a 2016 Computerworld Premier 100 IT Leader.

[12] Office of Inspector General (OIG). (2017). Top Management and Performance Challenges. Retrieved from https://oig.hhs.gov/reports-andpublications/top-challenges/2016/ [13] Ibid. [14] Ibid. [15] Office of Inspector General (OIG). (2016). Medicare and Medicaid Program Integrity: Combatting Improper Payments and Ineligible Providers. Retrieved from https://oig.hhs.gov/testimony/docs/2016/maxwell-testimony05242016.pdf [16] Payment Accuracy. (2016). About Improper Payments. Retrieved from https://web.archive.org/web/20160201102842/https://paymentaccuracy.gov/abou t-improper-payments [17] Project On Government Oversight. (2016). Federal Improper Payments Are Significant, Costing Taxpayers Billions. Retrieved from http://www.pogo.org/our-work/reports/2016/introduction-to-improperpayments.html#title-what-are-improper-payments

Peter has a Bachelor of Science in Computer Information Systems from Bentley University and a Master in Business Administration from Quinnipiac University, where he graduated Summa Cum Laude. He earned his PMP® in 2001 and is a certified Six Sigma Master Black Belt, Certified SAFe Agilist, Certified SAFe Practitioner (SP), and Certified Scrum Master. XVI.

[18] Ibid. [19] Office of Inspector General (OIG). (2016). Medicare and Medicaid Program Integrity: Combatting Improper Payments and Ineligible Providers. Retrieved from https://oig.hhs.gov/testimony/docs/2016/maxwell-testimony05242016.pdf

REFERENCES

[1] U.S. Centers for Medicare &, & Medicaid Services. (2017). What’s Medicare? Retrieved from https://www.medicare.gov/sign-up-changeplans/decide-how-to-get-medicare/whats-medicare/what-is-medicare.html

[20] Novakouski, M., & Lewis, G. A. (2012). Interoperability in the eGovernment Context (p. 35). Carnegie Mellon University. Retrieved from www.sei.cmu.edu/reports/11tn014.pdf

[2] Ibid.

[21] Woo, T. & Lam, S. (1997). Authentication for distributed systems. In Internet besieged, Dorothy E. Denning and Peter J. Denning (Eds.). ACM Press/Addison-Wesley Publishing Co., New York, NY, USA 319-355.

[3] U.S. Centers for Medicare & Medicaid Services. (2017). Children’s Health Insurance Program (CHIP) Eligibility Requirements. Retrieved from https://www.healthcare.gov/medicaid-chip/childrens-health-insurance-program/

[22] European Commission. (2016). Trust Services and eID. Retrieved from https://ec.europa.eu/digital-single-market/en/trust-services-and-eid

[4] Murphy, P. (2010). Text - H.R.3393 - 111th Congress (2009-2010): Improper Payments Elimination and Recovery Act of 2010 [legislation]. Retrieved from https://www.congress.gov/bill/111th-congress/housebill/3393/text

[23] Truu, Ahto. (2010). Standards for Hash-Linking Base Time-Stamping Schemes. dspace.ut.ee/bitstream/10062/15188/1/Truu_Ahto.pdf. [24] Haber, S. & Stornetta, W. (1991). How to Time-Stamp a Digital Document. Journal of Cryptology 3, no. 2: 99–111.

[5] United States Government Accountability Office. (2016). Report to Congressional Committees June 2016 GAO-16-554: IMPROPER PAYMENTS CFO Act Agencies Need to Improve Efforts to Address Compliance Issues. Retrieved from http://www.gao.gov/assets/680/678154.pdf

[25] Haber, S. & Stornetta, W. (1997). Secure Names for Bi-Strings.” ACM: In CCS ’97: Proceedings of the 4th ACM Conference on Computer and Communications Security. 28–35.

[6] U.S. Department of Health & Human Services. (2017). FY 2017 Budget in Brief - CMS - Overview. Retrieved from https://www.hhs.gov/about/budget/fy2017/budget-in-brief/cms/index.html

[26] Truu, Ahto. (2010). Standards for Hash-Linking Base Time-Stamping Schemes. dspace.ut.ee/bitstream/10062/15188/1/Truu_Ahto.pdf.

[7] Centers for Medicare and Medicaid Services. (2015). Medicare Fee-ForService 2015 Improper Payments Report. Retrieved from https://www.cms.gov/Research-Statistics-Data-and-Systems/MonitoringPrograms/Medicare-FFS-CompliancePrograms/CERT/Downloads/MedicareFeeforService2015ImproperPaymentsRe port.pdf

[27] Nakamoto, S. (2008). Bitcoin: A Peer-to-Peer Electronic Cash System. Retrieved from https://bitcoin.org/bitcoin.pdf [28] Merkle, R. C. (1979). Secrecy, Authentication, and Public Key Systems (Ph.D. thesis). Stanford University. [29] Emmadi, N., & Narumanchi, H. (2016). Reinforcing Immutability of Permissioned Blockchains with Keyless Signatures’ Infrastructure (p. 6). Presented at the ACM: In Proceedings of the 18th International Conference on Distributed Computing and Networking (ICDCN ’17), New York, NY, USA. https://doi.org/https://doi.org/10.1145/3007748.3018280

[8] Payment Accuracy. (2017). FAQ – Payment Accuracy. Retrieved from https://paymentaccuracy.gov/faq/ [9] U.S. Centers for Medicare & Medicaid. (2017). Payment Error Rate

11

[30] Sulina, J. (2016). X-Road Web services migration adapter (p. 59). Helsinki Metropolia University of Applied Sciences. Retrieved from https://www.theseus.fi/bitstream/handle/10024/109218/Sulina_Julia.pdf [31] Ibid. [32] Casey, T., Valovirta, V., & Heino, I. (2016). Interoperability Environment for Smart Cities (InterCity) Report of Phase 1 – Current State. Retrieved from www.vtt.fi/sites/InterCity/en/Documents/InterCity_Report_Phase_1_FINAL.pd f [33] Government Accountability Office. (2016). Financial Audit: U.S. Government’s Fiscal Years 2015 and 2014 Consolidated Financial Statements (p. 286). Retrieved from http://www.gao.gov/assets/680/675425.pdf [34] Identity Theft Resource Center. (2017). ITRC Data Breach Report: 2016 End of Year Report. Retrieved from http://www.idtheftcenter.org/images/breach/2016/DataBreachReport_2016.pdf [35] Nichol, P. B. (2017). How CIO’s prepare for tomorrow’s healthcare data breaches. Retrieved from http://www.cio.com/article/3152861/security/howcios-prepare-for-tomorrows-healthcare-data-breaches.html [36] Kaiser Family Foundation. (2015). Total Number of Medicare Beneficiaries. Retrieved from http://kff.org/medicare/state-indicator/totalmedicare-beneficiaries/ [37] Kaiser Family Foundation. (2016). Total Monthly Medicaid and CHIP Enrollment. Retrieved from http://kff.org/health-reform/state-indicator/totalmonthly-medicaid-and-chip-enrollment/ [38] Novakouski, M., & Lewis, G. A. (2012). Interoperability in the eGovernment Context (p. 35). Carnegie Mellon University. Retrieved from www.sei.cmu.edu/reports/11tn014.pdf [39] Benet, J. (2014). IPFS - Content Addressed, Versioned, P2P File System (DRAFT 3). Retrieved from https://ipfs.io/ipfs/QmR7GSQM93Cx5eAg6a6yRzNde1FQv7uL6X1o4k7zrJa3 LX/ipfs.draft3.pdf [40] Rothenberg, J., Botterman, M., & van Oranje-Nassau, C. (2008). Towards a Dutch Interoperability Framework: Recommendations to the Forum Standaardisatie. Retrieved from www.rand.org/content/dam/rand/pubs/technical.../RAND_TR552.pdf [41] Ibid.

12