Livanta to Require Secure Messaging, Though Effective Date and Possible Waiver Pending 

Situation Report | September 28, 2020

Livanta, the Medicare Beneficiary and Family Centered Care Quality Improvement Organization for Medicare, recently sent notices to home care providers noting that, starting October 1, 2020, all medical records must be sent electronically via Direct Secure Messaging.

HCA communicated with Livanta and has been assured that this new requirement will not be effective October 1 and that Livanta will be issuing a provider bulletin in a few days with updates.

Livanta is currently working directly with CMS on a provider waiver process for organizations that cannot adopt direct secure messaging. As soon as Livanta has more information, it will send a notice or announcement. In the meantime, agencies can continue to send records to Livanta as they have in the past.

In its notice, Livanta states that “secure Direct Secure Messaging is not e-mail” and the requirements for Direct Secure Messaging mean that providers should not e-mail protected health information (PHI) to Livanta once Direct Secure Messaging is implemented. “Your organization must obtain Direct Secure Messaging credentials that support accredited Health Information Service Provider (HISP) protocols,” Livanta adds. “If necessary, please consult with your organization’s IT department or EMR vendor to determine how to comply.”

This requirement is part of a final U.S. Centers for Medicare and Medicaid Services (CMS) rule that was published September 18 and is effective October 1.

More information on this rule, which mostly covered acute care and long term care hospitals, is here.