Medicare Record Authentication: Tips for Physicians

Published 12/11/2020

Medicare requires that health care providers ordering or documenting the medical necessity for items or services received by Medicare beneficiaries must be identifiable. The Comprehensive Error Rate Testing (CERT) contractor notes that the majority of CERT errors are related to inability to identify the author of a medical record. Medical record authorship is generally accomplished through a handwritten or electronic signature; however, when the author of a record is unclear, document(s) must be authenticated. With few exceptions, signature stamps are not acceptable, MLN Matters Article MM8219 (PDF). Signature logs or attestation statements are two acceptable methods to authenticate a record. This excludes orders and Certificates of Medical Necessity (CMNs).

Signature Logs 
Medicare contractors recommend that physicians consider preparing a single-page signature log or "key" to include when responding to requests for documentation. A signed and dated signature log identifies the author(s) associated with initials or "illegible" signatures within a set of medical records. When a physician’s office receives a request for copies of a beneficiary’s medical record, the signature log may then be included and returned to the requestor. This will help prevent follow-up contacts from suppliers and auditing entities for signature verification.

Attestation Statements
In some cases, a medical record or entry omits a legible identifier requiring the author to attest to the authenticity of the record. To be considered valid for Medicare medical review purposes, an attestation statement must be signed and dated by the author of the medical record entry and must contain sufficient information to identify the beneficiary. Should a provider choose to submit an attestation statement, they may choose to use the following statement:

"I, (print full name of the physician/practitioner), hereby attest that the medical record entry for (date of service) accurately reflects signatures/notations that I made in my capacity as (insert provider credentials, e.g., M.D.) when I treated/diagnosed the above listed Medicare beneficiary. I do hereby attest that this information is true, accurate and complete to the best of my knowledge and I understand that any falsification, omission, or concealment of material fact may subject me to administrative, civil, or criminal liability."

While this sample statement is an acceptable format, CMS is neither requiring nor instructing providers to use a certain form or format. The above format has not been approved by the Office of Management and Budget (OMB) and therefore it is not mandatory. Note that attestation statements are not valid for orders or CMNs where the author’s signature or initials are not authenticated. An overview of the key points of CMS’ signature requirements, including signature logs and attestation statements, can also be found in MLN Matters article MM6698 (PDF).

Electronic Signatures
Although CMS has not published formal regulations regarding electronic signatures, Medicare contractors recommend that an electronic signature be accompanied by a statement indicating that the signature was applied electronically. Some examples of electronic signature notations include:

  • Electronically signed by
  • Authenticated by  
  • Approved by
  • Completed by
  • Finalized by
  • Signed by
  • Validated by
  • Sealed by

Notations such as those listed above indicate to the reviewer that the author’s name, typically applied in typed format, was electronically signed.


Was this article helpful?