justin/new-site
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
new-site/docs/plans/Plan.md
justin e6a630ada1 healthcare: verify CMS-10114 update path, correct NPI Enumerator address, build CMS-10114 filler 
Verified firsthand against the live CMS-10114 (Rev. 02/25, OMB 0938-0931):
- Section 1A confirms paper is valid for Change of Information (#2) AND
  Reactivation (#4), not just initial enumeration. Resolves the UNCERTAIN flag.
- Current mailing address is CMS NPI Enumerator Services, Mail Stop DO-01-51,
  7500 Security Blvd, Baltimore MD 21244. The old Fargo PO Box 6059 is retired;
  corrected in mac_routing.NPI_ENUMERATOR + all docs.
- No electronic no-login equivalent exists for CMS (NPI Registry API is
  read-only; PECOS/NPPES-IA require login), unlike FMCSA's ask.fmcsa ticket form.
  So tiers stay: Standard=paper CMS-10114 (no login), Expedited=NPPES surrogate.

New: cms10114_pdf_filler.py fills the flat official form via text overlay
(reason checkbox + NPI + Section 2A identity + Section 4A cert name + signature
anchor); wired into npi_provider._generate_10114_for_signing for nppes-update.
Signed forms route to the NPI Enumerator via the existing daily batch.

Tests: test_cms10114.py 27/27, test_paper_batch.py 15/15, Astro build 58 pages.
2026-06-07 02:04:41 -05:00

164 lines
11 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Plan
Offer healthcare regulatory filings as a **two-tier model** (internal mechanics;
the "paper" alternative is NEVER surfaced to the client):
- **Standard service (default):** we handle the filing end-to-end. Client signs
ONE certification and we submit + track to confirmation. (Internally this is the
paper path — 855 to the MAC, CMS-10114 to the NPI Enumerator (Baltimore MD) — but we
never say "paper" to the client; it's just "we file it for you.")
- **Expedited (faster, framed positively at intake):** we ask if they can
**electronically grant us CMS I&A Surrogate access**. We position this as
*reducing the number of steps on our end so we can bulk-file faster* — never as
"the alternative is paper." If yes, we file online same-day. If no, we silently
fall back to Standard. Same price either way; surrogacy is a delegation, not
password sharing.
This pass verifies the no-login paper path per service, reconciles the doc/code
contradiction, and makes "standard = paper / expedited = surrogate" consistent
everywhere it's surfaced.
## Goal
Every healthcare service (federal sold + state/adjacent to add) has a verified
**Standard (paper, no-login)** path and, where a CMS/portal exists, an
**Expedited (surrogate/delegated)** upsell. No surface should ever present
surrogate as *required* when a paper path exists; paper is always the default.
## Scope / affected areas
- `api/src/routes/checkout.ts` (~L2155-2207) — already has the two-tier copy, BUT
treats NPPES update/reactivation as **"online-only, surrogate required"** with
NO standard fallback (`NPPES_ONLY_SLUGS`, `hasNppesOnly`). The directive says:
give those a Standard paper path too (CMS-10114 to NPI Enumerator (Baltimore MD)) and make surrogate the
*expedited* option, not the only option.
- `scripts/workers/services/npi_provider.py``access` strings call NPPES
update/reactivation "NPPES via CMS I&A surrogate access (online-only)". Must
become "Standard: CMS-10114 paper to NPI Enumerator (Baltimore MD), client signs;
Expedited: NPPES via I&A surrogate." Also `_STANDARD_FILING_SLUGS` currently
excludes `nppes-update` (it has no 855) — needs a CMS-10114 paper path instead.
- `scripts/document_gen/templates/cms855_pdf_filler.py` — working 855 paper path
(fills 855I/B/O/A + cert-page signature anchor). **Gap:** no CMS-10114 filler
for the NPPES standard path → likely a small new `cms10114_pdf_filler.py`.
- `docs/healthcare-no-login-value-add.md` — already documents the CMS-10114 paper
path; promote it to the canonical "Standard vs Expedited" matrix.
- `site/src/pages/services/healthcare/{npi-revalidation,medicare-enrollment}.astro`
— already describe expedited/surrogate; npi-reactivation/nppes-update order
pages need the same two-tier framing.
- `site/src/components/intake/steps/NpiIntakeStep.astro` + intake manifest — add
the surrogate-access question framed positively: "Can you electronically grant
us CMS I&A Surrogate access? It lets us bulk-file faster and cuts steps on our
end." Optional; declining is fine and never mentions paper. The captured answer
routes fulfillment internally (surrogate vs our Standard path).
- `docs/state-healthcare-compliance-opportunities.md` + `new-sector-compliance-
targets.md` — extend the two-tier classification to state/adjacent services.
Out of scope this pass: building the actual surrogate Playwright automation
(expedited fulfillment can stay human-in-PECOS for now), email-stream machinery,
pricing changes.
## Approach (concrete ordered steps)
1. **Confirm the CMS-10114 paper path** for NPPES data updates AND NPI
reactivation (not just initial enumeration): paper CMS-10114 mailed to NPI
Enumerator (Baltimore MD), client signature only, no I&A login.
Cite the official source. This is what makes NPPES services "Standard, no
login" instead of surrogate-required. (We currently have no CMS-10114 PDF.)
2. **Lock the two-tier matrix for the 6 federal services.** For each slug record:
Standard path (form, mail destination, client's only action = sign / nothing),
Expedited path (surrogate scope: PECOS and/or NPPES; what client grants),
and whether expedited is even applicable (screening = public, no portal, so
no expedited tier). Confirm the 855 wet-signature-cannot-be-delegated caveat
applies to Standard; surrogate covers Expedited.
3. **Reconcile checkout.ts.** Plan the edit so:
- NPPES update/reactivation no longer present surrogate as *required* — remove
the "online-only / required for those" language.
- The surrogate ask is framed as the **faster, fewer-steps** option, never
against a "paper" alternative. Audit/strip the existing copy that leaks
mechanics to the client (e.g. "we'll send your CMS-855 to sign", "submit it
to your MAC") — replace with neutral "we file it and track it for you."
- Declining surrogate silently routes to our Standard path; no client-facing
mention of paper/MAC/Fargo/form numbers.
4. **Reconcile npi_provider.py.** Update `access` strings + `_STANDARD_FILING_SLUGS`
so nppes-update/reactivation generate the CMS-10114 (or 855 reactivation)
paper + e-sign, and the admin todo reflects Standard-default / Expedited-if-
surrogate-granted. Mirror the existing 855 generate→upload→esign flow.
5. **MAC + Fargo routing rule.** Document which Standard filings go where
(855 → provider's MAC by state/jurisdiction; CMS-10114 → NPI Enumerator (Baltimore MD)). Confirm
`practice_state` intake field drives MAC envelope addressing.
7. **Daily batched-mail fulfillment (Standard path).** Design the operational
flow for paper filings that are signed + pending submission:
- On each **postal working day morning** (skip weekends + federal/USPS
holidays), gather ALL signed-and-pending paper filings, **group by
destination agency/address** (each MAC, the NPI Enumerator (Baltimore MD), each
state Medicaid/CLIA agency).
- For each destination, **merge all that day's documents into one print job**
plus a **cover sheet** (Performance West sender, destination agency, date,
enclosed-count, per-item list of order# / provider / NPI / form). One
**Priority Mail envelope per agency** → saves postage + handling.
- Mark each included order as "mailed" with the batch date + tracking #.
- Build this as a worker (a `daily_paper_batch` job + a cover-sheet generator
in document_gen), mirroring existing worker/cron patterns
(`infra/cron/*`, `business_days.py` for the working-day calendar). Decide:
fully-automated print-to-PDF batch that a human prints + drops, vs.
print-API (Lob/Click2Mail) auto-mail. **Recommend phase 1 = generate the
per-agency batched PDF + cover sheet + manifest for a human to print & mail;
phase 2 = wire a print-mail API.**
8. **Extend two-tier to state/adjacent services.** For each (State Medicaid
enroll/reval, CAQH re-attest, payer credentialing, DEA renewal, state CSR,
PDMP, CLIA, license renewal+CME) classify:
- **Standard (no-login):** paper/mail-in form + one client signature?
(e.g. CLIA = CMS-116 paper to state; Medicaid varies — some paper.) These
feed the same daily batched-mail flow, grouped by their state agency.
- **Expedited (delegated):** the lightest legitimate delegation that avoids a
client *login* — e.g. CAQH "authorized administrator/org" grant, Medicaid
"delegated official" on the app, payer EDI/CAQH attestation rights, an LOA.
Distinguish "client signs one authorization once" (acceptable, still
no-login) from "client must log in / share credentials" (never).
- Flag services that are genuinely portal-only with NO paper standard so
marketing never claims "no logins" for them.
9. **Sequence the rollout** by (Standard-feasibility first) × revenue, and write
the two doc updates + the small code edits (checkout.ts, npi_provider.py,
optional cms10114_pdf_filler.py, and the daily batch worker + cover sheet).
All gated on approval.
## Validation (how each part is verified)
- **Source-grounded:** every Standard (paper) and Expedited (delegation) claim
cites the official instruction (CMS-855 instr, CMS-10114 instr, CMS-116 for
CLIA, state Medicaid enrollment page, CAQH/payer docs). No unsourced claim.
- **Consistency sweep:** after edits, `grep` for "online-only" / "required" /
"surrogate" / "no login" across checkout.ts, npi_provider.py, and the service
pages — confirm none present surrogate as *required* where a paper path exists,
and Standard is the default on every surface.
- **Standard path mechanism check:** `cms855_pdf_filler.fill_cms855("855i",...)`
still yields filled PDF + cert anchor (read-only smoke render). If CMS-10114
filler is built, same smoke render proves a signable Baltimore-bound PDF.
- **Expedited path check:** confirm the surrogate-grant CTA + `ia_surrogacy`
success action + admin todo together let a human file in PECOS/NPPES same-day;
surrogate scope wording matches what CMS I&A actually grants (PECOS vs NPPES).
- **Matrix completeness:** every service (federal + state) has Standard + (where
applicable) Expedited rows with a definite client-action column and source;
no "unknown" and no service that's portal-only-but-marketed-as-no-login.
## Open questions / decisions
1. **NPPES update/reactivation Standard path:** ✅ RESOLVED — CMS-10114 paper IS
accepted for *changes AND reactivation* (verified against CMS-10114 Rev. 02/25,
Section 1A boxes #2 Change / #4 Reactivation). Mailing address is the NPI
Enumerator in **Baltimore MD** (the old Fargo PO Box 6059 is retired). Both
nppes-update and npi-reactivation are Standard-default + surrogate-expedited.
2. **Build `cms10114_pdf_filler.py` this pass?** Needed for a real NPPES Standard
path. Recommend: yes if step 1 confirms paper, mirroring the 855 filler;
otherwise defer.
3. **State Medicaid scope:** classify the mechanism generically + verify top ~5
states by our lead density now; template the rest. (50-state research is a
separate effort.)
4. **CAQH / payer credentialing tier:** almost certainly Expedited = "client
signs one authorization, no login" (category C). Confirm we market that as
"no logins for you" with precise wording.
5. **Expedited pricing/positioning:** RESOLVED — expedited is **not** a paid
tier and we never expose "paper" as the alternative. It's an intake question
framed positively ("electronically granting surrogate access lets us bulk-file
faster / fewer steps on our end"). If yes → online; if no → silent Standard
fallback. Same price. No price delta, no separate product, no mention of paper.
6. **Client-facing messaging rule:** never surface mechanics to the client —
no "paper", "CMS-855", "CMS-10114", "MAC", or "Fargo" in any client copy
(cold email, order page, checkout, intake). The only client-visible choice is
the positive surrogate question; everything else is "we file it for you." This
applies to the checkout copy audit in step 3.
Reference in a new issue View git blame Copy permalink