180 likes | 344 Views
Electronic Submission of Medical Documentation (esMD) Digital Signature and Author of Record. Thursday, April 11 th , 2012 4:00 PM – 6:00 PM. Digital Signatures and Author of Record. Background Potential Uses Workflow Barriers Technology Requirements (Standards, including artifacts)
E N D
Electronic Submission of Medical Documentation (esMD)Digital Signature and Author of Record Thursday, April 11th, 2012 4:00 PM – 6:00 PM
Digital Signatures and Author of Record • Background • Potential Uses • Workflow Barriers • Technology Requirements (Standards, including artifacts) • Transactions to Support • Policy Issues • Timelines
Background • Digital certificates, identify proofing, cryptography, certificate authorities, … • Options for Identify proofing and certificate management • Current use of digital identities and certificates • Signature and assignment artifacts • Levels (original observation to entire records) of signing for Author of Record
Digital Signature and Author of Record • Multiple points of view . . .
Certificate Authority • A trusted authority • Responsible for creating the key pair, distributing the private key, publishing the public key and revoking the keys as necessary • The “Passport Office” of the Digital World
A Digital Certificate typically contains the: • Owner's public key • Owner's name • Expiration date of the public key • Name of the issuer (the CA that issued the Digital Certificate • Serial number of the Digital Certificate • Digital signature of the issuer The most widely accepted format for Digital Certificates is defined by the CCITT X.509 international standard; thus certificates can be read or written by any application complying with X.509.
Digital Certificates Storage • software tokens • browser certificate stores • hardware tokens (Smart Cards, USB Tokens)
Public Key Cryptography Complimentary Algorithms are used to encrypt and decrypt documents Encryption key @#@#@$$56455908283923542#$@$#%$%$^& Decryption key Unreadable Format
Public Key Infrastructure in Action Public Key Private Key Secure Transmission Encrypting Decrypting Signatures Decrypting Encrypting
Digital Signatures Private key Report Encryption Algorithm Digitally Signed An individual digitally signs a document using the private key component of his certificate.
Authentication and Verification The individual’s public key, published by the CA decrypts and verifies the digital signature. Public Key Decryption Algorithm Digitally Signed
Authentication and Verification Any changes made to the report will invalidate the signature Provides evidence of report integrity Provides proof of report originator’s identity - Authentication
Ensuring Trusted Electronic Transactions 1. PKI supports trusted electronic report transactions: • Authentication- authenticates the sender of a transaction or data set • Information Integrity- invalidates a transmission or data set if it has been tampered. • Non-repudiation- sender, transmission and data are authenticated- the sender cannot deny having sent the information
Background • Digital certificates, identify proofing, cryptography, certificate authorities, … • Options for Identify proofing and certificate management • Current use of digital identities and certificates • Signature and assignment artifacts • Levels (original observation to entire records) of signing for Author of Record
Background • Digital certificates, identify proofing, cryptography, certificate authorities, … • Options for Identify proofing and certificate management • Current use of digital identities and certificates • Signature and assignment artifacts • Levels (original observation to entire records) of signing for Author of Record
Author of Record • Solutions that can replace wet signatures to authorize the validity of document content on a patient’s medical record, and can work regardless of the format of the structured content of the record. • All content of a patients chart is considered in scope: The signature solution should work with any relevant document • Signature pertains to document entry made at time of service • On an interim basis, the signature may be applied at the time of document assemblage for transmission
Digital Signatures and Author of Record • Background • Potential Uses • Workflow Barriers • Technology Requirements (Standards, including artifacts) • Transactions to Support • Policy Issues • Timelines
What doesn’t exit and must be created, not just repurposed?