Electronic Submission of Medical Documentation (esmd) CDA Digital Signatures. January 8, 2013

Size: px
Start display at page:

Download "Electronic Submission of Medical Documentation (esmd) CDA Digital Signatures. January 8, 2013"

Transcription

1 Electronic Submission of Medical Documentation (esmd) CDA Digital Signatures January 8, 2013

2 Wet Signatures Standards and legal standing Standards are based on legal precedence Non-repudiation inherent in wet signature Audit requirement None Often requires an attestation to determine validity Timing of Signature Applied at any time (timing policy cannot be enforced) Fraud protection none Short of forensic evaluation of original signed document unable to determine when signing occurred

3 Electronic Signatures Standards and legal standing Standards are based on technology and legal precedence Currently there are no technically mature techniques that provide the security service of nonrepudiation in an open network environment, in the absence of trusted third parties, other than digital signaturebased techniques.(hhs) Audit requirement Require audit of signing system (e.g. EMR) installation, policies, and audit logs May require an attestation to determine validity Timing of Signature Record of time of signing Can be applied at any time timing determined by EHR Fraud protection None/Limited all required a physical audit and attestations

4 Digital Signatures Standards and legal standing International and US Federal standards Standards based on cryptography Audit requirement Audit required as part of identity proofing and certificate issuance Timing of Signature Time stamp on document is evidence of when signing occurred OCSP response is external evidence of timing and certificate validity Signature when document is complete Fraud protection Absolute assuming that PKI policies are followed

5 S&I Framework esmd emdr Overview Payer Entity Contractors / Intermediaries Payer Payer Internal System Provider Directories Registration Authority esmd UC 1: Provider Registration Includes Digital Signature esmd UC 2: Secure emdr Transmission Includes Digital Signature esmd AoR Level 1 Digital Signature on Bundle esmd AoR Level 2 Digital Signature on Document(s) Certificate Authority Provider Entity Agent Provider (Individual or Organization) User Story All Actors obtain and maintain a non-repudiation digital identity Provider registers for esmd (see UC1) Payer requests documentation (see UC2) Provider submits digitally signed document (bundle) to address request by payer Payer validates the digital credentials, signature artifacts and, where appropriate, delegation of rights If Documents are digitally signed, then payer validates document digital signature artifacts

6 General esmd Flow Transport Adapter In/Out Validate Signature and Integrity Transaction Processing DMZ for Payload Scan Application Databases 6

7 AoR -- Phased Scope of Work Level 1 Current Focus Digital signature on aggregated documents (bundle) Focus is on signing a bundle of documents prior to transmission to satisfy an emdr Define requirements for esmd UC 1 and UC 2 Signature Artifacts May assist with EHR Certification criteria in the future Level 2 - TBD Digital signature on an individual document Focus is on signing an individual document prior to sending or at the point of creation by providers Will inform EHR Certification criteria for signatures on patient documentation Level 3 - TBD Digital signature to allow traceability of individual contributions to a document Focus is on signing documents and individual contributions at the point of creation by providers Will inform EHR Certification criteria for one or multiple signatures on patient documentation 7

8 Definitions Identity (Proposed) A set of attributes that uniquely describe a person or legal entity within a given context. Identity Proofing (Proposed) The process by which a CSP and a Registration Authority (RA) collect and verify information about a person or legal entity for the purpose of issuing credentials to that person or legal entity. Digital Signature (NIST) The result of a cryptographic transformation of data that, when properly implemented, provides a mechanism for verifying origin authentication, data integrity and signatory non-repudiation. Data Integrity (NIST) Data integrity is a property whereby data has not been altered in an unauthorized manner since it was created, transmitted or stored. Alteration includes the insertion, deletion and substitution of data. Non-repudiation (NIST) Non-repudiation is a service that is used to provide assurance of the integrity and origin of data in such a way that the integrity and origin can be verified by a third party. This service prevents an entity from successfully denying involvement in a previous action. Delegation of Rights The ability to delegate rights or authority to another to act in a specific capacity on behalf of the grantor of the right. Must include the digital identity of the grantor, the digital identity of the grantee, the rights granted, duration of grant in a format that is usable in transaction and AoR signature events and is verifiable by a third party for non-repudiation purposes. 8

9 esmd Requirements Topics UC1: Registration UC2: emdr AoR L1 Bundle Identity Proofing Required Required Required Digital Credential Management Digital Signatures & Signature Artifacts Required Required Required Required Required Required Delegation of Rights* Situational Rarely Situational Characteristics of Solution Non-Repudiation Required Required Required Data Integrity Required Required Required * Required if the action of the responsible party is being represented by a third party

10 Sub-Workgroups 1. Identity Proofing Define required process for identity proofing of healthcare individuals and organizations for esmd Proof of identity requirements Allowed proofing processes 2. Digital Credentials Define required process for issuing and managing digital credentials for esmd Credential Life Cycle (issuance, maintenance and revocation) Credential uses (Identity, Signing, Proxy, Encryption, Data Integrity) Specific use credentials (e.g. Direct) 3. Signing and Delegation Define process, artifacts and standards for transaction and document bundle digital signatures and delegation of rights for esmd Signature and Delegation artifacts Workflow issues Delegation process Deliverables from all SWGs include: Statement of problem and assumptions Review of Standards Recommended standards Operational/Implementation Considerations Analysis of Gaps in standards and policy

11 11

12 electronic Determination of Coverage (edoc) Generic Workflow Patient Licensed Clinical Medical Professional (LCMP) [e.g. Physical Therapist} Physician Specialist / Service Provider Templates and Rules Payer 12

13 Author of Record Level 1 Digital signature on bundle of documents 1) Standards a) PKI: X.509v3 Signing Certificates (FBCA Medium) b) IHE DSG (XAdES) c) SAML Assertion for delegation of rights 2) Environment 1) Created as part of sending documents from provider to payer 2) Validated upon receipt 3) One signer (submitter) only for the full bundle of documents 4) Delegation of rights as required to support authorization chain 13

14 Author of Record Level 2 Requirements 1. Digital signature on documents for provenance (clinical and administrative) Meets requirement for encapsulated non-repudiation Note: electronic signature requires validation of system configuration and audit log review 2. Signature should be applied at time of document creation, modification, review (Administrative must be applied prior to claim submission) 3. Multiple signatures on same document 4. Certificate must be validated at time it is used (OCSP or CRL) 5. Support for validated delegation of rights assertion 6. Signature and delegation of rights must travel with document 7. Signature bound to signed document for life-time of document 8. Supports transition from unsigned to signed documents over time Example: Multiple signatures in a pdf document (decoupled from transport) 14

15 Provider with Signed Documents Document with embedded signature and delegation Accepted and stored by all regardless of AoR support Document Delegation Signature Signature and delegation only accepted by systems with AoR support May drop only signature and delegation or error on entire transaction 15

16 Signature on CDA Solution: Add signaturetext attribute to Participation occurrences for legalauthenticaor and authenticator in the CDA Header to hold Digital Signature and Delegations of Rights Assertion artifacts -- exclude these Participation occurrences from the calculated digest Structured Body CDA Document Header Authenticators and Digital Signatures Structured Body Text Entry Entry Entry Entry Text Entry Entry Entry Entry Unstructured Body CDA Document Header Authenticators and Digital Signatures Unstructured Body e.g. PDF 16

17 Implications of Digital Signatures Once signed, the content may not be altered without voiding the Digital Signatures Digital Signatures will not work on anything where the structure will be altered Must address individual contributions can do this through a combination of author participation declaration, signature role, and signature purpose

18 CDA Digital Signatures

19 C-CDA R2/R1.1 Document Templates 1. Continuity of Care Document 2. History and Physical 3. Consult Note 4. Discharge Summary 5. Diagnostic Imaging Report 6. Procedure Note 7. Operative Note 8. Progress Note 9. Unstructured Document 10. Care Plan (new) 11. Referral Note (new) 12. Transfer Summary (new) Note: Document Templates 1-8 were updated in R2 C-CDA R2 12 Document Templates 79 Templates 108 Entry Templates 1 PDF Document 1 C-CDA R1.1 9 Document Templates 60 Templates 66 Entry Templates 1 PDF Document 1 CDA R2 ~110 Templates ~200 Entry Templates 17 PDF Documents 19

20 C-CDA R2 Additional Attachment Templates 1. Complete Encounter 2. Complete Hospitalization 3. Complete Operative Note 4. Complete Procedure Note 5. Time Boxed New 5 Document Templates 4 Templates 4 Modified Templates 8 Entry Templates 20

21 CDA Digital Signatures

22 Document Encounter Documentation collected via EHR forms and templates and stored in the EHR Database CDA Document EHR Forms/Templates Header Structured Body Authenticators and Digital Signatures History and Physical Vital signs Orders / Treatment Visit Summary Text Entry Entry Entry Entry Text Entry Entry Entry Entry History of Present Illness Vital Signs Lab Orders/Results Text Entry Entry Entry Entry Allergies Medications Text Entry Entry Entry Entry EHR Database Textual reports Demographics 22

23 Prior to or at time of signing create CDA Create CDA Create CDA 1) May be structured (e.g. Operative Note) or unstructured 2) CDA sections and entries are populated or use appropriate nullflavor CDA Document EHR Forms/Templates Header Structured Body Authenticators and Digital Signatures History and Physical Vital signs Orders / Treatment Visit Summary Text Entry Entry Entry Entry Text Entry Entry Entry Entry History of Present Illness Vital Signs Lab Orders/Results Text Entry Entry Entry Entry Allergies Medications Text Entry Entry Entry Entry EHR Database Textual reports Demographics 23

24 Universal Time Long term validation Digest Signing Module Authenticate Write Signature Sign CDA Notes: 1) Signer may authenticate and then review/sign multiple documents at one session 2) Authentication via acceptable two factors -- something you know, something you hold, something you are (e.g. biometric), etc. CDA Document Header Structured Body Authenticators and Digital Signatures History and Physical EHR Forms/Templates Vital signs Orders / Treatment Visit Summary Text Entry Entry Entry Entry Text Entry Entry Entry Entry History of Present Illness Vital Signs Lab Orders/Results Text Entry Entry Entry Entry Allergies Medications Text Entry Entry Entry Entry EHR Database Textual reports Demographics 24

25 Physician Experience

26 Provider Setup for Digital Signatures 1) Individual provider supplies IDs and other information as part of credentialing or to a standalone Registration Authority (RA) 1) Registration Authority 2) 2) RA verifies credentials 3) Certificate Authority (CA) receives providers information from the RA 4) CA issues access information (e.g. hard token) to the individual provider 5) CA issues encrypted key to the signing application key store 4) 3) Certificate Authority 5) Provider Signing Application

27 Signing Process 1) C-CDA created for activity to be signed (system or on demand) 2) Signer views list of documents (C-CDAs) to be signed 3) Signer reviews documents and indicates ready for signature and where appropriate role and signature purpose (will most likely be defaulted based on signer) 4) Signer authenticates to Signing Application 5) Signer signs list of all reviewed and accepted documents Header CDA Document Structured Body Digital Signatures Text Entry Entry Entry Entry Text Entry Entry Entry Entry Text Entry Entry Entry Entry 1) 2) History and Physical 3) History of Present Illness Allergies Text Entry Entry Entry Entry EHR Database EHR Forms/Templates Vital signs Orders / Treatment Vital Signs Textual reports Visit Summary Lab Orders/Results Medications Demographics Patient Visit Date Document Role Purpose Rev Ready James, Sandy 8/15/2013 Complete CDA MD Legal Authenticator X X Stanford, John 8/14/2013 Procedure CDA MD Legal Authenticator Stanford, John Sign selected documents... 8/15/2013 Complete CDA MD Co-Signer 5) X X 4) Provider Signing Application 5)

28 HL7 Implementation Guide for CDA Release 2: Digital Signatures and Delegation of Rights, Release 1

29 HL7 Digital Signature IG Defines Use of signaturetext to store Digital Signatures Use of Digital Signatures and Delegation of Rights on a CDA Method to calculate the digest Digital Signature Artifacts Delegation of Rights Artifacts Role and Signature Purpose Validation of Signatures Text representation of Signatures

30 S&I Digital Signature IG

31 S&I Digital Signature IG X.509 v3 signing certificate requirements Identity Proofing Certificate Issuance and Management Certificate content Signing attestation and artifacts Use of Author Participation Use of Participant Use of Digital Signature Role Use of Digital Signature Signature Purpose Specific XAdES-X-L element content Delegation of Rights Appropriate Use Validation

Data Provenance. Functional Requirements Document: Developed in Response to the Data Provenance Task Force Recommendations. Version 1.

Data Provenance. Functional Requirements Document: Developed in Response to the Data Provenance Task Force Recommendations. Version 1. Data Provenance Functional Requirements Document: Developed in Response to the Data Provenance Task Force Recommendations Version 1.0 May 2015 Version History Version Revision Author Description of Change

More information

5 FAM 140 ACCEPTABILITY AND USE OF ELECTRONIC SIGNATURES

5 FAM 140 ACCEPTABILITY AND USE OF ELECTRONIC SIGNATURES 5 FAM 140 ACCEPTABILITY AND USE OF ELECTRONIC SIGNATURES 5 FAM 141 PURPOSE (CT-IM-112; 07-30-2010) (Office of Origin: IRM/OPS/ITI/SI/IIB) The purpose of this FAM chapter is to enable the Department to

More information

Patient Controlled Health Records Standards and Technical Track

Patient Controlled Health Records Standards and Technical Track Patient Controlled Health Records Standards and Technical Track Keith W. Boone Lead Interoperability System Designer - GE Healthcare Co-chair IHE Patient Care Coordination TC Member IHE IT Infrastructure

More information

Hospital Certified Electronic Health Record (EHR) Technology Questionnaire

Hospital Certified Electronic Health Record (EHR) Technology Questionnaire Page 1 of 10 Hospital Certified Electronic Health Record (EHR) Technology Questionnaire Thank you for taking time to complete this questionnaire. The Office of Inspector General (OIG) is conducting this

More information

Trustis FPS PKI Glossary of Terms

Trustis FPS PKI Glossary of Terms Trustis FPS PKI Glossary of Terms The following terminology shall have the definitions as given below: Activation Data Asymmetric Cryptosystem Authentication Certificate Certificate Authority (CA) Certificate

More information

Minnesota State Colleges and Universities System Guideline Chapter 5 Administration

Minnesota State Colleges and Universities System Guideline Chapter 5 Administration Minnesota State Colleges and Universities System Guideline Chapter 5 Administration Appropriate Use and Implementation of Electronic Part 1. Purpose. To establish requirements and responsibilities for

More information

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11) Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11) Executive Summary...3 Background...4 Internet Growth in the Pharmaceutical Industries...4 The Need for Security...4

More information

MEDITECH CUSTOMERS & THE OIG QUESTIONNAIRE

MEDITECH CUSTOMERS & THE OIG QUESTIONNAIRE MEDITECH CUSTOMERS & THE OIG QUESTIONNAIRE Hospitals that have received Medicare incentive payments for meaningful use of electronic health records have been asked by the Office of Inspector General of

More information

Your responses will be saved every time you click the NEXT button.

Your responses will be saved every time you click the NEXT button. Hospital Certified Electronic Health Record (EHR) Technology Questionnaire Thank you for taking time to complete this questionnaire The Office of Inspector General (OIG) is conducting this survey as part

More information

Certification Practice Statement

Certification Practice Statement FernUniversität in Hagen: Certification Authority (CA) Certification Practice Statement VERSION 1.1 Ralph Knoche 18.12.2009 Contents 1. Introduction... 4 1.1. Overview... 4 1.2. Scope of the Certification

More information

HEALTH INFORMATION TECHNOLOGY EXCHANGE OF CONNECTICUT

HEALTH INFORMATION TECHNOLOGY EXCHANGE OF CONNECTICUT HEALTH INFORMATION TECHNOLOGY EXCHANGE OF CONNECTICUT POLICY AND PROCEDURE 5 10 15 20 25 30 35 40 Policy Name/Subject: Policy Number: POLICY V1.0 2 Approval Date: 11-21-2011 Effective Date: 11-21- 2011

More information

Independent Accountants Report

Independent Accountants Report KPMG LLP 1601 Market Street Philadelphia, PA 19103-2499 Independent Accountants Report To the Management of Unisys Corporation: We have examined the assertion by the management of Unisys Corporation (

More information

NASH PKI Certificate for Healthcare Provider Organisations renewal confirmation

NASH PKI Certificate for Healthcare Provider Organisations renewal confirmation NASH PKI Certificate for Healthcare Provider Organisations renewal confirmation Please send your completed renewal confirmation to: Department of Human Services Fax number: 1800 890 698 Number of pages

More information

Public Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman

Public Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman Public Key Infrastructure PKI National Digital Certification Center Information Technology Authority Sultanate of Oman Agenda Objectives PKI Features etrust Components Government eservices Oman National

More information

Santa Cruz HIE Proposal for Demonstrating at California Connects 2014

Santa Cruz HIE Proposal for Demonstrating at California Connects 2014 Santa Cruz HIE Proposal for Demonstrating at California Connects 2014 Use this template to communicate critical information for each demonstration proposed for the 2014 California Connects Interoperability

More information

OpenHRE Security Architecture. (DRAFT v0.5)

OpenHRE Security Architecture. (DRAFT v0.5) OpenHRE Security Architecture (DRAFT v0.5) Table of Contents Introduction -----------------------------------------------------------------------------------------------------------------------2 Assumptions----------------------------------------------------------------------------------------------------------------------2

More information

EHR Business Process Models for Care Coordination and MU

EHR Business Process Models for Care Coordination and MU EHR Business Process Models for Care Coordination and MU OSEHRA 2014 Conference Bethesda, MD Dr. Aneel Advani SVP Healthcare, everis Group Assoc. Prof (Adj.), Johns Hopkins 2012, everis Spain, S.L. September

More information

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure 1.0 INTRODUCTION 1.1 Overview The Federal Reserve Banks operate a public key infrastructure (PKI) that manages

More information

Modified Stage Two Meaningful Use with Final Rule Quick Reference Guide

Modified Stage Two Meaningful Use with Final Rule Quick Reference Guide Modified Stage Two Meaningful Use 2015-2017 with Final Rule Quick Reference Guide To qualify for Stage 1 or 2, a provider must meet: 10 objectives, Including 2 consolidated public health measures Reporting

More information

CoSign for 21CFR Part 11 Compliance

CoSign for 21CFR Part 11 Compliance CoSign for 21CFR Part 11 Compliance 2 Electronic Signatures at Company XYZ Company XYZ operates in a regulated environment and is subject to compliance with numerous US government regulations governed

More information

Full Compliance Contents

Full Compliance Contents Full Compliance for and EU Annex 11 With the regulation support of Contents 1. Introduction 2 2. The regulations 2 3. FDA 3 Subpart B Electronic records 3 Subpart C Electronic Signatures 9 4. EU GMP Annex

More information

Server based signature service. Overview

Server based signature service. Overview 1(11) Server based signature service Overview Based on federated identity Swedish e-identification infrastructure 2(11) Table of contents 1 INTRODUCTION... 3 2 FUNCTIONAL... 4 3 SIGN SUPPORT SERVICE...

More information

Clinical Document Exchange Integration Guide - Outbound

Clinical Document Exchange Integration Guide - Outbound Clinical Document Exchange Integration Guide - Outbound Integrate your healthcare IT system with Practice Fusion s Electronic Health Record (EHR) System Table of Contents 1 Introduction... 2 2 Integration

More information

National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy. Version 1.1. February 2, 2016

National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy. Version 1.1. February 2, 2016 National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy Version 1.1 February 2, 2016 Copyright 2016, Georgia Tech Research Institute Table of Contents TABLE OF CONTENTS I 1 INTRODUCTION

More information

Protecting Networks and Data with Public Key Infrastructure (PKI)

Protecting Networks and Data with Public Key Infrastructure (PKI) Protecting Networks and Data with Public Key Infrastructure (PKI) MARK B. COOPER PRESIDENT & FOUNDER MARK@PKISOLUTIONS.COM WWW.PKISOLUTIONS.COM @PKISOLUTIONS What is PKI? Organizations need enhanced security

More information

Arkansas Department of Information Systems Arkansas Department of Finance and Administration

Arkansas Department of Information Systems Arkansas Department of Finance and Administration Arkansas Department of Information Systems Arkansas Department of Finance and Administration Title: Electronic Signature Standard Document Number: SS 70 011 Effective Date: Act 722 of 2007 requires state

More information

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions May 3, 2004 TABLE OF CONTENTS GENERAL PKI QUESTIONS... 1 1. What is PKI?...1 2. What functionality is provided by a

More information

A unique biometrics based identifier, such as a fingerprint, voice print, or a retinal scan; or

A unique biometrics based identifier, such as a fingerprint, voice print, or a retinal scan; or SBA Procedural Notice TO: All SBA Employees CONTROL NO.: 5000-1323 SUBJECT: Acceptance of Electronic Signatures in the 7(a) and 504 Loan Program EFFECTIVE: 10/21/14 The purpose of this Notice is to inform

More information

Department of Veterans Affairs VA DIRECTIVE 6510 VA IDENTITY AND ACCESS MANAGEMENT

Department of Veterans Affairs VA DIRECTIVE 6510 VA IDENTITY AND ACCESS MANAGEMENT Department of Veterans Affairs VA DIRECTIVE 6510 Washington, DC 20420 Transmittal Sheet VA IDENTITY AND ACCESS MANAGEMENT 1. REASON FOR ISSUE: This Directive defines the policy and responsibilities to

More information

AAP Meaningful Use: Certified EHR Technology Criteria

AAP Meaningful Use: Certified EHR Technology Criteria AAP Meaningful Use: Certified EHR Technology Criteria On July 13, 2010, the US Centers for Medicare and Medicaid Services (CMS) released a Final Rule establishing the criteria with which eligible pediatricians,

More information

SAFE Digital Signatures in PDF

SAFE Digital Signatures in PDF SAFE Digital Signatures in PDF Ed Chase Adobe Systems Digital Signatures in PDF Digital Signature Document Digital ID Doc Digest Signer s digital identity is bound to document Modifying document invalidates

More information

CREDENTIAL MANAGEMENT

CREDENTIAL MANAGEMENT CREDENTIAL MANAGEMENT Meeting the challenges of cyber and physical security threats is a necessity for the private and public sectors in the 21 st Century. With continually changing threats to security,

More information

Electronic Signature, Attestation, and Authorship

Electronic Signature, Attestation, and Authorship Electronic Signature, Attestation, and Authorship Appendix C: Electronic Signature Model Policy This template document is not intended for adoption as a substitute for a customized organizational policy

More information

170.314(e)(1) View, download, and transmit to 3rd party.

170.314(e)(1) View, download, and transmit to 3rd party. 170.314(e)(1) View, download, and transmit to 3rd party. i. EHR technology must provide patients (and their authorized representatives) with an online means to view, download, and transmit to a 3rd party

More information

uently Asked NextGen Questions Share Frequently Asked uently Asked Questions Frequently Asked FAQ Pre-General Release (April-June 2014)

uently Asked NextGen Questions Share Frequently Asked uently Asked Questions Frequently Asked FAQ Pre-General Release (April-June 2014) uestions Frequently Asked Questions Fre uestions Frequently Asked Questions Fre uestions FAQ Frequently Asked Questions Fre uestions Frequently Asked Questions Fre uestions Frequently Asked Questions Fre

More information

HKUST CA. Certification Practice Statement

HKUST CA. Certification Practice Statement HKUST CA Certification Practice Statement IN SUPPORT OF HKUST CA CERTIFICATION SERVICES Version : 2.1 Date : 12 November 2003 Prepared by : Information Technology Services Center Hong Kong University of

More information

Stage 2 Eligible Professional Meaningful Use Core Measures Measure 15 of 17 Last Updated: August, 2015

Stage 2 Eligible Professional Meaningful Use Core Measures Measure 15 of 17 Last Updated: August, 2015 Summary of Care Objective Measures Exclusion Table of Contents Definition of Terms Attestation Requirements Additional Information Certification and Standards Criteria Stage 2 Eligible Professional Meaningful

More information

Minnesota State Colleges and Universities System Procedures Chapter 5 Administration Procedures associated with Board Policy 5.22

Minnesota State Colleges and Universities System Procedures Chapter 5 Administration Procedures associated with Board Policy 5.22 Minnesota State Colleges and Universities System Procedures Chapter 5 Administration Procedures associated with Board Policy 5.22 5.25.1 Use of Electronic Part 1. Purpose. This procedure establishes requirements

More information

REGISTRATION AUTHORITY (RA) POLICY. Registration Authority (RA) Fulfillment Characteristics SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A.

REGISTRATION AUTHORITY (RA) POLICY. Registration Authority (RA) Fulfillment Characteristics SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A. REGISTRATION AUTHORITY (RA) POLICY Registration Authority (RA) Fulfillment Characteristics SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A. INDEX Contenido 1. LEGAL FRAMEWORK... 4 1.1. Legal Base...

More information

esign FAQ 1. What is the online esign Electronic Signature Service? 2. Where the esign Online Electronic Signature Service can be used?

esign FAQ 1. What is the online esign Electronic Signature Service? 2. Where the esign Online Electronic Signature Service can be used? esign FAQ 1. What is the online esign Electronic Signature Service? esign Electronic Signature Service is an innovative initiative for allowing easy, efficient, and secure signing of electronic documents

More information

nehta Commissioning Requirements for Secure Message Delivery Secure Messaging 19 December 2012 National E-Health Transition Authority

nehta Commissioning Requirements for Secure Message Delivery Secure Messaging 19 December 2012 National E-Health Transition Authority nehta Secure Messaging Commissioning Requirements for Secure Message Delivery 19 December 2012 National E-Health Transition Authority National E-Health Transition Authority Ltd Level 25 56 Pitt Street

More information

Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software

Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software WHITE PAPER: COMPARING TCO: SYMANTEC MANAGED PKI SERVICE........ VS..... ON-PREMISE........... SOFTWARE................. Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software

More information

Business Issues in the implementation of Digital signatures

Business Issues in the implementation of Digital signatures Business Issues in the implementation of Digital signatures Much has been said about e-commerce, the growth of e-business and its advantages. The statistics are overwhelming and the advantages are so enormous

More information

FALCON EPCS INTERNAL POLICIES AND PROCEDURES

FALCON EPCS INTERNAL POLICIES AND PROCEDURES FALCON EPCS INTERNAL POLICIES AND PROCEDURES Falcon Physician will be audited by a third party* before it is used to create, sign, transmit, or process controlled substance prescriptions to ensure that

More information

MEETING MEANINGFUL USE IN MICROMD -STAGE TWO- Presented by: Anna Mrvelj EMR Training Specialist

MEETING MEANINGFUL USE IN MICROMD -STAGE TWO- Presented by: Anna Mrvelj EMR Training Specialist MEETING MEANINGFUL USE IN MICROMD -STAGE TWO- Presented by: Anna Mrvelj EMR Training Specialist 1 Proposed Rule On April 15, 2015 CMS Issued a new proposal rule for the Medicare and Medicaid EHR Incentive

More information

Appendix F: HISPC ASP Use Case Policy Requirements Templates

Appendix F: HISPC ASP Use Case Policy Requirements Templates Appendix F: HISPC ASP Use Case Policy Requirements Templates Table of Contents HISPC ASP EHR Laboratory Results Use Case Policy Requirements Template for Participant Model States F-7 Part 1. Introduction...

More information

Electronic records and electronic signatures in the regulated environment of the pharmaceutical and medical device industries

Electronic records and electronic signatures in the regulated environment of the pharmaceutical and medical device industries White Paper No 01 I December 2010 Implementation of 21 CFR Part 11 in the epmotion Software Electronic records and electronic signatures in the regulated environment of the pharmaceutical and medical device

More information

How To Qualify For EHR Stimulus Funds Under

How To Qualify For EHR Stimulus Funds Under BEST PRACTICES: How To Qualify For EHR Stimulus Funds Under Meaningful Use & Certified EHR Technology The American Recovery and Reinvestment Act (ARRA) set aside early $20 billion in incentive payments

More information

Innovations in Digital Signature. Rethinking Digital Signatures

Innovations in Digital Signature. Rethinking Digital Signatures Innovations in Digital Signature Rethinking Digital Signatures Agenda 2 Rethinking the Digital Signature Benefits Implementation & cost issues A New Implementation Models Network-attached signature appliance

More information

Meaningful Use CPOE Administrator Training

Meaningful Use CPOE Administrator Training Meaningful Use CPOE Administrator Training 1 During the call please mute your line to reduce background noise. 2 Agenda Review of Meaningful Use Stage 2 Orders / Results Measures Demonstration of Orders/Results

More information

HKUST CA. Certification Practice Statement

HKUST CA. Certification Practice Statement HKUST CA Certification Practice Statement IN SUPPORT OF HKUST CA CERTIFICATION SERVICES Version : 1.1 Date : 3 March 2000 Prepared by : Information Technology Services Center Hong Kong University of Science

More information

ING Public Key Infrastructure Customer Certificate Policy. Version November 2015

ING Public Key Infrastructure Customer Certificate Policy. Version November 2015 ING Public Key Infrastructure Customer Certificate Policy Version 5.4 - November 2015 Colophon Commissioned by Additional copies Document version General Abstract Audience References ING PKI Policy Approval

More information

MicroMD EMR version 7.6

MicroMD EMR version 7.6 MicroMD EMR version 7.6 H I T E C H M E A S U R E C a l c u l a t i o n s MICROMD EMR HITECH MEASURE CALCULATIONS VERSION 7.6 TABLE OF CONTENTS PREFACE Welcome to MicroMD EMR... i How This Guide is Organized...

More information

Danske Bank Group Certificate Policy

Danske Bank Group Certificate Policy Document history Version Date Remarks 1.0 19-05-2011 finalized 1.01 15-11-2012 URL updated after web page restructuring. 2 Table of Contents 1. Introduction... 4 2. Policy administration... 4 2.1 Overview...

More information

Self-Assessment of eresearch Compliance with 21 CFR Part 11, Electronic Record; Electronic Signatures

Self-Assessment of eresearch Compliance with 21 CFR Part 11, Electronic Record; Electronic Signatures Self-Assessment of eresearch Compliance with 21 CFR Part 11, Electronic Record; Electronic Signatures Subpart A General Provisions Sec. 11.1 Scope. (a) The regulations in this part set forth the criteria

More information

The EP/eligible hospital has enabled this functionality

The EP/eligible hospital has enabled this functionality EMR Name/Model EMR Vendor Electronic Patient Charts American Medical Software Stage 1 objectives Use CPOE Use of CPOE for orders (any type) directly entered by authorizing provider (for example, MD, DO,

More information

Subject: Public Key Infrastructure: Examples of Risks and Internal Control Objectives Associated with Certification Authorities

Subject: Public Key Infrastructure: Examples of Risks and Internal Control Objectives Associated with Certification Authorities United States Government Accountability Office Washington, DC 20548 August 10, 2004 The Honorable Tom Davis Chairman, Committee on Government Reform House of Representatives Dear Mr. Chairman: Subject:

More information

2. Electronic Health Record EHR : is a medical record in digital format.

2. Electronic Health Record EHR : is a medical record in digital format. Policies of the University of North Texas Health Science Center Chapter 14 14.601 Electronic Health Record Policy UNT Health Policy Statement. The University of North Texas Health Science Center (UNTHSC)

More information

Oracle WebCenter Content

Oracle WebCenter Content Oracle WebCenter Content 21 CFR Part 11 Certification Kim Hutchings US Data Management Phone: 888-231-0816 Email: khutchings@usdatamanagement.com Introduction In May 2011, US Data Management (USDM) was

More information

Independent Accountants Report

Independent Accountants Report KPMG LLP 345 Park Avenue New York, NY 10154-0102 Independent Accountants Report To the Management of Unisys Corporation: We have examined the assertion by the management of Unisys Corporation (Unisys)

More information

Electronic Prescribing of Controlled Substances: Establishing a Secure, Auditable Chain of Trust

Electronic Prescribing of Controlled Substances: Establishing a Secure, Auditable Chain of Trust Electronic Prescribing of Controlled Substances: Establishing a Secure, Auditable Chain of Trust Imprivata Confirm ID and the DEA Interim Final Rule on EPCS Technology requirements to comply with the DEA

More information

Federal Reserve Banks Certification Authority (FR-CA) Certification Practice Statement

Federal Reserve Banks Certification Authority (FR-CA) Certification Practice Statement Certification Practice Statement 1.0 INTRODUCTION 1.1 OVERVIEW The Federal Reserve Banks ( FRBs ), utilizing Public Key Infrastructure ( PKI ) technology and operating as a Certification Authority ( FR-CA

More information

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But it s

More information

EMR Technology Checklist

EMR Technology Checklist Patient Accessibility/Scheduling/Account Maintenance: Able to interact with schedule through an online portal pre register VIP status to move patient to the front of the line Access and pre registration

More information

itrust Medical Records System: Requirements for Technical Safeguards

itrust Medical Records System: Requirements for Technical Safeguards itrust Medical Records System: Requirements for Technical Safeguards Physicians and healthcare practitioners use Electronic Health Records (EHR) systems to obtain, manage, and share patient information.

More information

Everything s Going Electronic, Including Your Prescription for Vicodin (But Not Likely Anytime Soon)

Everything s Going Electronic, Including Your Prescription for Vicodin (But Not Likely Anytime Soon) Everything s Going Electronic, Including Your Prescription for Vicodin (But Not Likely Anytime Soon) Article Date: Tuesday, December 07, 2010 Written By: Jennifer B. Markham Effective June 1, 2010, physicians

More information

May 21, 2010. Docket No. DEA-218. Dear Drug Enforcement Administration;

May 21, 2010. Docket No. DEA-218. Dear Drug Enforcement Administration; May 21, 2010 Drug Enforcement Administration Attention: DEA Federal Register Representative/ODL 8701 Morrissette Drive Springfield, VA 22152 dea.diversion.policy@usdoj.gov Re: Docket No. DEA-218 Dear Drug

More information

Ericsson Group Certificate Value Statement - 2013

Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 1 (23) Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 2 (23) Contents 1 Ericsson Certificate Value Statement... 3 2 Introduction... 3 2.1 Overview... 3 3 Contact information...

More information

Patient-Centric Secure-and-Privacy-Preserving Service-Oriented Architecture for Health Information Integration and Exchange

Patient-Centric Secure-and-Privacy-Preserving Service-Oriented Architecture for Health Information Integration and Exchange Patient-Centric Secure-and-Privacy-Preserving Service-Oriented Architecture for Health Information Integration and Exchange Mahmoud Awad and Larry Kerschberg Center for Health Information Technology George

More information

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006 Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates September 2006 Copyright 2006 Entrust. All rights reserved. www.entrust.com Entrust is a registered trademark

More information

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES Table of contents 1.0 SOFTWARE 1 2.0 HARDWARE 2 3.0 TECHNICAL COMPONENTS 2 3.1 KEY MANAGEMENT

More information

Record Lifecycle Event-Oriented Standards. Presentation to S&I DPROV Community Gary L. Dickinson 11 December 2014

Record Lifecycle Event-Oriented Standards. Presentation to S&I DPROV Community Gary L. Dickinson 11 December 2014 Record Lifecycle Event-Oriented Standards Presentation to S&I DPROV Community Gary L. Dickinson 11 December 2014 Approved in 2004 Foundational Standard ISO 21089 Trusted End-to-End Information Flows Reviewed

More information

21 CFR PART 11 ELECTRONIC RECORDS, ELECTRONIC SIGNATURES 21.11.2013. 21 CFR Part 11 Compliance PLA 2.1

21 CFR PART 11 ELECTRONIC RECORDS, ELECTRONIC SIGNATURES 21.11.2013. 21 CFR Part 11 Compliance PLA 2.1 21 CFR PART 11 ELECTRONIC RECORDS, ELECTRONIC SIGNATURES Compliance of PLA 2.1 21.11.2013 21 CFR Part 11 Compliance PLA 2.1 SEC. 11.2 IMPLEMENTATION. (a) For records required to be maintained but not submitted

More information

Information Security Basic Concepts

Information Security Basic Concepts Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,

More information

Brocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, 2002. Page 1

Brocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, 2002. Page 1 PKI Tutorial Jim Kleinsteiber February 6, 2002 Page 1 Outline Public Key Cryptography Refresher Course Public / Private Key Pair Public-Key Is it really yours? Digital Certificate Certificate Authority

More information

Exchanging Medical Records Online with Direct

Exchanging Medical Records Online with Direct Exchanging Medical Records Online with Direct Scott Rea, VP GOV/EDU Relations & Sr. PKI Architect, DigiCert, Inc. sales@digicert.com www.digicert.com +1 (801) 877-2100 Exchanging Medical Records Online

More information

DirectTrust Community X.509 Certificate Policy. Current Version: Version 1.2.1, 12/15/2014

DirectTrust Community X.509 Certificate Policy. Current Version: Version 1.2.1, 12/15/2014 Community X.509 Certificate Policy Current Version: Version 1.2.1, 12/15/2014 Consensus approved by WG on 10/17/2014. Approved by DirectTrust Policy Committee on 12/11/2014 Approved by DirectTrust Board

More information

DEA's New Proposed Regulations For E-Prescribing

DEA's New Proposed Regulations For E-Prescribing Portfolio Media, Inc. 648 Broadway, Suite 200 New York, NY 10012 www.law360.com Phone: +1 212 537 6331 Fax: +1 212 537 6371 customerservice@portfoliomedia.com DEA's New Proposed Regulations For E-Prescribing

More information

Procedure for How to Enroll for Digital Signature

Procedure for How to Enroll for Digital Signature Procedure for How to Enroll for Digital Signature In Online Processing System getting to implement Digital Signature and Electronic Token for security and Authentication Purpose. For that bidder must have

More information

esign Online Digital Signature Service

esign Online Digital Signature Service esign Online Digital Signature Service Government of India Ministry of Communications and Information Technology Department of Electronics and Information Technology Controller of Certifying Authorities

More information

ELECTRONIC DOCUMENTS A Board Interpretative Guideline

ELECTRONIC DOCUMENTS A Board Interpretative Guideline STATE OF WASHINGTON BOARD OF REGISTRATION FOR PROFESSIONAL ENGINEERS AND LAND SURVEYORS P.O BOX 9025 OLYMPIA, WASHINGTION 98507 June 30, 2015 ELECTRONIC DOCUMENTS A Board Interpretative Guideline To help

More information

Consolidated Clinical Data Architecture

Consolidated Clinical Data Architecture RESOURCE AND PATIENT MANAGEMENT SYSTEM Consolidated Clinical Data Architecture (BCCD) Version 1.0 Patch 1 Office of Information Technology Division of Information Technology Table of Contents 1.0 Introduction...

More information

The Continuity of Care Document. Changing the Landscape of Healthcare Information Exchange

The Continuity of Care Document. Changing the Landscape of Healthcare Information Exchange The Continuity of Care Document Changing the Landscape of Healthcare Information Exchange 1 Electronic Clinical Document Exchange Prior to the approval of the Continuity of Care Document (CCD) as an ANSI

More information

To start the pre-approval process, providers must fill out a short online survey, available at: https://www.surveymonkey.com/s/hrszft2.

To start the pre-approval process, providers must fill out a short online survey, available at: https://www.surveymonkey.com/s/hrszft2. Maryland Medicaid EHR Incentive Program Attestation Form for Eligible Providers to Meet Program Requirements Under the Certified Electronic Health Record (CEHRT) Flexibility Rule for Program Year 2014

More information

Tools to Aid in 21 CFR Part 11 Compliance with EZChrom Elite Chromatography Data System. White Paper. By Frank Tontala

Tools to Aid in 21 CFR Part 11 Compliance with EZChrom Elite Chromatography Data System. White Paper. By Frank Tontala Tools to Aid in 21 CFR Part 11 Compliance with EZChrom Elite Chromatography Data System White Paper By Frank Tontala Agilent Technologies Software & Informatics Life Sciences & Chemical Analysis Group

More information

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C Cunsheng Ding, HKUST Lecture 06: Public-Key Infrastructure Main Topics of this Lecture 1. Digital certificate 2. Certificate authority (CA) 3. Public key infrastructure (PKI) Page 1 Part I: Digital Certificates

More information

Compliance Matrix for 21 CFR Part 11: Electronic Records

Compliance Matrix for 21 CFR Part 11: Electronic Records Compliance Matrix for 21 CFR Part 11: Electronic Records Philip E. Plantz, PhD, Applications Manager David Kremer, Senior Software Engineer Application Note SL-AN-27 Revision A Provided By: Microtrac,

More information

Structured Data Capture (SDC) Trial Implementation

Structured Data Capture (SDC) Trial Implementation Integrating the Healthcare Enterprise 5 IHE Quality, Research, and Public Health Technical Framework Supplement 10 Structured Data Capture (SDC) 15 Trial Implementation 20 Date: October 27, 2015 Author:

More information

Title: Coding Documentation for IHS Affiliated Physician Practices

Title: Coding Documentation for IHS Affiliated Physician Practices Affiliated Physician Practices Effective Date: 11/03; Rev. 4/06, 7/08, 7/10 POLICY: IHS affiliated physician practices will code diagnoses utilizing the International Classification of Diseases, Ninth

More information

Identity: The Key to the Future of Healthcare

Identity: The Key to the Future of Healthcare Identity: The Key to the Future of Healthcare Chief Medical Officer Anakam Identity Services July 14, 2011 Why is Health Information Technology Critical? Avoids medical errors. Up to 98,000 avoidable hospital

More information

REPORT OF INDEPENDENT CERTIFIED PUBLIC ACCOUNTANTS

REPORT OF INDEPENDENT CERTIFIED PUBLIC ACCOUNTANTS REPORT OF INDEPENDENT CERTIFIED PUBLIC ACCOUNTANTS To the Management of Internet Security Research Group: We have examined the assertion by the management of the Internet Security Research Group ( ISRG

More information

Vidder PrecisionAccess

Vidder PrecisionAccess Vidder PrecisionAccess Security Architecture February 2016 910 E HAMILTON AVENUE. SUITE 410 CAMPBELL, CA 95008 P: 408.418.0440 F: 408.706.5590 WWW.VIDDER.COM Table of Contents I. Overview... 3 II. Components...

More information

14 million. 4th largest U.S. Who is HCSC 9/7/2015. Cultivating EDI into E-Solutions HEALTH DENTAL LIFE DISABILITY CONNECTIVITY PHARMACY HEALTH IT

14 million. 4th largest U.S. Who is HCSC 9/7/2015. Cultivating EDI into E-Solutions HEALTH DENTAL LIFE DISABILITY CONNECTIVITY PHARMACY HEALTH IT Cultivating EDI into E-Solutions HL7 Attachment Standards HL7 C-CDAr2 vs. CDP1 Blue Button Plus HL7 FHIR Durwin Day, Health Care Service Corporation September 14, 2015 1 Who is HCSC HEALTH DENTAL LIFE

More information

Terms of Service - YOUSIGN SAS - SIGN2 CA

Terms of Service - YOUSIGN SAS - SIGN2 CA Terms of Service - YOUSIGN SAS - SIGN2 CA 1- Introduction 1.1 General presentation This document defines the general conditions of use of the certificates issued in agreement with the digital signature

More information

U.S. FDA Title 21 CFR Part 11 Compliance Assessment of SAP Records Management

U.S. FDA Title 21 CFR Part 11 Compliance Assessment of SAP Records Management U.S. FDA Title 21 CFR Part 11 Compliance Assessment of SAP Records Management Disclaimer These materials are subject to change without notice. SAP AG s compliance analysis with respect to SAP software

More information

POLICY ISSUES IN E-COMMERCE APPLICATIONS: ELECTRONIC RECORD AND SIGNATURE COMPLIANCE FDA 21 CFR 11 ALPHATRUST PRONTO ENTERPRISE PLATFORM

POLICY ISSUES IN E-COMMERCE APPLICATIONS: ELECTRONIC RECORD AND SIGNATURE COMPLIANCE FDA 21 CFR 11 ALPHATRUST PRONTO ENTERPRISE PLATFORM W H I T E P A P E R POLICY ISSUES IN E-COMMERCE APPLICATIONS: ELECTRONIC RECORD AND SIGNATURE COMPLIANCE FDA 21 CFR 11 ALPHATRUST PRONTO ENTERPRISE PLATFORM This white paper is written for senior executives

More information

Structured Data Capture (SDC) Draft for Public Comment

Structured Data Capture (SDC) Draft for Public Comment Integrating the Healthcare Enterprise 5 IHE Quality, Research, and Public Health Technical Framework Supplement 10 Structured Data Capture (SDC) 15 Draft for Public Comment 20 Date: June 6, 2014 Author:

More information

1.1.1 Additional requirements for Trusted Root Issuer CAs Appropriate Certificate Usage Prohibited Certificate Usage...

1.1.1 Additional requirements for Trusted Root Issuer CAs Appropriate Certificate Usage Prohibited Certificate Usage... 1.1.1 Additional requirements for Trusted Root Issuer CAs... 10 1.3.1 Certification Authorities ( Issuer CAs )... 11 1.3.2 Registration Authorities... 11 1.3.3 Subscribers... 12 1.3.4 Relying Parties...

More information

Federal Reserve Certification Authority (FR-CA) Certification Practice Statement for United States Treasury Auctions

Federal Reserve Certification Authority (FR-CA) Certification Practice Statement for United States Treasury Auctions Federal Reserve Certification Authority (FR-CA) Certification Practice Statement for United States Treasury Auctions 1.0 INTRODUCTION 1.1 OVERVIEW The Federal Reserve Bank of New York ( FRBNY ) acts as

More information

Federal Public Key Infrastructure (FPKI) Compliance Audit Requirements

Federal Public Key Infrastructure (FPKI) Compliance Audit Requirements Federal Public Key Infrastructure (FPKI) Compliance Audit Requirements July 10, 2015 Version REVISION HISTORY TABLE Date Version Description Author 10/15/09 0.0.1 First Released Version CPWG Audit WG 11/18/09

More information