Electronic Signatures. Ashley Cockerham Medical Radiation Safety Team



Similar documents
CoSign for 21CFR Part 11 Compliance

Department of Veterans Affairs VA DIRECTIVE 6510 VA IDENTITY AND ACCESS MANAGEMENT

Guidance for Industry Part 11, Electronic Records; Electronic Signatures Scope and Application

Identity Management for Interoperable Health Information Exchanges

Agency Information Collection Activities: REAL ID: Minimum Standards for Driver s

Electronic and Digital Signatures

DEPARTMENT OF VETERANS AFFAIRS VA DIRECTIVE 6517 CLOUD COMPUTING SERVICES

5 FAM 140 ACCEPTABILITY AND USE OF ELECTRONIC SIGNATURES

Incoming Letter. 01/10/1994 Final No Comments 8/18/00. 01/01/1994 Final No Comments 10/25/ /15/1994 Final No Comments 08/18/2000

U.S. Department of Energy Washington, D.C.

Eclipsys Sunrise Clinical Manager Enterprise Electronic Medical Record (SCM) and Title 21 Code of Federal Regulations Part 11 (21CFR11)

NRC REGULATORY ISSUE SUMMARY , REQUESTING QUALITY ASSURANCE PROGRAM APPROVAL RENEWALS ONLINE BY ELECTRONIC INFORMATION EXCHANGE

A Planning Guide for Electronic Prescriptions for Controlled Substances (EPCS)

HSPD-12 Homeland Security Presidential Directive #12 Overview

Signature Authentication

CoSign by ARX for PIV Cards

DEPARTMENTAL REGULATION

Information Technology Policy

Business Issues in the implementation of Digital signatures

Innovations in Digital Signature. Rethinking Digital Signatures

Article. Robust Signature Capture Using SigPlus Software. Copyright Topaz Systems Inc. All rights reserved.

Identity & Privacy Protection

Department of Veterans Affairs VA DIRECTIVE 6601 REMOVEABLE STORAGE MEDIA

rsdm and 21 CFR Part 11

IAEA Safety Standards for Regulatory Activities

No additional requirements to use the PIV I card for physical facility access have been identified.

OVERVIEW OF THE OPERATING REACTORS BUSINESS LINE. July 7, 2016 Michael Johnson Deputy Executive Director for Reactor and Preparedness Programs

GAO PERSONAL ID VERIFICATION. Agencies Should Set a Higher Priority on Using the Capabilities of Standardized Identification Cards

NOAA HSPD-12 PIV-II Implementation October 23, Who is responsible for implementation of HSPD-12 PIV-II?

Licensing Guidance for using the NRC FORM 313A Series of Forms January 2008

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006

Ubiquity of Security Compliance and Content Management

Plan Development Getting from Principles to Paper

Identity Management & Digital Signatures in the BioPharmaceutical Industry John Hendrix; Program Director CTST 2009

NIST s FIPS 201: Personal Identity Verification (PIV) of Federal Employees and Contractors Masaryk University in Brno Faculty of Informatics

APPENDIX B SUPPLEMENTAL INSPECTION PROGRAM A. OBJECTIVES AND PHILOSOPHY OF THE SUPPLEMENTAL INSPECTION PROGRAM

CMS Operational Policy for VPN Access to 3-Zone Admin and Development /Validation Segments

Digital Signatures The Law and Best Practices for Compliance. January 2014

Signature Requirements for the etmf

HIPAA for HIT and EHRs. Latest on Meaningful Use and EHR Certification: For Privacy and Security Professionals

LAB FORWARD. WITH PROService RMS TECHNOLOGY, ARCHITECTURE AND SECURITY INFORMATION FOR IT PROFESSIONALS

NRC Cyber Security Policy &

Announcing Approval of Federal Information Processing Standard (FIPS) Publication 201-2,

Health Insurance Portability and Accountability Act Enterprise Compliance Auditing & Reporting ECAR for HIPAA Technical Product Overview Whitepaper

Audio: This overview module contains an introduction, five lessons, and a conclusion.

eid Security Frank Cornelis Architect eid fedict All rights reserved

Department of Veteran Affairs. Fred Catoe Office of Cyber and Information Security AAIP Project Manager March 2004

ARE VA AREVA INC. August 31, 2015 NRC:15:035. U.S. Nuclear Regulatory Commission Document Control Desk Rockville Pike Rockville, MD 20852

FAST FILE TRANSFER INFORMATION ASSURANCE ASSESSMENT REPORT

Security Requirements for Spent Fuel Storage Systems 9264

Minimum Education Requirements for DoD Personnel Involved in Human Research Protection

Electronic Prescribing of Controlled Substances: Establishing a Secure, Auditable Chain of Trust

Briefing Outline. Overview of the CUI Program. CUI and IT Implementation

Securing MFPs in a CAC Environment: Today and Tomorrow Critical Considerations

[ P] AGENCY: Transportation Security Administration, DHS. SUMMARY: This notice announces that the Transportation Security Administration

Trends and solutions for archiving in pharmaceutical industry. Didier Coyman / Ömer Yilmaz

Assessment of Vaisala Veriteq vlog Validation System Compliance to 21 CFR Part 11 Requirements

Small Business Investment Company Financing Eligibility Statement for Usage of Energy Saving Debenture

Guidance for Industry

For Official Use Only (FOUO)

NRC s Uranium Recovery Inspection Program

University of Kentucky / UK HealthCare Policy and Procedure. Policy # A05-190

12/29/95 (Effective 12/1/95) - corrected 234 CMR - 25

Mobile OTPK Technology for Online Digital Signatures. Dec 15, 2015

PRIME IDENTITY MANAGEMENT CORE

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)

Go to and click on Create Job seeker Account under the Job seekers tab.

GAO ELECTRONIC GOVERNMENT ACT. Agencies Have Implemented Most Provisions, but Key Areas of Attention Remain

AUDITING TECHNIQUES TO ASSESS FRAUD RISKS IN ELECTRONIC HEALTH RECORDS

NSF AuthentX Identity Management System (IDMS) Privacy Impact Assessment. Version: 1.1 Date: 12/04/2006. National Science Foundation

ARC Outreach on HSPD 12 and Mandatory Use of ODIN

VASCO: Compliant Digital Identity Protection for Healthcare

January 12, Dear Amy Yang:

FDA Electronic Submissions Gateway (ESG) Presenter: Michael B. Fauntleroy Program Manager FDA ESG

Safeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST

NUCLEAR REGULATORY COMMISSION. [Docket No ; NRC ] Defense Logistics Agency; DLA Strategic Materials

NUCLEAR REGULATORY COMMISSION. [Docket Nos ; NRC ] Entergy Operations, Inc.; Waterford Steam Electric Station, Unit 3

RAPIDS Self Service User Guide

Using PIV Smart Cards on Linux for Authentication to Windows Active Directory

MDEP Generic Common Position No DICWG 02

REVENUE CYCLE MANAGEMENT (RCM) Bob Strickland Consultant R Strickland & Associates LLC

DEPARTMENT OF LICENSING AND REGULATORY AFFAIRS DIRECTOR S OFFICE BOARD OF PHYSICAL THERAPY GENERAL RULES

Transcription:

Electronic Signatures Ashley Cockerham Medical Radiation Safety Team

Summary of Issue More and more documents are developed and stored electronically NRC permits the use of electronic media to produce and store records that are inspected at the licensee s facilities 2

Summary of Issue (cont) 10 CFR Part 35 is silent on the topic of electronic signatures Documents that require signatures by specific individuals can be signed electronically 3

Summary of Issue (cont) Records licensees keep vs documents submitted to NRC Electronic signature vs digital signature http://www.nrc.gov/site-help/e-submittals/faqs.html 4

Medical Licensee Record Requirements 35.40(a), 35.40 (c) 35.80(a)(1) ) 35.2040 35.2080 35.2024(a); 35.2024(b) 35.2026 35.2632(b)(5) 35.2642(b)(9) 35.2643(b)(5) ) 35.2645(b)(9) 35.2647(a)(5) 35.2652(b)(4) 35.2655(b)(5) 5

NRC Considerations How do written signatures function? Unique identification Authentication ti ti Non-repudiation 6

NRC Considerations (cont) Other considerations for electronic signatures Data integrity assurance Individual signing must know he/she is signing Concise process: same individual that initiates, concludes Inspection 7

NRC Questions What standards for electronic signatures in medical records are in use or under development? How do these standards d address the principles of authentication, non-repudiation, data integrity, and access for inspection? Do these standards consider any additional key principles? 8

NRC Questions (cont) For software applications currently in use How does the licensee assure that the signature process is uniquely tied to the individual id whose signature is required? What provisions does the licensee use to inform persons electronically signing documents that they are entering their signature? 9

NRC Questions (cont) How does the licensee assure that the document being electronically signed cannot be changed after it is signed? How does the licensee assure that subsequent changes to the document require a new electronic signature and cannot overwrite the previous versions? 10

NRC Questions (cont) How does the license assure that the electronic signature process affixes the date and time to each electronic signature? How does the licensee assure that t electronically signed documents and all revisions to the documents are accessible for inspection? 11

NRC Questions (cont) How does the licensee assure that electronically signed documents and all revisions to the documents are retained for 3 years? Are any improvements needed for current commercially-available software applications to adequately meet existing standards and principles? 12

Summary of Comments Received 5 submissions from public Coordinate with other regulatory agencies and accreditation organizations for consistency and compatibility Concerns about unnecessary burdens on healthcare providers 13

Summary of Comments (cont) Accept electronic signatures if the issues raised by NRC are addressed and state laws do not prohibit actions. Recommend that NRC poll each state to determine if laws would prohibit any of the actions. 14

Summary of Comments (cont) Portable Document File (PDF) 10+ years Digital signing Prevent revisions Secure Globally accepted 15

Summary of Comments (cont) VA electronic health record system Proprietary electronic health record system in nuclear medicine and other applications Does not adhere to any specific standard Cannot be validated outside of VA s electronic health record VA moving away from system 16

Summary of Comments (cont) NIST FIPS 201 PIV cards Digitally sign documents using PKI Addresses authentication, non-repudiation, data integrity, and access for inspection 17

Request to ACMUI NRC is seeking information or a benchmark on current practices for the use of electronic signatures for medical records. NRC is seeking recommendations from the ACMUI on acceptable criteria for using electronic signatures. 18

Acronyms CFR Code of Federal Regulations FIPS Federal Information Processing Standards FR Federal Register NIST National Institute of Standards and Technology PIV - Personal Identity Verification PKI Public Key Infrastructure VA Department of Veterans Affairs 19

Questions? 20

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information