Electronic Submission of Medical Documentation (esMD)

Digital Signature and Author of Record Pre-Discovery

Wednesday May 2, 2012

1

Agenda for Pre-Discovery1. Schedule and objectives2. Scope of workgroup effort3. Review of initiative requirements4. Summary of initiative requirements

2

Schedule

3

Date Objective(s)

Wednesday, May 2nd, 2012, 10 AM (Week 1)

Identify the needs of other S&I initiatives, the community at large, and esMD

Wednesday, May 9th, 2012, 10 AM(Week 2)

Conduct a survey of options applicable to the identified needs from Week 1

Wednesday, May 16th, 2012, 10 AM(Week 3)

Identify implications and obstacles associated with the adoption of various approaches to digital authentication technologies

Specifically Invited ParticipantsInitiative Name

Query Health Richard ElmoreTransitions of CareTransitions of Care Mark BambergTransitions of Care Keith BooneTransitions of Care Peter GilbertLongitudinal Coordination of Care Victor PalliLongitudinal Coordination of Care Sue MitchellLongitudinal Coordination of Care Bill RussellLongitudinal Coordination of Care Terrence O'MalleyLongitudinal Coordination of Care Lawrence GarberLongitudinal Coordination of Care Leigh Ann CampbellData Segmentation for Privacy Johnathan Coleman

John DonnellyHL7/RM-ES Reed GelzerAHIMA/HL7 Michelle DoughertyHL7/IHE John MoehrkeONC Joy PrittsONC Jamie SkipperONC John FeikamaONC Scott Weinstein

4

Scope of workgroup effort1. Identity proofing2. Digital identity management 3. Encryption4. Digital signatures5. Delegation of Rights6. Author of Record

5

Identity Proofing1. Identity –A unique name of an individual person or legal entity.

Since the legal names of persons and entities are not necessarily unique, the identity of a person or entity must include sufficient additional information (for example an address and NPI number) to make the complete name unique

2. Identity Proofing –The process by which the credential issuer validates sufficient information to uniquely identify a person or entity applying for the credential.– Prove that the identity exists– Prove the applicant is entitled to that identity– Address the potential for fraudulent issuance of credentials based on

collusion

6

Digital Identity Management – Digital Certificate as an Example1. A trusted authority is responsible for creating the key pair, distributing the private key, publishing

the public key and revoking the keys as necessary. The “Passport Office” of the Digital World2. Certificate Contents

– Owner's public key – Owner's unique name – Expiration date of the public key – Name of the issuer (the CA that issued the Digital Certificate – Serial number of the Digital Certificate – Digital signature of the issuer

3. The most widely accepted format for Digital Certificates is defined by the CCITT X.509 international standard; thus certificates can be read or written by any application complying with X.509.

4. Typical “storage” for a digital certificate

– software tokens– browser certificate stores– hardware tokens (Smart Cards, USB Tokens)

7

1. In cryptography, encryption is the process of transforming information (referred to as plaintext) using an algorithm (called a cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key.

2. The result of the process is encrypted information (in cryptography, referred to as ciphertext).

3. The reverse process, i.e., to make the encrypted information readable again, is referred to as decryption (i.e., to make it unencrypted).

Encryption

8

Public Key Cryptography

@#@#@$$56455908283923542#$@$#%$%$^&

Encryption key

Decryption key Unreadable Format

Complimentary Algorithms are used to encrypt and decrypt documents

Public Key Private Key

Secure Transmission

Signatures

Decrypting

Encrypting

Encrypting

Decrypting

Ensuring Trusted Electronic Exchange

PKI supports trusted electronic exchange• Authentication- authenticates the sender of a

transaction or data set

• Information Integrity- invalidates a transmission or data set if it has been tampered.

• Non-repudiation- sender, transmission and data are authenticated- the sender cannot deny having sent the information

Artifact or Document Encryption Algorithm Digitally Signed

An individual digitally signs a document using the private key component of his certificate.

Digital Signatures

Private key

Authentication and Verification

The individual’s public key, published by the CA decrypts and verifies the digital signature.

Digitally Signed

Public KeyDecryption Algorithm

Delegation of Rights

1. The ability to delegate rights or authority to another to act in a specific capacity on behalf of the grantor of the right.

2. Digital artifact that includes the digital identity of the grantor, the digital identity of the grantee, the rights granted, duration of grant in a format that is verifiable by a third party for non-repudiation purposes.

3. Artifact and supporting public keys must be supported by relevant transactions and where necessary, document architectures

13

Author of Record1. Solutions that can replace wet signatures to authorize the

provenance of document content on a patient’s medical record, and can work regardless of the format of the structured content of the record.

2. All content of a patients chart is considered in scope: The signature solution should work with any relevant document

3. Signature pertains to document entry made at time of service

4. On an interim basis, the signature may be applied at the time of document assemblage for transmission

14

Initiatives and Requirements1. Longitudinal Coordination of Care2. esMD3. Data Segmentation for Privacy4. Direct Project5. Healthcare Directories6. Query Health7. Transitions of Care

15

Longitudinal Coordination of Care1. Need to capture digital authentication from multiple sources in an iterative

documentation process (i.e. the Home Health Plan of Care).2.  Digital authentication of a summary extract (i.e. Patient Assessment

Summary of the CMS Minimum Data Set).3. Identification for the provenance of the data elements:

a. At a minimum, the author of the document from which the elements were taken.

b. At the next level, the author of specific text sections such as prognosis, assessment of "concerns" and follow-up plan.

c. Finally, the ability to e-sign the document or subsection.4. The patient or Health Care Proxy (HCP) as the author of a Medical Orders

for Life-Sustaining Treatment (MOLST) 5. Distinguish between an author and a reconciler

16

Electronic Submission of Medical Documentation (esMD)1. Validate identities of providers (individuals and organizations), payers,

intermediaries, contractors, and agents.2. Ability to digitally delegate rights to a third party (proxy)3. Signature artifacts to verify identity of each participant in the registration

request or the submission of an electronic request for medical documentation (eMDR)

4. Encryption and signature of messages to ensure information integrity, authentication and non-repudiation.

5. Digital authentication of author of submitted documentation to ensure provenancea. Initially at the documentation set levelb. Over time at the individual document levelc. Ultimately for each author at the level of their contribution

17

Data Segmentation for PrivacyProvided during discussion:1. Need for identifying individual providers, healthcare

organizations, payers, etc2. Need to know the type of information available to share

1. Can only share specific information with specific parties3. Need to know the sending and receiving parties4. Handling depends on the type of information, where it came

from (i.e., substance abuse treatment facility), allowed recipients1. Example: Discharge documents from Betty Ford Clinic need to be

sent to ‘Dr. Bob’ at ‘Hospital X’2. Need to ensure that Dr. Bob is allowed to receive this information

and the content is not divulged to an unauthorized third party during the transaction

18

Direct Project1. Identity proofing of Address and Server owners2. Encryption for messages3. Signing for authentication of sending and receiving

entities (entities may be individuals or organizations)

19

Healthcare Directories1. Identity proofing of individual and organizations2. Identity proofing of addresses and servers3. Certificates and artifacts for both signing and encryption4. Delegation of Rights – depends on method used for

populating and attesting to individuals

20

Query HealthProvided during discussion:1. Identity validation (organizations and systems, not necessarily

individuals)2. Encryption of data to protect confidentiality3. Authorization of queries from specific organizations where

authors need to be identified, but not necessarily with multiple signatories

4. A Query Network DUA is established as an overlay on top of the technical platform, so digital authorship would play a hand in this process

21

Transitions of CareProvided during discussion:1. Validation of documents

1. Is this occurring in real time in actual production systems?1. Some vendors would validate every transaction at every entry

point, but others said this was too much work2. How many digital signatures may be applied to a document?3. What is the complexity of having multiple signatures in processing

a real-time message flow?4. How difficult or time consuming would it be to validate a transaction

to validate a document?5. What is the balance between how many signatures are applied?

1. If multiple people are signing different parts of the same document, at what point are considerations affecting the design of real systems taken into account?

22

Initiative Requirement SummaryInitiative Identify Proofing Signing Encryption Delegation

of RightsAuthor of

Record

Data Segmentation for Privacy Org/Individual Yes Yes Yes

Direct Project Address/Server Yes Yes

esMD (Electronic Submission of Medical Documentation) Org/Individual Yes Yes Yes Yes

Healthcare Directories Org/Individual Yes Yes

Longitudinal Coordination of Care Org/Individual Yes Yes Yes Yes

Query Health Org/Individual Yes Yes

Transitions of Care Org/Individual Yes Yes Yes

23

MandatoryOptional with consequencesOptionalFuture Uses