Digital/ Electronic Signatures for Medical Records

Healthcare organizations are increasingly relying on digital signatures (standard electronic signatures) for medical records as a way to improve patient safety, workflow inefficiencies, and cost concerns. Medical records digital signatures are a simple, effective means for recording and storing signatures while ensuring critical document authenticity and integrity.

Handwritten Signatures (Wet Ink)

A signature is a well accepted method for approving information and demonstrating its authenticity. Unsigned documents signal the process is incomplete or unauthorized. Where agreement or consent is required, an unsigned document indicates it has not been given.

Signatures on paper documents are simple to understand and execute. The signer is presented with the document, reads it, and if the content is complete, accurate and acceptable, signs the document. Once signed, the document can be copied, routed to other parties, stored in multiple locations and if additional original copies are needed, a notarized copy will usually suffice.

Applications

Patient Signatures

Physician Signatures

Employee Signatures

Corporate Signatures

Digital Signatures for Medical Records - Overcoming Barriers to Efficient Healthcare

Healthcare organizations collect hundreds of signatures a day. Whatever means is used to replace paper-based signatures, it must be simple to use and easy to understand. That’s why the prevailing trend for electronic signatures is the use of a graphical image of the signature and/or digital signatures

Although electronic and digital signatures sound the same, the two signature methods are very different and serve different purposes. A graphical image of the signature (graphical signature) is an identical image of a person’s handwritten signature. Graphical signatures have the advantage of being easy to capture, using any number of commercially available image signature pads. Graphical signatures are useful for many of the patient signatures that must be collected for informed consent, authorizations, admission enrollments, discharge instructions, healthcare directives, and generally any other type of electronic form.

This type of electronic signature is just a computer file which can be easily cut and pasted onto a number of documents and forms. This means it can be added to a document without the author's approval or knowledge. These signatures can create risk that the signature will be found invalid. In the case of many types of medical records electronic signatures, an invalid signature can have significant consequences. Contact us here to learn more about the differences between electronic signatures and digital signatures.

Properties of a Digital Signature

How about the properties of a digital signature? Digital signatures are commonly used to lock and seal the contents of a document. Digital signatures (sometimes referred to as advanced or secure electronic signatures) take the concept of the traditional paper-based signature into the digital realm, by adding a digital "fingerprint" as a signature to a document. This "fingerprint" is unique to both the document and the signer.

The properties of a digital signature are quite simple. A digital signature has the ability to uniquely bind the signer to the document's contents, ensuring data integrity and non-repudiation of the electronic transaction. Depending on the solution, any changes made to the document after it was signed are clearly indicated and invalidate the signature, thereby protecting against forgery.

How can we achieve the simplicity of hand signed paper documents for information maintained?

When patients' signatures are required, a concept similar to a witness signature can take place. The patient signs using the signature pad. The graphical signature is captured and pasted onto the document, then the signed document is counter signed by a physician, with the latter’s digital signature.

The advantage of this two step approach is the high-degree of certainty that a document, once signed, has not been changed. The document and patient's signature are fixed together and can not be separated without detection. The resulting signed document is a single file that can be readily stored digitally, copied, and distributed to others as needed for business purposes.

Computer Code Signatures

The early methods of electronic signatures have been primarily designed to authenticate the information maintained by a computer application. First used in the 1970s, these methods did not actually create a signature. Instead they required persons entering information to authenticate their identities by entering an assigned code. The application would only store the entered information, if the user’s application ID matched the code number.

Signature by a computer code, as Medicare refers to this method, is only acceptable if the person using the code signs a formal agreement, called an attestation. Providing it is agreed that the code will be interpreted as their “electronic signature”, kept secret and not used for any other purpose or under no circumstances used by anyone else. Most early electronic medical records systems still use the computer code method to authenticate electronic information.

Computer code signatures were reasonably acceptable for early electronic medical records systems but are not capable of meeting the requirements of modern healthcare business needs. Their major advantage in the 70’s has become their major disadvantage today. Since there is no actual signature, the authentication of the electronic information is strictly a function of how the application works and the security procedures used by the application owner to ensure that the information has not been changed or deleted. Effectively, this means that the information authenticity is not actually a function of the computer code signature.

Signature Requirements for Healthcare Applications

Today, health information is just as likely to be produced electronically as it is to be on paper. This means that information authenticity is a critical business property to ensure healthcare operations such as proper communication of patient information, physician orders, bills and payments and employment agreements. To meet these needs, signature technologists have defined the following set of properties regarding electronic signatures for medical records:

Uniqueness - The property that ensures that an individual’s electronic signature can be distinguished from that of any other person. Uniqueness is a core principle of any signature. Without uniqueness, a signature has no meaning. Its uniqueness ensures authorization, acceptance, or approval.

Persistence - The property of a digital signature that allows it to be retrieved and verified at any time in the future. Signature verification must be possible even after the original application has been migrated through major system upgrades. Persistence is particularly important for healthcare records that may have extensive retention periods. Retrospective billing audits, peer review data, patient authorizations and consents are highly dependent on persistence authenticity.

Transportability - The property of a digital signature that allows it to be communicated across networks to third parties. This property is necessary in situations where the receiving party has a requirement to validate a signature. For example, certain Medicare claims require documentation of a signed certificate of necessity. Without transportability, electronic documents can be created and communicated, but the signature does not travel with the document.

Independent Verifiability – This is the property of a digital signature that allows it to be verified by the recipient independently without reference to an application maintained by another party. This property is closely related to persistence and transportability. Without independent verifiability, signatures communicated to third parties have little use or meaning.

Integrity – This property of a digital signature ensures that any modification made to the contents of the document after it has been signed will cause the signature to be invalid or unverifiable. Like uniqueness, integrity is a core signature principle, without which a signature is meaningless. Many signature disputes arise over the principle of integrity. Signers don’t disclaim their signature; rather they maintain the document or information is different from that at the time they signed. Signature (or information) integrity is highly dependent on technical controls and security procedures.

Non-repudiation – The property of a digital signature that describes the ease with which a signer could falsely disclaim responsibility for the signed information. Non-repudiation is not yet a high priority for most electronic signatures for medical records. This is because common practice describes when signatures are required and business procedures are implemented to ensure that required signatures are collected. However, as more healthcare operations become automated, signatures will become a critical component of managing workflow and authenticating procedures.

Comparing Different Medical Records Electronic Signature Methods

Digital Signatures – The Best Practice Method for Sealing & Authenticating Electronic Documents®

Digital signatures are well recognized as the preferred method of sealing & authenticating electronic documents. That’s because they provide all the signature characteristics that a healthcare organization needs to replace its dependence on paper and handwritten signatures.

The value and benefits of digital signatures are promoted by a number of influential organizations. The American Bar Association endorses digital signatures and has published a comprehensive set of guidelines for authenticating documents using digital signatures. The federal government has standardized its use of digital signatures and now requires them for many types of electronic transactions. The Drug Enforcement Agency (DEA) has just released its draft regulations requiring the use of digital signatures for authenticating electronic prescriptions. The Veteran’s Health Administration digital signatures for integrity control over patient consents and forms. Standards for using digital signatures for healthcare purposes are already being published. There is an ASTM standard for using digital signatures to authenticate medical records and a DICOM standard under development for digitally signing radiological images.

The Power of CoSign®

CoSign is a simple to use and quick to deploy digital-signature solution from ARX. CoSign delivers an innovative solution for digitally signing documents, files, forms and transactions. It is designed to “sit” on the corporate network and operate as a signature service. This means that all the advanced technology is hidden from users. Whenever a signature is required, the user simply clicks the sign icon. The data file, document or form is sent to CoSign which identifies the individual’s signing key, adds the signer's graphical signatures, digitally signs the information and returns it back to the individual.

CoSign eliminates the overhead expenses typical with other solutions due to its unique centralized approach for generating, storing & managing private keys, built-in integration with the organization's existing User-Management-System and wide 3rd party application support. CoSign also supports high availability and high-volume batch signing offerings.

Click here to learn all about what CoSign has to offer.

“Digital signature technology generally surpasses paper in meeting the attributes necessary to authenticate a legal transaction.”
-- ABA Digital Signature Guidelines Tutorial

CoSign Delivers

Sealed documents – Locks documents and data against any changes including forging attacks while maintaining "business as usual" processes. Any changes made to the document are clearly indicated and invalidate the signature, thereby protecting against forgery, as each signature is uniquely linked to the signer.
Standardized signature method – CoSign uses industry standard Digital Signatures based on "Public Key Infrastructure" (PKI) technology for signing and validating signatures. Using these standards allows receiving parties to validate signatures without requiring additional software installation (in supporting applications).
Smart card-free solution - Eliminates the need and costs associated with Smart cards.
Quick ROI – Simplifies signature procedures and improves your user’s satisfaction.
Automate & Expedite Processes - Accelerate your transition to electronic records. As a result, increases employee efficiency and enhances patient service.

To acquire additional information on electronic signatures for medical records or medical records digital signatures, fill out the Contact Us Form or simply click on any of the Quick Links listed to discover a digital signature software solution that's right for you.