Digital Signatures are Just What the Doctor Ordered at SCDMH

Rick Widdifield isn't a doctor, but he knew an alternative procedure was necessary. As the Project Manager responsible for migrating the South Carolina Department of Mental Health's (SCDMH) workflow from paper to electronic, he is responsible for overhauling the workflow at 10 Community Mental Health Centers. A monumental enough task on its own, Widdifield's effort also needed to ensure organization-wide HIPAA compliance. Despite the weight of the undertaking, the project was a necessity with the cost and bottleneck complications created by generating 10,000 paper-based medical forms each day. Widdifield understood that successfully implementing such a massive change in the day-to-day business processes of a state-wide healthcare provider would require extensive research and a phased approach. He didn’t know it at the time, but his decision would end up saving SCDMH over $4 million in the first year of implementation.

SCDMH's transformation to an electronic workflow highlighted Widdifield's belief that such a change would significantly improve process efficiency by removing the barriers that a paper-based workflow presents in the time and costs associated with physically routing and archiving vast amounts of documentation. Widdifield understood that making the thousands of documents created each day electronic would accelerate business processes, eliminate paper-related costs (i.e., paper, printing, ink, scanning, faxing, routing, replacing lost documents and prolonged processing time), and reduce the amount of money and manpower invested in archiving the documentation.

The first phase Widdifield implemented in the procedural overhaul was the utilization of SCDMH's Cold Fusion-based web application. This application enabled the transformation from paper-based medical records to Electronic Medical Records (EMR) in PDF format. Widdifield realized, however, that producing EMRs didn't ensure that the documentation remained electronic. That required the implementation of a HIPAA-compliant electronic signing option, a key element for any healthcare entity utilizing EMRs. Without such a solution, Widdifield understood that the expedited process of SCDMH's newly established electronic procedures would essentially be lost by reintroducing paper documentation back into their workflow for signing purposes.

Once he decided that an electronic signature capacity was the ideal solution for SCDMH, Widdifield began studying the specific requirements that the organization would have for a signing solution. With documentation that traveled between the organization and its partners, any solution that the organization utilized had to be verifiable by external parties, anytime, without the need for proprietary plug-ins or software. The need for a solution that provided Public Key Infrastructure (PKI) [1] was also defined as a condition, as it complied with HIPAA requirements calling for document integrity (i.e., the certainty that a document has not been altered). This condition narrowed Widdifield's focus on digital signature solutions, the only form of electronic signature that is based on PKI technology.

The final component Widdifield defined was the need for the solution to be installed in a high availability capacity due to the critical time and sensitive nature of EMR's. Widdifield knew that such a design would provide redundancy and load balancing between multiple hardware appliances. He also understood that this feature would ensure the availability of the solution in case of any unforeseen technical problems.

The selection of the digital signature technology and vendor was the result of a formal and open RFP process handled by Widdifield. At the end of this process Widdifield decided to purchase and implement the CoSign® digital signature solution. Key factors in the selection of CoSign included CoSign’s Total Cost of Ownership, which was determined to be substantially lower than alternative digital signature approaches, and CoSign’s software development kit (SDK), which provided a Web service Signature API (SAPI®) that supports integration with SCDMH’s non-Windows based applications and servers. Moreover, CoSign is based on PKI technology, the only standard method capable of guaranteeing an electronic document has not been altered, satisfying Widdifield's HIPAA requirements.

The intuitive management of the CoSign solution and its ability to be incorporated into SCDMH's Cold Fusion application via SAPI were also significant factors in Widdifield's decision to deploy the CoSign digital signature solution. In order to provide a solution that addressed SCDMH's signing needs without limiting the medical staff's access to their digital signatures, Widdifield deployed CoSign in conjunction with numerous point of service signing pad locations (kiosks). Located near patient treatment areas, the kiosks integrated seamlessly with CoSign, allowing patients to easily place electronic signatures on EMRs. Once the patient's signature was captured, the medical professional could seal the signature and contents of the document with their own digital signature. CoSign was also installed in an auto-failover configuration, addressing the organization's requirement for a solution that was designed to handle the critical and time sensitive nature of the EMR's.

With over 1300 medical staff utilizing the CoSign digital signature solution as part of their overall electronic workflow, Widdifield's changes enabled SCDMH locations to eliminate the printing and signing of close to 10,000 documents each day, while maintaining full compliance with HIPAA Security Standard Regulations, and saving over $4 million in the first year of implementation.

In the SCDMH healthcare facilities currently using CoSign, the migration to a paperless workflow has reduced document processing time from days to seconds. In addition, Widdifield's integration of CoSign has been so successful that additional deployments have been requested throughout the organization. The environmental benefits of SCDMH's CoSign digital signature implementation are no less noteworthy, with SCDMH's use saving 650 trees, 975 barrels of oil, and reducing 195,000 pounds of carbon emissions each year.

"The vast amount of paper reduction the CoSign digital solution brought about can't be overstated in terms of how it advanced our workflow. As we move to implement CoSign at all facilities, we expect to eliminate printing more than 2,850,000 documents each year."

[1] The PKI technology in a digital signature is used to establish that the signatory is indeed responsible for the signature in the message and that the signer approves the content of the document. PKI technology is well established, with over 30 years of industry use, and is accepted as the only standard method capable of guaranteeing an electronic document has not been altered. Any changes made to the document after it is signed invalidate the digital signature, thereby protecting against forgery, ensuring non-repudiation, and securing the documentation.