Document Digital Signature

Summary

The Document Digital Signature (DSG) content profile specifies the use of digital signatures for documents that are shared between organizations.

Benefits

DSG provides a mechanism for using digital signatures.

Details

Electronic documents are being increasingly relied upon in healthcare. Signatures have been a part of the electronic documentation process in health care and have traditionally been indicators of accountability. Reliable exchange of data between disparate systems requires a standard that implements non-repudiation to prevent document creators from denying authorship and rejecting responsibility.

DSG is constrained to XDS. The document content profile can be used as a reference; however, its specifications are used in other contexts. Systems that do not use XDS can still work with their own methodologies, but those methods will not be covered in the document content profile portion of this supplement.

Other IHE clinical domains are encouraged to utilize the digital signature document described in the following document content profile to sign their clinical and administrative documents and use their defined message transfer or use of XDS. For example, Patient Care Coordination could create a patient care workflow that relies on signature or the sharing of patient consent documents.

The infrastructure to do the signing, verification, and identity management exists and is not defined in this document content profile. The specific Private Key Infrastructure (PKI) is not identified by this profile. Whichever infrastructure is selected shall adhere to ISO TS-17090 standards for PKI in healthcare.

The scope of this supplement is currently limited to by-reference signatures, where the signature is a reference to the whole document. This document content profile can be used by domains wanting to implement e-referral and e-prescription using signatures by-reference in XDS.

Other forms of signatures such as embedded signatures and partial XML signatures are out of scope for this document content profile. Eg: DICOM, PDF, Digitally signed report. An XDS Repository is not responsible to validate any signature documents it stores. Only Document Sources and Document Consumer Actors are responsible to produce and process document content.

Systems Affected

Systems involved in this profile are:

• EHR, EMR, HIE, HIO

Specification

Profile Status: Trial Implementation

Documents:

• Document Digital Signature (DSG) Trial Implementation Supplement

• Vol. 3 - Section 5.3

Underlying Standards:

• [ASTM-E1985] E1985-98 -- Standard guide for user authentication and authorization http://www.astm.org/cgi-bin/SoftCart.exe/DATABASE.CART/REDLINE_PAGES/E1985.htm?E+mystore
• [ASTM-E2212] ASTM E2212 – Standard Practice for Healthcare Certificate Policy http://www.astm.org/cgi-bin/SoftCart.exe/STORE/filtrexx40.cgi?U+mystore+odvl4256+-L+ASTM:E2212+/usr6/htdocs/astm.org/DATABASE.CART/REDLINE_PAGES/E2212.htm
• [ASTM-E1762-05]ASTM E1762-05 – Standard Guide for the Authentication of Health Care Information http://www.astm.org/cgi-bin/SoftCart.exe/STORE/filtrexx40.cgi?U+mystore+odvl4256+-L+ASTM:E1762+/usr6/htdocs/astm.org/DATABASE.CART/REDLINE_PAGES/E1762.htm
• [ASTM-E2084] ASTM E2084 – Standard Specification for the Authentication of Healthcare Information using Digital Signatures http://www.astm.org/cgi-bin/SoftCart.exe/STORE/filtrexx40.cgi?U+mystore+odvl4256+-L+ASTM:E2084+/usr6/htdocs/astm.org/DATABASE.CART/REDLINE_PAGES/E2084.htm
• [ISO17090 (1,2,3)] ISO/TS 17090 – Health Informatics Digital Signatures for Healthcare http://www.iso.org/iso/en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=35489&ICS1=35&ICS2=240&ICS3=80
• [ISO 21091]ISO/TS 21091- Health Informatics – Directory Services for Security, Communications, and Identification of Professionals and Patients http://www.iso.org/iso/en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=35647&scopelist=PROGRAMME
• [IETF RFC3280] IETF/RFC 3280 regarding X.509v3 PKIX Private Key Infrastructure RFC3280 http://www.faqs.org/rfcs/rfc3280.html
• [IETF RFC2633] IETF/RFC 2633 regarding S/MIME http://www.imc.org/rfc2633
• [DICOM 41] DICOM Supplement 41 ftp://medical.nema.org/medical/dicom/final/sup41_ft.pdf
• [DICOM 86] DICOM Supplement 86 ftp://medical.nema.org/medical/dicom/supps/sup86_lb.pdf
• [NCPDP] NCPDP prescription data coding, content, formatting and taxonomy http://www.ncpdp.org
• [HL7 CDA] HL7 CDA http://secure.cihi.ca/cihiweb/dispPage.jsp?cw_page=infostand_hl7doc_arch_e#cda
• [CEN ENV13607] Process flow guidance from CEN Pre-Standard ENV13607 - Health informatics http://www.centc251.org
• [WS-I] WS-I Basic Security Profile Version 1.0, working draft http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html
• [ETSI TS 201 733] ETSI TS 201 733 Sections C.3.1 and C.3.2; Electronic Signatures and Infrastructures and (ESI)Electronic Signature Formats http://webapp.etsi.org/WorkProgram/Report_WorkItem.asp?WKI_ID=8179&curItemNr=1&totalNrItems=1&optDisplay=10&qSORT=REFNB&qETSI_NUMBER=201+733&qINCLUDE_SUB_TB=True&qINCLUDE_MOVED_ON=&qSTOP_FLG=N&butExpertSearch=Search&includeNonActiveTB=FALSE&qREPORT_TYPE=SUMMARY
• [ETSI TS 101 903] ETSI TS 101 903: XML Advanced Electronic Signatures XadES http://www.w3.org/TR/XAdES/

See Also

Related Profiles

This page is based on the Profile Template