For the 2018 reporting period, the HL7 QRDA I , STU R4 implementation guide has the legalAuthenticator as a SHOULD in the "US Realm Header (V3)" section, but a SHALL in the "QRDA Category I Framework (V3)" section.

After reading through section 1.1.1.9 legalAuthenticator of the HL7 implementation guide and other related JIRAs here, we are still a little confused about how as a vendor we should be reporting the legalAuthenticator.

"Local policies MAY choose to delegate the function of legal authentication to a device or system that generates the clinical document. In these cases, the legal authenticator is a person accepting responsibility for the document, not the generating device or system.

Note that the legal authenticator, if present, must be a person."

This wording makes it sound optional to have a legal authenticator yet it is listed as a shall elsewhere in the document. If we as a vendor are doing the legal authentication should we be reporting our organization as the legal authenticator similar to how it is done in QRDA 3 as a representedOrganization in addition to naming a person within our organization?

Any clarification you can provide will be greatly appreciated. Thanks