Reminder: Do not include any PHI or PII in Confluence. If you require 508 accessibility assistance or any other support for this system, then please send an email to onc-jira-questions@healthit.gov
Overview
CMS is collaborating with DHHS Office of the National Coordinator for Health IT (ONC) to develop a method to replace wet signatures with digital signatures for medical documents and transactions. Through working with the Standards and Interoperability (S&I) Framework, CMS has identified requirements within the following major topics for Author of Record (AoR):
Identity Proofing
Digital Credential Management
Digital Signatures & Signature Artifacts
Delegation of Rights
These topics are focused on meeting requirements for signature non-repudiation and data integrity.
The Author of Record pilots are focused on four different types of signatures:
1) Signatures on transactions (see esMD use case 1 and use case 2)
2) Signatures on bundles of documents using the IHE DSG standards as defined in Author of Record Level 1 Implementation Guide.
3) Signatures on individual C-CDAs using the XADES-X-L standard defined in the HL7 Digital Signatures Implementation Guide.
4) Delegation of rights assertions using a SAML assertion as defined in the guides.
Objectives
The pilots are designed to test signatures and delegations of rights on transaction, bundles of documents and individual documents. The end goals of the Author of Record pilots include addressing the following capabilities to:
- identity proof individuals and organizations at Federal Bridge Medium Assurance
- manage X.509v3 signing certificates and authorization tokens in a secure signing application
- create the appropriate artifacts required by the specific application
- create the appropriate delegation of rights assertion
- validate the delegation of rights
- calculate the appropriate message digest
- incorporate the artifacts in the specific structure
- receive and validate the signature artifacts and data integrity
Documentation Streams
Stream 1: Signature on transactions
1) White papers
2) PPA Implementation Guide
3) Author of Record Level 1 Implementation Guide
Stream 2: Signature on document bundle
1) White papers
2) Author of Record Level 1 Implementation Guide
Stream 3: Signature on a Consolidated CDA
1) White papers
2) Author of Record Level 2 Implementation Guide (in progress)
3) HL7 Digital Signatures and Delegation of Rights Implementation Guide (DSTU)
Pilot Streams
Stream 1 – Use Case 1 Provider Registration (signing a transaction)
Goal: Phase 1
- Test the ability to incorporate digital signatures and delegation of rights onto a provider registration transaction.
- Accept, validate, and verify transaction data integrity
Pilot Participants:
- CA/RA
- Digital Signature Application provider
- EHR vendor
- HIH
- Provider
Stream 2 – Author of Record Level 1 (signing a bundle of documents)
Goal: Phase 1
- Test the ability to incorporate digital signatures and delegation of rights for a bundle of documents using the IHE DSG profile, meeting requirements for non-repudiation.
- Accept, validate, and verify data integrity on the digitally-signed bundle of documents.
Pilot Participants:
- CA/RA
- Digital Signature Application provider
- EHR vendor
- HIH
- Provider
Stream 3 – Author of Record Level 2 (signing an individual CDA document)
Goal: Phase 1
- Test the ability to incorporate digital signatures onto an individual CDA document, meeting requirements for non-repudiation and applying signatures at the time of document creation, modification or review.
- Accept, validate, and verify data integrity on the digitally-signed CDA
Pilot Participants:
- CA/RA
- Digital Signature Application provider
- EHR vendor
- HIH
- Provider
Participating Organizations
Organization | POCs | Pilot Project Profile |
---|---|---|
PAHISP LLC & NHDS | Peter Bachman | Download (.docx) |
MEA | Tim Staley | Missing File |
Inpriva | Ginna Yost Don Jorgenson | Missing File |
MaxMD | Bruce Schreiber | Download (.docx) |
MRO Coportaion & DigiCert | David Borden Scott Rea | Missing File |
Strategic Healthcare Solutions | Dr. Mark Pilley | Missing File |
MediProfit | Mark Kimmel mark.codeablelanguage@gmail.com Susan Hemme | Missing File |