Overview

CMS is collaborating with DHHS Office of the National Coordinator for Health IT (ONC) to develop a method to replace wet signatures with digital signatures for medical documents and transactions. Through working with the Standards and Interoperability (S&I) Framework, CMS has identified requirements within the following major topics for Author of Record (AoR):

• Identity Proofing

• Digital Credential Management

• Digital Signatures & Signature Artifacts

• Delegation of Rights

These topics are focused on meeting requirements for signature non-repudiation and data integrity.

The Author of Record pilots are focused on four different types of signatures:
1) Signatures on transactions (see esMD use case 1 and use case 2)
2) Signatures on bundles of documents using the IHE DSG standards as defined in Author of Record Level 1 Implementation Guide.
3) Signatures on individual C-CDAs using the XADES-X-L standard defined in the HL7 Digital Signatures Implementation Guide.
4) Delegation of rights assertions using a SAML assertion as defined in the guides.

Objectives

The pilots are designed to test signatures and delegations of rights on transaction, bundles of documents and individual documents. The end goals of the Author of Record pilots include addressing the following capabilities to:

• identity proof individuals and organizations at Federal Bridge Medium Assurance
• manage X.509v3 signing certificates and authorization tokens in a secure signing application
• create the appropriate artifacts required by the specific application
• create the appropriate delegation of rights assertion
• validate the delegation of rights
• calculate the appropriate message digest
• incorporate the artifacts in the specific structure
• receive and validate the signature artifacts and data integrity

Documentation Streams

Stream 1: Signature on transactions
1) White papers

• Digital Credentials
• Identity Proofing
• Digital Signatures & Delegation of Rights

2) PPA Implementation Guide
3) Author of Record Level 1 Implementation Guide

Stream 2: Signature on document bundle
1) White papers

• Digital Credentials
• Identity Proofing
• Digital Signatures & Delegation of Rights

2) Author of Record Level 1 Implementation Guide

Stream 3: Signature on a Consolidated CDA
1) White papers

• Digital Credentials
• Identity Proofing
• Digital Signatures & Delegation of Rights

2) Author of Record Level 2 Implementation Guide (in progress)
3) HL7 Digital Signatures and Delegation of Rights Implementation Guide (DSTU)

Pilot Streams

Stream 1 – Use Case 1 Provider Registration (signing a transaction)
Goal: Phase 1

1. Test the ability to incorporate digital signatures and delegation of rights onto a provider registration transaction.
2. Accept, validate, and verify transaction data integrity

Pilot Participants:

1. CA/RA
2. Digital Signature Application provider
3. EHR vendor
4. HIH
5. Provider

Stream 2 – Author of Record Level 1 (signing a bundle of documents)
Goal: Phase 1

1. Test the ability to incorporate digital signatures and delegation of rights for a bundle of documents using the IHE DSG profile, meeting requirements for non-repudiation.
2. Accept, validate, and verify data integrity on the digitally-signed bundle of documents.

Pilot Participants:

1. CA/RA
2. Digital Signature Application provider
3. EHR vendor
4. HIH
5. Provider

Stream 3 – Author of Record Level 2 (signing an individual CDA document)
Goal: Phase 1

1. Test the ability to incorporate digital signatures onto an individual CDA document, meeting requirements for non-repudiation and applying signatures at the time of document creation, modification or review.
2. Accept, validate, and verify data integrity on the digitally-signed CDA

Pilot Participants:

1. CA/RA
2. Digital Signature Application provider
3. EHR vendor
4. HIH
5. Provider

Participating Organizations

Reference Materials