You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 6
Next »
Overview
CMS is collaborating with DHHS Office of the National Coordinator for Health IT (ONC) to develop a method to replace wet signatures with digital signatures for medical documents and transactions. Through working with the Standards and Interoperability (S&I) Framework, CMS has identified requirements within the following major topics for Author of Record (AoR):
These topics are focused on meeting requirements for signature non-repudiation and data integrity.
The Author of Record pilots are focused on four different types of signatures:
1) Signatures on transactions (see esMD use case 1 and use case 2)
2) Signatures on bundles of documents using the IHE DSG standards as defined in Author of Record Level 1 Implementation Guide.
3) Signatures on individual C-CDAs using the XADES-X-L standard defined in the HL7 Digital Signatures Implementation Guide.
4) Delegation of rights assertions using a SAML assertion as defined in the guides.
Objectives
The pilots are designed to test signatures and delegations of rights on transaction, bundles of documents and individual documents. The end goals of the Author of Record pilots include addressing the following capabilities to:
- identity proof individuals and organizations at Federal Bridge Medium Assurance
- manage X.509v3 signing certificates and authorization tokens in a secure signing application
- create the appropriate artifacts required by the specific application
- create the appropriate delegation of rights assertion
- validate the delegation of rights
- calculate the appropriate message digest
- incorporate the artifacts in the specific structure
- receive and validate the signature artifacts and data integrity
Pilot Streams
Stream 1 – Use Case 1 Provider Registration (signing a transaction)
Goal: Phase 1
- Test the ability to incorporate digital signatures and delegation of rights onto a provider registration transaction.
- Accept, validate, and verify transaction data integrity
Pilot Participants:
- CA/RA
- Digital Signature Application provider
- EHR vendor
- HIH
- Provider
Stream 2 – Author of Record Level 1 (signing a bundle of documents)
Goal: Phase 1
- Test the ability to incorporate digital signatures and delegation of rights for a bundle of documents using the IHE DSG profile, meeting requirements for non-repudiation.
- Accept, validate, and verify data integrity on the digitally-signed bundle of documents.
Pilot Participants:
- CA/RA
- Digital Signature Application provider
- EHR vendor
- HIH
- Provider
Stream 3 – Author of Record Level 2 (signing an individual CDA document)
Goal: Phase 1
- Test the ability to incorporate digital signatures onto an individual CDA document, meeting requirements for non-repudiation and applying signatures at the time of document creation, modification or review.
- Accept, validate, and verify data integrity on the digitally-signed CDA
Pilot Participants:
- CA/RA
- Digital Signature Application provider
- EHR vendor
- HIH
- Provider
Participating Organizations
Reference Materials
Author of Record White Paper