1 / 23

Wednesday May 2, 2012

Electronic Submission of Medical Documentation (esMD) Digital Signature and Author of Record Pre-Discovery. Wednesday May 2, 2012. Agenda for Pre-Discovery. Schedule and objectives Scope of workgroup effort Review of initiative requirements Summary of initiative requirements. Schedule.

maisie
Download Presentation

Wednesday May 2, 2012

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Electronic Submission of Medical Documentation (esMD)Digital Signature and Author of Record Pre-Discovery Wednesday May 2, 2012

  2. Agenda for Pre-Discovery • Schedule and objectives • Scope of workgroup effort • Review of initiative requirements • Summary of initiative requirements

  3. Schedule

  4. Specifically Invited Participants

  5. Scope of workgroup effort • Identity proofing • Digital identity management • Encryption • Digital signatures • Delegation of Rights • Author of Record

  6. Identity Proofing • Identity –A unique name of an individual person or legal entity. Since the legal names of persons and entities are not necessarily unique, the identity of a person or entity must include sufficient additional information (for example an address and NPI number) to make the complete name unique • Identity Proofing –The process by which the credential issuer validates sufficient information to uniquely identify a person or entity applying for the credential. • Prove that the identity exists • Prove the applicant is entitled to that identity • Address the potential for fraudulent issuance of credentials based on collusion

  7. Digital Identity Management – Digital Certificate as an Example • A trusted authority is responsible for creating the key pair, distributing the private key, publishing the public key and revoking the keys as necessary. The “Passport Office” of the Digital World • Certificate Contents • Owner's public key • Owner's unique name • Expiration date of the public key • Name of the issuer (the CA that issued the Digital Certificate • Serial number of the Digital Certificate • Digital signature of the issuer • The most widely accepted format for Digital Certificates is defined by the CCITT X.509 international standard; thus certificates can be read or written by any application complying with X.509. • Typical “storage” for a digital certificate • software tokens • browser certificate stores • hardware tokens (Smart Cards, USB Tokens)

  8. Encryption • In cryptography, encryption is the process of transforming information (referred to as plaintext) using an algorithm (called a cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. • The result of the process is encrypted information (in cryptography, referred to as ciphertext). • The reverse process, i.e., to make the encrypted information readable again, is referred to as decryption (i.e., to make it unencrypted).

  9. Public Key Cryptography Complimentary Algorithms are used to encrypt and decrypt documents Encryption key @#@#@$$56455908283923542#$@$#%$%$^& Unreadable Format Decryption key Private Key Public Key Encrypting Decrypting Secure Transmission Signatures Decrypting Encrypting

  10. Ensuring Trusted Electronic Exchange PKI supports trusted electronic exchange • Authentication- authenticates the sender of a transaction or data set • Information Integrity- invalidates a transmission or data set if it has been tampered. • Non-repudiation- sender, transmission and data are authenticated- the sender cannot deny having sent the information

  11. Digital Signatures Private key Artifact or Document Encryption Algorithm Digitally Signed An individual digitally signs a document using the private key component of his certificate.

  12. Authentication and Verification The individual’s public key, published by the CA decrypts and verifies the digital signature. Public Key Decryption Algorithm Digitally Signed

  13. Delegation of Rights • The ability to delegate rights or authority to another to act in a specific capacity on behalf of the grantor of the right. • Digital artifact that includes the digital identity of the grantor, the digital identity of the grantee, the rights granted, duration of grant in a format that is verifiable by a third party for non-repudiation purposes. • Artifact and supporting public keys must be supported by relevant transactions and where necessary, document architectures

  14. Author of Record • Solutions that can replace wet signatures to authorize the provenance of document content on a patient’s medical record, and can work regardless of the format of the structured content of the record. • All content of a patients chart is considered in scope: The signature solution should work with any relevant document • Signature pertains to document entry made at time of service • On an interim basis, the signature may be applied at the time of document assemblage for transmission

  15. Initiatives and Requirements • Longitudinal Coordination of Care • esMD • Data Segmentation for Privacy • Direct Project • Healthcare Directories • Query Health • Transitions of Care

  16. Longitudinal Coordination of Care • 1.Need to capture digital authentication from multiple sources in an iterative documentation process (i.e. the Home Health Plan of Care). • 2.  Digital authentication of a summary extract (i.e. Patient Assessment Summary of the CMS Minimum Data Set). • 3.Identification for the provenance of the data elements: • At a minimum, the author of the document from which the elements were taken. • At the next level, the author of specific text sections such as prognosis, assessment of "concerns" and follow-up plan. • Finally, the ability to e-sign the document or subsection. • 4.The patient or Health Care Proxy (HCP) as the author of a Medical Orders for Life-Sustaining Treatment (MOLST) • 5.Distinguish between an author and a reconciler

  17. Electronic Submission of Medical Documentation (esMD) • Validate identities of providers (individuals and organizations), payers, intermediaries, contractors, and agents. • Ability to digitally delegate rights to a third party (proxy) • Signature artifacts to verify identity of each participant in the registration request or the submission of an electronic request for medical documentation (eMDR) • Encryption and signature of messages to ensure information integrity, authentication and non-repudiation. • Digital authentication of author of submitted documentation to ensure provenance • Initially at the documentation set level • Over time at the individual document level • Ultimately for each author at the level of their contribution

  18. Data Segmentation for Privacy Provided during discussion: • Need for identifying individual providers, healthcare organizations, payers, etc • Need to know the type of information available to share • Can only share specific information with specific parties • Need to know the sending and receiving parties • Handling depends on the type of information, where it came from (i.e., substance abuse treatment facility), allowed recipients • Example: Discharge documents from Betty Ford Clinic need to be sent to ‘Dr. Bob’ at ‘Hospital X’ • Need to ensure that Dr. Bob is allowed to receive this information and the content is not divulged to an unauthorized third partyduring the transaction

  19. Direct Project • Identity proofing of Address and Server owners • Encryption for messages • Signing for authentication of sending and receiving entities (entities may be individuals or organizations)

  20. Healthcare Directories • Identity proofing of individual and organizations • Identity proofing of addresses and servers • Certificates and artifacts for both signing and encryption • Delegation of Rights – depends on method used for populating and attesting to individuals

  21. Query Health Provided during discussion: • Identity validation (organizations and systems, not necessarily individuals) • Encryption of data to protect confidentiality • Authorization of queries from specific organizations where authors need to be identified, but not necessarily with multiple signatories • A Query Network DUA is established as an overlay on top of the technical platform, so digital authorship would play a hand in this process

  22. Transitions of Care • Provided during discussion: • Validation of documents • Is this occurring in real time in actual production systems? • Some vendors would validate every transaction at every entry point, but others said this was too much work • How many digital signatures may be applied to a document? • What is the complexity of having multiple signatures in processing a real-time message flow? • How difficult or time consuming would it be to validate a transaction to validate a document? • What is the balance between how many signatures are applied? • If multiple people are signing different parts of the same document, at what point are considerations affecting the design of real systems taken into account?

  23. Initiative Requirement Summary

More Related