1 / 16

California Department of Mental Health

California Department of Mental Health. Electronic Signatures April 12, 2007. Presentation Topics. Background Events Digital Signature Regulations in California Progress in Other States Implementation Challenges and Obstacles DMH Approach Status and Next Steps. Background Events.

maren
Download Presentation

California Department of Mental Health

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. California Department of Mental Health Electronic Signatures April 12, 2007

  2. Presentation Topics • Background Events • Digital Signature Regulations in California • Progress in Other States • Implementation Challenges and Obstacles • DMH Approach • Status and Next Steps

  3. Background Events • Medi-Cal auditors requiring handwritten signatures on printed copies of electronic records • Governor’s Executive Order S-12-06 • 100% electronic health data exchange in 10 years • DMH Objectives • Enable auditing of electronic records • Prepare for 100% EHR

  4. Digital Signatures in California • Authorized by electronic commerce legislation (California Government Code Section 16.5) • Regulations produced by Secretary of State • Electronically signed contracts legally binding • Technologies • Public Key Cryptography Encryption • 6 Public Key Infrastructure (PKI) providers certified • Signature Dynamics – no providers certified

  5. Other States’ Progress • Arizona • Arizona Electronic Signature Infrastructure • PKI, PGP, Signature Dynamics, and “other” • Matches technology to security needs/level • Covers roles and procedures • North Dakota • State Information Technology Guidelines • Differentiates digital and electronic signatures • Trustworthiness tied to security/reliability needs

  6. Challenges and Obstacles • Logistics • Thousands of mental health care providers • Identity proof/documentation • Digital Certificate Ownership and Cost • Certification is unique to an individual • Certificate acquisition – who should pay? • If the State pays, how do we control “off label” use • If individual pays, how do we revoke it?

  7. The California DMH Approach • Narrow the scope / applicability • Standards initially apply to audit of electronic mental health records only • Three components to the standard: • Uniqueness • Security standards • Electronic Signature Agreement

  8. Uniqueness • Unique to the individual • Under the signer’s sole control • Capable of being verified (signature valid for a legitimate, active user) • Can detect if data has been changed after signature was applied • Timestamp data and signatures separately • Use hash totals (a “message digest”) • Audit logs

  9. Security • Certification Commission on Healthcare Information Technology (CCHIT) 2007 Security standards or equivalent • Applicable sections: • Security: Access Control • Security: Audit • Security: Authentication • Not applicable: • Security: Documentation • Security: Technical Services www.cchit.org

  10. Sample CCHIT Standards

  11. Electronic Signature Agreement • Governs circumstances of use • Full force and effect of written signature • Protection from misuse • Actions if lost or compromised • Revocation process • Signed (handwritten signature)

  12. Electronic Signature Agreement

  13. Consumer Signatures • More technologies allowed • Scan of signed paper document • Signature pad capture • Biometrics, such as fingerprint scans • Passwords or PINs

  14. Status and Next Steps • Information Notice – proposed standards • Develop draft document (done) • Legal review (done) • DMH/County review • Regulations • Develop draft regulations • Legal review • Public comment • Final regulations

  15. Questions

  16. DMH Technology ContactsDMH MHSA Web Site: www.dmh.ca.gov/mhsaMHSA Technology Email: MHSA-IT@dmh.ca.gov Gary Renslo Chief Information Officer Phone: 916-653-3882 Email: Gary.Renslo@DMH.CA.GOV Rebecca Skarr Chief of Applications Development Phone: 916-654-2496 Email: Rebecca.Skarr@DMH.CA.GOV Corina Leon Requirements Coordinator, EHR/HIE/PHR Phone: 916-654-5432 Email: Corina.Leon-Walters@DMH.CA.GOV Bob Cutler Analyst for e-Signatures Phone: 916-651-1117 Email: Robert.Cutler@DMH.CA.GOV

More Related