ASTM E1762-95
(Guide)Standard Guide for Electronic Authentication of Health Care Information
Standard Guide for Electronic Authentication of Health Care Information
SCOPE
1.1 This guide covers:
1.1.1 Defining a document structure for use by electronic signature mechanisms (Section 4),
1.1.2 Describing the characteristics of an electronic signature process (Section 5),
1.1.3 Defining minimum requirements for different electronic signature mechanisms (Section 5),
1.1.4 Defining signature attributes for use with electronic signature mechanisms (Section 6),
1.1.5 Describing acceptable electronic signature mechanisms and technologies (Section 7),
1.1.6 Defining minimum requirements for user identification, access control, and other security requirements for electronic signatures (Section 9), and
1.1.7 Outlining technical details for all electronic signature mechanisms in sufficient detail to allow interoperability between systems supporting the same signature mechanism (Section 8 and Appendixes X1 through X4).
1.2 This guide is intended to be complementary to standards under development in other organizations. The determination of which documents require signatures is out of scope, since it is a matter addressed by law, regulation, accreditation standards, and an organization's policy.
1.3 Organizations shall develop policies and procedures that define the content of the medical record, what is a documented event, and what time constitutes event time. Organizations should review applicable statutes and regulations, accreditation standards, and professional practice guidelines in developing these policies and procedures.
General Information
Relations
Standards Content (Sample)
NOTICE: This standard has either been superceded and replaced by a new version or discontinued.
Contact ASTM International (www.astm.org) for the latest information.
Designation: E 1762 – 95 An American National Standard
Standard Guide for
Electronic Authentication of Health Care Information
This standard is issued under the fixed designation E 1762; the number immediately following the designation indicates the year of
original adoption or, in the case of revision, the year of last revision. A number in parentheses indicates the year of last reapproval. A
superscript epsilon (e) indicates an editorial change since the last revision or reapproval.
1. Scope 2.2 ANSI Standards:
ANSI X9.30 Part 3: Certificate Management for DSA,
1.1 This guide covers:
November 1994 (ballot copy)
1.1.1 Defining a document structure for use by electronic
ANSI X9.31 Part 3: Certificate Management for RSA, July
signature mechanisms (Section 4),
1994 (draft)
1.1.2 Describing the characteristics of an electronic signa-
ANSI X9.31 Part 1: RSA Signature Algorithm, July 1994
ture process (Section 5),
(ballot copy) (technically aligned with ISO/IEC 9796)
1.1.3 Defining minimum requirements for different elec-
ANSI X9.30 Part 1: Digital Signature Algorithm, July 1994
tronic signature mechanisms (Section 5),
(ballot copy) (technically aligned with NIST FIPS PUB
1.1.4 Defining signature attributes for use with electronic
186)
signature mechanisms (Section 6),
ANSI X9F1, ANSI X9.45: Enhanced Management Controls
1.1.5 Describing acceptable electronic signature mecha-
Using Attribute Certificates, September 1994 (draft)
nisms and technologies (Section 7),
2.3 Other Standards:
1.1.6 Defining minimum requirements for user identifica-
FIPS PUB 112: Standards on Password Usage, May 1985
tion, access control, and other security requirements for elec-
FIPS PUB 181: Secure Hash Standard, 1994 (technically
tronic signatures (Section 9), and
aligned with ANSI X9.30–1)
1.1.7 Outlining technical details for all electronic signature
FIPS PUB 186: Digital Signature Standard, 1994 (techni-
mechanisms in sufficient detail to allow interoperability be-
cally aligned with ANSI X9.30–1)
tween systems supporting the same signature mechanism
PKCS #1: RSA Encryption Standard (version 1.5), Novem-
(Section 8 and Appendix X1-Appendix X4).
ber 1993
1.2 This guide is intended to be complementary to standards
PKCS #5: Password-Based Encryption Standard, 1994
under development in other organizations. The determination
PKCS #7: Cryptographic Message Syntax Standard, 1994
of which documents require signatures is out of scope, since it
is a matter addressed by law, regulation, accreditation stan-
3. Terminology
dards, and an organization’s policy.
3.1 Definitions:
1.3 Organizations shall develop policies and procedures that
3.1.1 access control—the prevention of unauthorized use of
define the content of the medical record, what is a documented
a resource, including the prevention of use of a resource in an
event, and what time constitutes event time. Organizations
unauthorized manner.
should review applicable statutes and regulations, accreditation
3.1.2 accountability—the property that ensures that the
standards, and professional practice guidelines in developing
actions of an entity may be traced uniquely to the entity.
these policies and procedures.
3.1.3 attribute—a piece of information associated with the
2. Referenced Documents use of a document.
3.1.4 attribute certificate—a digitally signed data structure
2.1 ISO Standards:
that binds a user to a set of attributes.
ISO 9594-8 1993: The Directory: Authentication Frame-
2 3.1.5 authorization—verification that an electronically
work (also available as ITU-S X.509)
signed transaction is acceptable according to the rules and
ISO 8825-1 1993: Specification of Basic Encoding Rules
2 limits of the parties involved.
for ASN.1
3.1.6 authorization certificate—an attribute certificate in
ISO 7816 1993: IC Cards with Contacts
2 which the attributes indicate constraints on the documents the
ISO 10036 1994: Contactless IC Cards
user may digitally sign.
This guide is under the jurisdiction of ASTM Committee E-31 on Healthcare
Informatics and is the direct responsibility of Subcommittee E31.20 on Authenti- Available from American National Standards Institute, 11 W. 42nd St., 13th
cation of Computer-Based Health Information. Floor, New York, NY 10036.
Current edition approved Oct. 10, 1995. Published January 1996. Available from NIST, Gaithersburg, MD 20899.
2 5
Available from ISO, 1 Rue de Varembe, Case Postale 56, CH 1211, Geneve, Available from RSA Data Security, 100 Marine Parkway, Redwood City, CA
Switzerland. 64065.
Copyright © ASTM, 100 Barr Harbor Drive, West Conshohocken, PA 19428-2959, United States.
NOTICE: This standard has either been superceded and replaced by a new version or discontinued.
Contact ASTM International (www.astm.org) for the latest information.
E 1762
3.1.7 availability—the property of being accessible and possession of this key is restricted, usually to two entities.
useable upon demand by an authorized entity. 3.1.28 signature—the act of taking responsibility for a
3.1.8 computer-based patient record (CPR)—the computer- document. Unless explicitly indicated otherwise, an electronic
signature is meant in this guide.
based patient record is a collection of health information
concerning one person linked by one or more identifiers. In the 3.1.29 signature attribute—an attribute characterizing a
given user’s signature on a document.
context of this guide, this term is synonymous with electronic
patient record and electronic health record. 3.1.30 signature purpose—an indication of the reason an
entity signs a document. This is included in the signed
3.1.9 computer-based patient record system (CPRS)—the
information and can be used when determining accountability
CPRS uses the information of the CPR and performs the
for various actions concerning the document. Examples in-
application functions according to underlying processes and its
clude: author, transcriptionist/recorder, and witness.
interacting with related data and knowledge bases. CPRS is
3.1.31 signature time—the time a particular signature was
synonymous with electronic patient record systems.
generated and affixed to a document.
3.1.10 data integrity—the property that data has not been
3.1.32 signature verification—the process by which the
altered or destroyed in an unauthorized manner.
recipient of a document determines that the document has not
3.1.11 data origin authentication—corroboration that the
been altered and that the signature was affixed by the claimed
source of data received is as claimed.
signer. This will in general make use of the document, the
3.1.12 digital signature—data appended to, or a crypto-
signature, and other information, such as cryptographic keys or
graphic transformation of, a data unit that allows a recipient of
biometric templates.
the data unit to prove the source and integrity of the data unit
3.1.33 user authentication—the provision of assurance of
and protect against forgery, for example, by the recipient.
the claimed identity of an entity.
3.1.13 document access time—the time(s) when the subject
3.2 Acronyms:Acronyms:
document was accessed for reading, writing, or editing.
AAMT American Association for Medical Transcription
3.1.14 document attribute—an attribute describing a char-
ABA American Bar Association
acteristic of a document.
AHIMA American Health Information Management Association
3.1.15 document creation time—the time of the creation of AIM Advanced Informatics in Medicine
ASC X3 Accredited Standards Committee X3
the subject document.
ASC X9 Accredited Standards Committee X9
3.1.16 document editing time—the time(s) of the editing of
ASC X12N Accredited Standards Committee X12N
the subject document. CA Certification Authority
CEN Comité Européen de Normalisation (European Standards Com-
3.1.17 domain—a group of systems that are under control of
mittee)
the same security authority.
CLC Comité Européen de Normalisation Electrotechnique
(CENELEC)
3.1.18 electronic document—a defined set of digital infor-
CRL Certificate Revocation List
mation, the minimal unit of information that may be digitally
DSA Digital Signature Algorithm (NIST)
signed.
EWOS European Workshop for Open Systems
ES Electronic Signature
3.1.19 electronic signature—the act of attaching a signature
FDA Food and Drug Administration
by electronic means. After the electronic signature process, it is
FIPS Federal Information Processing Standard
a sequence of bits associated with an electronic document,
ISO International Standards Organization
ITSTC International Technology Steering Committee
which binds it to a particular entity.
JCAHO Joint Commission on Accreditation of Healthcare Organizations
3.1.20 event time—the time of the documented event.
MAC Message Athentication Code
3.1.21 one-way hash function—a function that maps strings NIST National Institute for Standards and Technology
NTP Network Time Protocol
of bits to fixed-length strings of bits, satisfying the following
PCMCIA Personal Computer Memory Card Interface Association
two properties:
RSA Rivest-Shamir-Adleman (signature algorithm)
SEISMED Secure Environment for Information Systems in Medicine
3.1.21.1 It is computationally infeasible to find for a given
THIS Trusted Health Information Systems
output an input that maps to this output.
TTP Trusted Third Party
3.1.21.2 It is computationally infeasible to find for a given
4. Significance and Use
input a second input that maps to the same output.
3.1.22 private key—a key in an asymmetric algorithm; the
4.1 This guide serves three purposes:
possession of this key is restricted, usually to one entity.
4.1.1 To serve as a guide for developers of computer
3.1.23 public key—a key in an asymmetric algorithm that is
software providing, or interacting with, electronic signature
publicly available.
processes,
3.1.24 public key certificate—a digitally signed data struc-
4.1.2 To serve as a guide to healthcare providers who are
ture which binds a user’s identity to a public key.
implementing electronic signature mechanisms, and
3.1.25 repudiation—denial by one of the entities involved
4.1.3 To be a consensus standard on the design, implemen-
in a communication of having participated in all or part of the
tation, and use of electronic signatures.
communication.
5. Background Information
3.1.26 role—the role of a user when performing a signature.
Examples include: physician, nurse, allied health professional,
5.1 The creation of computer-based patient record systems
transcriptionist/recorder, and others. depends on a consensus of electronic signature processes that
3.1.27 secret key—a key in a symmetric algorithm; the are widely accepted by professional, regulatory, and legal
NOTICE: This standard has either been superceded and replaced by a new version or discontinued.
Contact ASTM International (www.astm.org) for the latest information.
E 1762
organizations. The objective is to create guidelines for entering may require more than one of the technologies described in this
information into a computer system with the assurance that the guide. Currently, there are no recognized security techniques
information conforms with the principles of accountability, that provide the security service of non-repudiation in an open
data integrity, and non-repudiation. Although various organi- network environment, in the absence of trusted third parties,
zations have commenced work in the field of electronic other than digital signature-based techniques.
signatures, a standard for the authentication of health informa-
5.7 The electronic signature process involves authentication
tion is needed. Consequently, this standard is intended as a of the signer’s identity, a signature process according to system
national standard for electronic signatures for health care
design and software instructions, binding of the signature to the
information. Technological advances and increases in the document, and non-alterability after the signature has been
legitimate uses and demands for patient health information led
affixed to the document. The generation of electronic signa-
the Institute of Medicine (IOM) to convene a committee to tures requires the successful identification and authentication
identify actions and research for a computer-based patient
of the signer at the time of the signature. To conform to this
record (CPR). The committee’s report endorsed the adoption of guide, a system shall also meet health information security and
the CPR as the standard for all health care records and the
authentication standards. Computer-based patient record sys-
establishment of a Computer-based Patient Record Institute tems may also be subject to statutes and regulations in some
(CPRI). National Information Infrastructure initiatives, the
jurisdictions.
ever increasing complexity of health care delivery, a growing
5.8 While most electronic signature standards in the bank-
need for accessible, affordable, and retrievable patient data to
ing, electronic mail, and business sectors address only digital
support clinical practice, research, and policy development
signature systems, this standard acknowledges the efforts of
support this recommendation. Major issues identified by CPRI
industry and systems integrators to achieve authentication with
as essential to the timely development of CPRs include
other methods. Therefore, this standard will not be restricted to
authentication of electronic signatures (as replacements for
a single technology.
paper signatures), as well as patient and provider confidenti-
ality and electronic data security. 6. Document Structure
5.2 User authentication is used to identify an entity (person
6.1 For any data or information for which authentication is
or machine) and verify the identity of the entity. Data origin
required, the system shall:
authentication binds that entity and verification to a piece of
6.1.1 Provide to the signer an accurate representation of the
information. The focus of this standard is the application of
health care information being signed,
user and data authentication to information generated as part of
6.1.2 Append one or multiple signatures,
the health care process. The mechanism providing this capa-
6.1.3 Include, with each signature, information associated
bility is the electronic signature.
with the signer (that is, signature attributes and possibly
5.3 Determination of which events are documented and
unsigned attributes), and
which documents must be signed are defined by law, regula-
6.1.4 Append zero or more document identifiers and at-
tion, accreditation standards, and the originating organization’s
tributes associated with the document.
policy. Such policy issues are discussed in Appendix X4.
6.2
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.