Educause Security Discussion mailing list archives
Re: E-Signatures
From: David Grisham <DGrisham () SALUD UNM EDU>
Date: Wed, 30 Jan 2008 13:14:16 -0700
I have not seen much follow-up on this request. We are documenting an electronic signature procedure for providers who verify dictation inside of our patient record. CMS and The Joint Commission require a documented procedure. In this situation we are using electronic signatures and not the digital signatures which are very different for the state of New Mexico. Although we are not currently looking at including researchers and implementing FDA standards. It is being discussed on our academic side. I will be glad to share our operational draft process for E -signatures in the medical record. Please send requests to dgrisham () salud unm edu. Cheers.-grish David Grisham Manager, IT Security, UNM Hospitals
Faith Mcgrath <faith.mcgrath () YALE EDU> 1/10/2008 3:09 PM >>>
I am also interested in what people are using for electronic signatures if they need to certify that they are in compliance with FDA Electronic Records; Electronic Signatures regs -- 21 CFR Part 11 (http://www.fda.gov/ora/compliance_ref/part11/). I am just being to do some background reading on the requirements, but we are beginning to see this requirement related to pharmaceutical research protocols. Thanks. -fm Harrold Ahole wrote:
Is anyone doing any work with e-signatures within their applications? I'm not talking about crypto-based digital signatures. Rather, we need something that is the equivalent of someone signing a piece of paper to attest that the contents are correct. Some applications we've seen just have something like "type your name in this field to sign this form". A campus customer is looking for something more comprehensive than that. What are other people doing short of implementing PKI or using login credentials as a signature?Well, the first thing to decide is what you want to accomplish. The US Esign law allows "type your name" as a form of electronic signature simply because it's very natural to show consent (willful action). The first consideration is how do you authenticate the user at the time they take this action? Depending on the application, it could be very little, such as if they are requesting the purchase of a transcript, in which authentication may not be too high provided they also pay by credit card. If the user is logged into a campus application, you can certainly use that as a credential for authentication. The next consideration is to create a reliable electronic record, one that can be shared with all parties involved. This is typically done with digital signatures, but of course other methods are likely acceptable if they can be shown to reflect the agreed upon document and are stored in a manner suitable to show non-modifiable archived storage (such as when paper docs are scanned to microfilm, it's generally assumed that the microfilm version is accurate as it's hard to tamper with). Harry
-- Faith McGrath, Associate Director Yale University ITS - Information Security faith.mcgrath () yale edu voice: 203.737.4087 telefax: 203.737.2859 security () yale edu || security.yale.edu Please be aware that email communication can be intercepted in transmission or misdirected. Please consider communicating any sensitive information by telephone, fax or mail. The information contained in this message may be privileged and confidential. If you are NOT the intended recipient, please notify the sender immediately and destroy this message. If you wish to confirm the content of this message and/or the identity of the sender please contact me at the phone number given above.
Current thread:
- Re: E-Signatures, (continued)
- Re: E-Signatures Valdis Kletnieks (Jan 10)
- Re: E-Signatures Harrold Ahole (Jan 10)
- Re: E-Signatures Faith Mcgrath (Jan 10)
- Re: E-Signatures Harrold Ahole (Jan 10)
- Re: E-Signatures Curt Wilson (Jan 10)
- Re: E-Signatures Randy Marchany (Jan 10)
- Re: E-Signatures Sarah Stevens (Jan 10)
- Re: E-Signatures Ozzie Paez (Jan 11)
- Re: E-Signatures Sarah Stevens (Jan 11)
- Re: E-Signatures Ozzie Paez (Jan 11)
- Re: E-Signatures David Grisham (Jan 30)