Data privacy has taken on new urgency in the past year. Tech visionaries once praised as architects of a connected world now face tough questions—and strict regulations—concerning how they collect, process, and manage personal data.
Nowhere is personally identifiable information (PII) more closely scrutinized than in the healthcare industry. Back in 2014, we asked eminent data privacy and legal expert Timothy Reiniger to discuss how SIGNIX digital signature technology provides critical safeguards and secure data access for health information exchanges. His comments have proved prescient and durable.
The strategic management of patient identity in health information exchanges (HIE) must be based on fundamental evidentiary requirements for proving the authenticity and reliability of digital signatures.1
For a digital signature to be deemed legally interoperable over time, it must be standards-based and capable of enabling strong two-factor authentication for access, logging of all uses, and detecting alterations. This will ensure relying party compliance with applicable confidentiality and evidentiary requirements pertaining to electronic health records (EHR) and the secure sharing of medical information.
Network economics depend on clear legal rights in the form of access and use rights to systems and records. HIEs, in particular, raise important security considerations concerning data at rest, in use, and in transit. Essential to reliability of patient’s digital signatures is access and use control over private keys (otherwise referred to as signing keys).
In particular, interoperable digital signatures, such as those issued and maintained in accordance with applicable state and federal standards, give digital signature users the capability of exerting legal control to prevent unauthorized signing and for detecting content-level changes, including for records stored in HIEs.
Legal Considerations for Interoperable Digital Signatures
The SIGNiX SaaS delivery model for digital signatures and identities, which is based on central management of each patient’s private keys, establishes minimum criteria for issuing, validating and securing interoperable digital signatures. To ensure that communications, digital signatures, and records are reliable and resistant to fraud and manipulation, legal control over the private key should rely upon strong authentication and logging for subsequent proof of each use.
Interoperable digital signatures based on central signing key management provide four overarching legal advantages when controlling EHRs and managing legal risk in HIEs:
1. Reliable Digital Signatures
To ensure that patient-signed electronic records are reliable and resistant to fraud and manipulation, the signing method should consist of a centrally stored and managed private signing key over which the patient has sole control by means of a two-factor authentication process; a digital certificate based on strong identity vetting, such as the federally approved antecedent proofing or knowledge-based questioning process; and a signing and rendering (viewing) application that provides any relying party with the ability to easily verify the authenticity of the order.2
2. Independently Verifiable Digital Signatures and Records
Digitally signing electronic records with interoperable digital signatures ensures the capability for relying parties, over time, to test the authenticity of the information that was intended to be the equivalent of a paper original. The SIGNiX patient signing platform, by means of a digital signature, includes a detective control in the document so that relying parties may test the document’s origin, integrity of contents, and date and time of issuance. No external evidence is necessary because all the validation evidence is included in the digital signature itself.
It should be noted that arguing authenticity solely through the use of extrinsic controls is complex and costly, and involves establishing the reliability of several external controls to the document systems and applications over time. On the other hand, the use of intrinsic content-level controls to detect modification (such as digital signatures), provide a strong argument for the foundation of authenticity that does not depend on the reliability of external systems, other than those required to apply the intrinsic controls.3
3. Cloud Computing
The persistent authenticity and control of an authoritative source record is based on intrinsic detective and preventive control mechanisms. A signer declares an authoritative source record by the application of an intrinsic document-level mechanism such as a digital signature, an electronic seal, or time stamp.
The authoritative source record is independent of the file container in which it is preserved.4 The authoritative source record is self-contained and self-verifiable and does not depend on any external system or application to determine its authenticity.
Advantages to Patient Use of Interoperable Digital Signatures
A challenge facing the adoption of electronic health records (EHR) is establishing a uniform and trustworthy approach for creating and managing digital identities. Key to achieving integrated and productive flow of EHRs will be enabling HIE participants to 1) authenticate each signers, 2) prove that the digital signature was intentionally used, and 3) prove the records’ integrity. For these purposes, leveraging interoperable digital signatures can provide significant advantages for EHRs.
1. Enables Compliance with L3 Credential Assurance Level Requirements
The SIGNiX platform and SaaS delivery system with centrally managed private keys enable issuance of interoperable digital identities to individuals at the L3 identity assurance level (the Office of Management and Budget and the National Institute of Standards and Technologies have established four graduated assurance levels and related policies for authenticating identity and protecting sensitive information, labeled as L1, L2, L3, and L4).
In the biopharma industry, for example, there is already significant use of Level of Assurance 3 digital identities because of the need to protect proprietary corporate information. As another use case example, for e-prescribing of controlled substances, the United States Drug Enforcement Agency stipulates two-factor L3 credentials for strong authentication of physicians.
2. Enables Use Control of the Patient’s Digital Signature
Consistent with the HIPAA Security Rule’s call for encryption, interoperable digital identities are capable of adding a layer of content protection by means of encryption, hashing, and other content controls. However, encryption, by itself is not enough to adequately protect against criminals who access the applications to steal access rights and keys to decrypt the data. Access and use controls, based on interoperable digital signatures with centrally managed keys, are necessary to ensure that all uses of the digital signatures are actually authorized and logged.
3. Enables Custodians of EHRs to Fulfill Legal Control Obligations
EHR custodians can leverage interoperable digital signatures to ensure the ongoing integrity of digital records and to fulfill confidentiality and lawsuit records’ retention requirements. Access controls to private signing keys and document-level detective controls offer several benefits — the ability to verify the source and authenticity of records, the ability to preserve evidence of the access history and usage activity, the ability to establish chain of custody, and the ability to prevent unauthorized access.
4. Enables Compliance with Signing Requirements
The SIGNiX platform establishes a trustworthy process for binding the identity of an individual to a digital signature. This is crucially important when taking into account that the integrity of the content of the electronic document and the signatures, such as a patient consent form, rests on the capability of identifying the actual signer or sender of the document in a trustworthy manner.
Without an interoperable digital identity that is aligned to the various state, national and international signature laws and emerging industry access control and secure messaging requirements, patients everywhere face the need to own multiple electronic credentials. At the same time, anyone who relies on EHRs should know that the patient’s digital signature and identity are legally valid and enforceable. The SIGNiX SaaS digital signature delivery platform with centrally managed keys provides the most effective and scalable option for HIEs.