Electronic Submission of Medical Documentation (esMD) Digital Signature and Author of Record Pre-Discovery Wednesday May 2,

Agenda for Pre-Discovery 1.Schedule and objectives 2.Scope of workgroup effort 3.Review of initiative requirements 4.Summary of initiative requirements 2

Schedule 3 DateObjective(s) Wednesday, May 2 nd, 2012, 10 AM (Week 1) Identify the needs of other S&I initiatives, the community at large, and esMD Wednesday, May 9 th, 2012, 10 AM (Week 2) Conduct a survey of options applicable to the identified needs from Week 1 Wednesday, May 16 th, 2012, 10 AM (Week 3) Identify implications and obstacles associated with the adoption of various approaches to digital authentication technologies

Specifically Invited Participants InitiativeName Query HealthRichard Elmore Transitions of Care Mark Bamberg Transitions of CareKeith Boone Transitions of CarePeter Gilbert Longitudinal Coordination of CareVictor Palli Longitudinal Coordination of CareSue Mitchell Longitudinal Coordination of CareBill Russell Longitudinal Coordination of CareTerrence O'Malley Longitudinal Coordination of CareLawrence Garber Longitudinal Coordination of CareLeigh Ann Campbell Data Segmentation for PrivacyJohnathan Coleman John Donnelly HL7/RM-ESReed Gelzer AHIMA/HL7Michelle Dougherty HL7/IHE John Moehrke ONCJoy Pritts ONCJamie Skipper ONCJohn Feikama ONCScott Weinstein 4

Scope of workgroup effort 1.Identity proofing 2.Digital identity management 3.Encryption 4.Digital signatures 5.Delegation of Rights 6.Author of Record 5

Identity Proofing 1.Identity –A unique name of an individual person or legal entity. Since the legal names of persons and entities are not necessarily unique, the identity of a person or entity must include sufficient additional information (for example an address and NPI number) to make the complete name unique 2.Identity Proofing –The process by which the credential issuer validates sufficient information to uniquely identify a person or entity applying for the credential. –Prove that the identity exists –Prove the applicant is entitled to that identity –Address the potential for fraudulent issuance of credentials based on collusion 6

Digital Identity Management – Digital Certificate as an Example 1.A trusted authority is responsible for creating the key pair, distributing the private key, publishing the public key and revoking the keys as necessary. The “Passport Office” of the Digital World 2.Certificate Contents –Owner's public key –Owner's unique name –Expiration date of the public key –Name of the issuer (the CA that issued the Digital Certificate –Serial number of the Digital Certificate –Digital signature of the issuer 3.The most widely accepted format for Digital Certificates is defined by the CCITT X.509 international standard; thus certificates can be read or written by any application complying with X Typical “storage” for a digital certificate –software tokens – browser certificate stores – hardware tokens (Smart Cards, USB Tokens) 7

1.In cryptography, encryption is the process of transforming information (referred to as plaintext) using an algorithm (called a cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. 2.The result of the process is encrypted information (in cryptography, referred to as ciphertext). 3.The reverse process, i.e., to make the encrypted information readable again, is referred to as decryption (i.e., to make it unencrypted). Encryption 8

Public Key Cryptography Encryption key Decryption key Unreadable Format Complimentary Algorithms are used to encrypt and decrypt documents Public Key Private Key Secure Transmission Signatures Decrypting Encrypting Decrypting

Ensuring Trusted Electronic Exchange PKI supports trusted electronic exchange Authentication- authenticates the sender of a transaction or data set Information Integrity- invalidates a transmission or data set if it has been tampered. Non-repudiation- sender, transmission and data are authenticated- the sender cannot deny having sent the information

Artifact or Document Encryption Algorithm Digitally Signed An individual digitally signs a document using the private key component of his certificate. Digital Signatures Private key

Authentication and Verification The individual’s public key, published by the CA decrypts and verifies the digital signature. Digitally Signed Public Key Decryption Algorithm

Delegation of Rights 1.The ability to delegate rights or authority to another to act in a specific capacity on behalf of the grantor of the right. 2.Digital artifact that includes the digital identity of the grantor, the digital identity of the grantee, the rights granted, duration of grant in a format that is verifiable by a third party for non- repudiation purposes. 3.Artifact and supporting public keys must be supported by relevant transactions and where necessary, document architectures 13

Author of Record 1.Solutions that can replace wet signatures to authorize the provenance of document content on a patient’s medical record, and can work regardless of the format of the structured content of the record. 2.All content of a patients chart is considered in scope: The signature solution should work with any relevant document 3.Signature pertains to document entry made at time of service 4.On an interim basis, the signature may be applied at the time of document assemblage for transmission 14

Initiatives and Requirements 1.Longitudinal Coordination of Care 2.esMD 3.Data Segmentation for Privacy 4.Direct Project 5.Healthcare Directories 6.Query Health 7.Transitions of Care 15

Longitudinal Coordination of Care 1.Need to capture digital authentication from multiple sources in an iterative documentation process (i.e. the Home Health Plan of Care). 2. Digital authentication of a summary extract (i.e. Patient Assessment Summary of the CMS Minimum Data Set). 3.Identification for the provenance of the data elements: a.At a minimum, the author of the document from which the elements were taken. b.At the next level, the author of specific text sections such as prognosis, assessment of "concerns" and follow-up plan. c.Finally, the ability to e-sign the document or subsection. 4.The patient or Health Care Proxy (HCP) as the author of a Medical Orders for Life-Sustaining Treatment (MOLST) 5.Distinguish between an author and a reconciler 16

Electronic Submission of Medical Documentation (esMD) 1.Validate identities of providers (individuals and organizations), payers, intermediaries, contractors, and agents. 2.Ability to digitally delegate rights to a third party (proxy) 3.Signature artifacts to verify identity of each participant in the registration request or the submission of an electronic request for medical documentation (eMDR) 4.Encryption and signature of messages to ensure information integrity, authentication and non-repudiation. 5.Digital authentication of author of submitted documentation to ensure provenance a.Initially at the documentation set level b.Over time at the individual document level c.Ultimately for each author at the level of their contribution 17

Data Segmentation for Privacy Provided during discussion: 1.Need for identifying individual providers, healthcare organizations, payers, etc 2.Need to know the type of information available to share 1.Can only share specific information with specific parties 3.Need to know the sending and receiving parties 4.Handling depends on the type of information, where it came from (i.e., substance abuse treatment facility), allowed recipients 1.Example: Discharge documents from Betty Ford Clinic need to be sent to ‘Dr. Bob’ at ‘Hospital X’ 2.Need to ensure that Dr. Bob is allowed to receive this information and the content is not divulged to an unauthorized third party during the transaction 18

Direct Project 1.Identity proofing of Address and Server owners 2.Encryption for messages 3.Signing for authentication of sending and receiving entities (entities may be individuals or organizations) 19

Healthcare Directories 1.Identity proofing of individual and organizations 2.Identity proofing of addresses and servers 3.Certificates and artifacts for both signing and encryption 4.Delegation of Rights – depends on method used for populating and attesting to individuals 20

Query Health Provided during discussion: 1.Identity validation (organizations and systems, not necessarily individuals) 2.Encryption of data to protect confidentiality 3.Authorization of queries from specific organizations where authors need to be identified, but not necessarily with multiple signatories 4.A Query Network DUA is established as an overlay on top of the technical platform, so digital authorship would play a hand in this process 21

Transitions of Care Provided during discussion: 1.Validation of documents 1.Is this occurring in real time in actual production systems? 1.Some vendors would validate every transaction at every entry point, but others said this was too much work 2.How many digital signatures may be applied to a document? 3.What is the complexity of having multiple signatures in processing a real-time message flow? 4.How difficult or time consuming would it be to validate a transaction to validate a document? 5.What is the balance between how many signatures are applied? 1.If multiple people are signing different parts of the same document, at what point are considerations affecting the design of real systems taken into account? 22

Initiative Requirement Summary InitiativeIdentify ProofingSigningEncryption Delegation of Rights Author of Record Data Segmentation for PrivacyOrg/IndividualYes Direct ProjectAddress/ServerYes esMD (Electronic Submission of Medical Documentation) Org/IndividualYes Healthcare DirectoriesOrg/IndividualYes Longitudinal Coordination of Care Org/IndividualYes Query HealthOrg/IndividualYes Transitions of CareOrg/IndividualYes 23 Mandatory Optional with consequences Optional Future Uses