Document Digital Signature(DSG)

Document Digital Signature(DSG)

Gila Pyke / Lori Reed-FourquetSmart Systems for Health Agency / Identrus

IHE ITI Technical Comittee

June 28-29, 2005 Interoperability Strategy Workshop2

W W W . I H E . N E TW W W . I H E . N E T

Providers and VendorsWorking Together to Deliver

Interoperable Health Information SystemsIn the Enterprise

and Across Care Settings

June 28-29, 2005 Interoperability Strategy Workshop3

IT Infrastructure ProfilesIT Infrastructure Profiles

2004 Patient Identifier Cross-referencing for MPI (PIX) Retrieve Information for Display (RID) Consistent Time (CT) Patient Synchronized Applications (PSA) Enterprise User Authentication (EUA)

2005Patient Demographic Query (PDQ) Cross Enterprise Document Sharing (XDS)Audit Trail and Note Authentication (ATNA)Personnel White Pages (PWP)

2006Cross-Enterprise User Authentication (XUA)Document Digital Signature (DSG) – Notification of Document Availability (NAV)Patient Administration/Management (PAM)

Document Digital Signature (DSG)Use of digital signatures to provide document integrity, non-repudiation and accountability.

June 28-29, 2005 Interoperability Strategy Workshop4

Document Digital SignatureDocument Digital SignatureValue PropositionValue Proposition

• Leverages XDS Document infrastructure• Providing accountability• Providing document integrity• Providing non-repudiation• Providing satisfactory evidence of: Authorship,

Approval, Review, and Authentication• Infrastructural pattern to be further profiled by

domain specific groups (e-Prescribing, e-Referral)

June 28-29, 2005 Interoperability Strategy Workshop5

Document Digital SignatureDocument Digital SignatureAbstract/scopeAbstract/scope

• Provide signature mechanism

• Provide verification/validation mechanism

• Provide signature attributes

• Integration with XDS– Digital signing of documents in XDS– Access to documents in XDS independent of

signatures

June 28-29, 2005 Interoperability Strategy Workshop6

Document Digital SignatureDocument Digital SignatureOut of scopeOut of scope

• Certificate management and PKI concepts

• Standards and implementations are available and will be discussed later

• Focus begins with signing, not encryption

• Partial Document Signature

June 28-29, 2005 Interoperability Strategy Workshop7

Document Digital SignatureDocument Digital SignatureGoalsGoals

• New Digital Signature Document format in XDS• Leverages XDS for signature by reference• Profile use of single / multiple signatures• Profile use of nested signatures• Provide signature integrity across intermediary

processing– E-prescribing– Interface Engine

June 28-29, 2005 Interoperability Strategy Workshop10

Document Digital SignatureDocument Digital SignatureUse CasesUse Cases

1. Attesting a document as true copy– Each subsequent use of the original signed digital document

or a digital copy of the document can inspected signatures to assert that the documents are true copies of information attestable to the signer at the time of the signature ceremony

• Attesting content– When a clinician submits a clinical document to the XDS

repository, the clinician using a digital certificate digitally signs the document

• Attesting to whole submission set • Translation / Transformation

June 28-29, 2005 Interoperability Strategy Workshop11

Document Digital SignatureDocument Digital SignatureUse Cases: True CopyUse Cases: True Copy

Use Case 1: Attesting a document as true copy

• Verify that the document in use by all parties is the same as the original document and has not been modified.

• Verify “document integrity”.

June 28-29, 2005 Interoperability Strategy Workshop12

Document Digital SignatureDocument Digital SignatureUse Cases: True CopyUse Cases: True Copy

• Non-XDS example:– A physician needs to forward results obtained

from a third party to another clinician. There is a need to ensure that all parties are working from the same “true copy”

• XDS example:– Medical records staff who submit documents to

XDS need to verify and attest their submission.

June 28-29, 2005 Interoperability Strategy Workshop13

Document Digital SignatureDocument Digital SignatureUse Cases: Attesting to ContentUse Cases: Attesting to Content

Use Case 2: Attesting clinical information content

• Attest that a report is complete and correct

• Ability to verify that physician has verified and attested to report

June 28-29, 2005 Interoperability Strategy Workshop14

Document Digital SignatureDocument Digital SignatureUse Cases: Attesting to ContentUse Cases: Attesting to Content

• Non-XDS example:– A clinician needs to rely on the contents of a

report created by another clinician; diagnosis, prescription content, etc

– Also, this signature can not be repudiated.

• XDS example: – When a clinician submits content to XDS

he/she signs it to take clinical responsibility for the content

June 28-29, 2005 Interoperability Strategy Workshop15

Document Digital SignatureDocument Digital SignatureUse Cases: Submission setUse Cases: Submission set

Use Case 3: Attesting to a whole submission set

A digitally signed manifest can indicate both:• That a set of documents is authorized for release

by signing clinician• That the set is indeed the complete set of

documents and their associated signatures• Manifest signature does NOT verify content or

correctness.

June 28-29, 2005 Interoperability Strategy Workshop16

Document Digital SignatureDocument Digital SignatureUse Cases: Submission SetUse Cases: Submission Set

The recipient organizations can use this digital signature to:

• identify the person who selected and authorized the release,

• obtain the complete list of documents released,• verify that the released documents have not

changed, and• identify the associated XDS submission set.

June 28-29, 2005 Interoperability Strategy Workshop17

Document Digital SignatureDocument Digital SignatureUse Cases: Submission SetUse Cases: Submission Set

• Non-XDS example:– Attesting to the completeness of a monthly submission

of all TB patient records for statistical analysis

– Attesting to the completeness of health records in a patient transfer

• XDS example:– Use XDS to send a collection of documents relating to

a patient referral. Attest that submission includes complete set of relevent documents.

June 28-29, 2005 Interoperability Strategy Workshop18

Document Digital SignatureDocument Digital SignatureUse Cases: TranslationUse Cases: Translation

Use Case 4: TranslationIntroduction of an additional signature to validate :• The original document• The original signature• The translated document

• Used to verify that the translator had the original/true document, that the original document was signed, and that the translation has attested to the validity of the translation.

June 28-29, 2005 Interoperability Strategy Workshop20

Document Digital SignatureDocument Digital SignatureUse Cases: TranslationUse Cases: Translation

• Non-XDS example:– e-prescribing : Value added networks that

translate the format of a prescription before forwarding it to a pharmacy

• XDS example:– Reference original document and original

signature by using association-type to link them in XDS with translated version

June 28-29, 2005 Interoperability Strategy Workshop21

Document Digital SignatureDocument Digital SignatureKey Technical PropertiesKey Technical Properties

• W3C XML Signature structure– credentials, timestamp, and other signature attributes

such as signature purpose

• Reference to document stored in XDS

• ISO TS17090 compliant digital certificates

• Provide for multiple signers

June 28-29, 2005 Interoperability Strategy Workshop22

Document Digital SignatureDocument Digital SignatureSignature AttributesSignature Attributes

• Expand signature to include additional data relevant to the healthcare signature

• Includes the date and time the signature was calculated and applied

• The identity of the signer

• Signature Purpose

June 28-29, 2005 Interoperability Strategy Workshop23

Document Digital SignatureDocument Digital SignatureSignature PurposeSignature Purpose

From ASTM E1762 *• “Author” - Author’s signature,• “Author.Co” - Coauthor’s signature• “Participant” - Co-participant’s signature• “Transcriptionist/Recorder”• “Verification” - Verification signature• “Validation” - Validation signature• “Consent” - Consent signature• “Witness” - Witness signature• “Witness.Event” - Event witness signature• “Witness.Identity” - Identity witness signature such as a Notary• “Witness.Consent” - Consent witness signature• “Interpreter”• “Review” - Review signature• “Source” - Source signature• “Addendum” - Addendum signature• Administrative• Timestamp

June 28-29, 2005 Interoperability Strategy Workshop24

Document Digital SignatureDocument Digital SignatureAdditions to ASTM1762Additions to ASTM1762

The following items will be added to ASTM1762– Modification– Authorization– Transformation– Recipient

Modification is being worked on.

June 28-29, 2005 Interoperability Strategy Workshop28

Document Digital SignatureDocument Digital SignatureStandards UsedStandards Used

W3C XML SignatureISO 17090, 21091ASTM E2212, E1985, E1762, E1084IETF x509DICOM supplement 41, 86NCPDPHL7 CDA

June 28-29, 2005 Interoperability Strategy Workshop29

More information….More information….

• IHE Web sites: www.ihe.net• Technical Frameworks, Supplements

– Fill in relevant supplements and frameworks

• Non-Technical Brochures :• Calls for Participation

• IHE Fact Sheet and FAQ

• IHE Integration Profiles: Guidelines for Buyers

• IHE Connect-a-thon Results

• Vendor Products Integration Statements