1、Designation: E1762 95 (Reapproved 2013) An American National StandardStandard Guide forElectronic Authentication of Health Care Information1This standard is issued under the fixed designation E1762; the number immediately following the designation indicates the year oforiginal adoption or, in the ca
2、se of revision, the year of last revision. A number in parentheses indicates the year of last reapproval. Asuperscript epsilon () indicates an editorial change since the last revision or reapproval.1. Scope1.1 This guide covers:1.1.1 Defining a document structure for use by electronicsignature mecha
3、nisms (Section 4),1.1.2 Describing the characteristics of an electronic signa-ture process (Section 5),1.1.3 Defining minimum requirements for different elec-tronic signature mechanisms (Section 5),1.1.4 Defining signature attributes for use with electronicsignature mechanisms (Section 6),1.1.5 Desc
4、ribing acceptable electronic signature mecha-nisms and technologies (Section 7),1.1.6 Defining minimum requirements for useridentification, access control, and other security requirementsfor electronic signatures (Section 9), and1.1.7 Outlining technical details for all electronic signaturemechanism
5、s in sufficient detail to allow interoperability be-tween systems supporting the same signature mechanism(Section 8 and Appendix X1 Appendix X4).1.2 This guide is intended to be complementary to standardsunder development in other organizations. The determinationof which documents require signatures
6、 is out of scope, since itis a matter addressed by law, regulation, accreditationstandards, and an organizations policy.1.3 Organizations shall develop policies and procedures thatdefine the content of the medical record, what is a documentedevent, and what time constitutes event time. Organizations
7、should review applicable statutes and regulations, accreditationstandards, and professional practice guidelines in developingthese policies and procedures.2. Referenced Documents2.1 ISO Standards:ISO 9594-8 1993: The Directory:Authentication Framework(also available as ITU-S X.509)2ISO 8825-1 1993:
8、Specification of Basic Encoding Rules forASN.12ISO 7816 1993: IC Cards with Contacts2ISO 10036 1994: Contactless IC Cards22.2 ANSI Standards:ANSI X9.30 Part 3: Certificate Management for DSA, No-vember 1994 (ballot copy)3ANSI X9.31 Part 3: Certificate Management for RSA, July1994 (draft)3ANSI X9.31
9、Part 1: RSA Signature Algorithm, July 1994(ballot copy) (technically aligned with ISO/IEC 9796)3ANSI X9.30 Part 1: Digital Signature Algorithm, July 1994(ballot copy) (technically aligned with NIST FIPS PUB186)3ANSI X9F1, ANSI X9.45: Enhanced Management ControlsUsing Attribute Certificates, Septembe
10、r 1994 (draft)32.3 Other Standards:FIPS PUB 112: Standards on Password Usage, May 19854FIPS PUB 181: Secure Hash Standard, 1994 (technicallyaligned with ANSI X9.301)4FIPS PUB 186: Digital Signature Standard, 1994 (techni-cally aligned with ANSI X9.301)4PKCS #1: RSA Encryption Standard (version 1.5),
11、 Novem-ber 19935PKCS #5: Password-Based Encryption Standard, 19945PKCS #7: Cryptographic Message Syntax Standard, 199453. Terminology3.1 Definitions:3.1.1 access controlthe prevention of unauthorized use ofa resource, including the prevention of use of a resource in anunauthorized manner.3.1.2 accou
12、ntabilitythe property that ensures that theactions of an entity may be traced uniquely to the entity.3.1.3 attributea piece of information associated with theuse of a document.1This guide is under the jurisdiction of ASTM Committee E31 on HealthcareInformatics and is the direct responsibility of Sub
13、committee E31.25 on HealthcareData Management, Security, Confidentiality, and Privacy.Current edition approved March 1, 2013. Published March 2013. Originallyapproved in 1995. Last previous edition approved in 2009 as E176295 (2009).DOI: 10.1520/E1762-95R13.2Available from ISO, 1 Rue de Varembe, Cas
14、e Postale 56, CH 1211, Geneve,Switzerland.3Available from American National Standards Institute (ANSI), 25 W. 43rd St.,4th Floor, New York, NY 10036, http:/www.ansi.org.4Available from National Institute of Standards and Technology (NIST), 100Bureau Dr., Stop 1070, Gaithersburg, MD 20899-1070, http:
15、/www.nist.gov.5Available from RSA Data Security, 100 Marine Parkway, Redwood City, CA64065.Copyright ASTM International, 100 Barr Harbor Drive, PO Box C700, West Conshohocken, PA 19428-2959. United StatesNOTICE: This standard has either been superseded and replaced by a new version or withdrawn.Cont
16、act ASTM International (www.astm.org) for the latest information13.1.4 attribute certificatea digitally signed data structurethat binds a user to a set of attributes.3.1.5 authorizationverification that an electronicallysigned transaction is acceptable according to the rules andlimits of the parties
17、 involved.3.1.6 authorization certificatean attribute certificate inwhich the attributes indicate constraints on the documents theuser may digitally sign.3.1.7 availabilitythe property of being accessible anduseable upon demand by an authorized entity.3.1.8 computer-based patient record (CPR)the com
18、puter-based patient record is a collection of health informationconcerning one person linked by one or more identifiers. In thecontext of this guide, this term is synonymous with electronicpatient record and electronic health record.3.1.9 computer-based patient record system (CPRS)theCPRS uses the i
19、nformation of the CPR and performs theapplication functions according to underlying processes and itsinteracting with related data and knowledge bases. CPRS issynonymous with electronic patient record systems.3.1.10 data integritythe property that data has not beenaltered or destroyed in an unauthor
20、ized manner.3.1.11 data origin authenticationcorroboration that thesource of data received is as claimed.3.1.12 digital signaturedata appended to, or a crypto-graphic transformation of, a data unit that allows a recipient ofthe data unit to prove the source and integrity of the data unitand protect
21、against forgery, for example, by the recipient.3.1.13 document access timethe time(s) when the subjectdocument was accessed for reading, writing, or editing.3.1.14 document attributean attribute describing a char-acteristic of a document.3.1.15 document creation timethe time of the creation ofthe su
22、bject document.3.1.16 document editing timethe time(s) of the editing ofthe subject document.3.1.17 domaina group of systems that are under control ofthe same security authority.3.1.18 electronic documenta defined set of digitalinformation, the minimal unit of information that may bedigitally signed
23、.3.1.19 electronic signaturethe act of attaching a signatureby electronic means.After the electronic signature process, it isa sequence of bits associated with an electronic document,which binds it to a particular entity.3.1.20 event timethe time of the documented event.3.1.21 one-way hash functiona
24、 function that maps stringsof bits to fixed-length strings of bits, satisfying the followingtwo properties:3.1.21.1 It is computationally infeasible to find for a givenoutput an input that maps to this output.3.1.21.2 It is computationally infeasible to find for a giveninput a second input that maps
25、 to the same output.3.1.22 private keya key in an asymmetric algorithm; thepossession of this key is restricted, usually to one entity.3.1.23 public keya key in an asymmetric algorithm that ispublicly available.3.1.24 public key certificatea digitally signed data struc-ture which binds a users ident
26、ity to a public key.3.1.25 repudiationdenial by one of the entities involved ina communication of having participated in all or part of thecommunication.3.1.26 rolethe role of a user when performing a signature.Examples include: physician, nurse, allied health professional,transcriptionist/recorder,
27、 and others.3.1.27 secret keya key in a symmetric algorithm; thepossession of this key is restricted, usually to two entities.3.1.28 signaturethe act of taking responsibility for adocument. Unless explicitly indicated otherwise, an electronicsignature is meant in this guide.3.1.29 signature attribut
28、ean attribute characterizing agiven users signature on a document.3.1.30 signature purposean indication of the reason anentity signs a document. This is included in the signedinformation and can be used when determining accountabilityfor various actions concerning the document. Examples in-clude: au
29、thor, transcriptionist/recorder, and witness.3.1.31 signature timethe time a particular signature wasgenerated and affixed to a document.3.1.32 signature verificationthe process by which therecipient of a document determines that the document has notbeen altered and that the signature was affixed by
30、 the claimedsigner. This will in general make use of the document, thesignature, and other information, such as cryptographic keys orbiometric templates.3.1.33 user authenticationthe provision of assurance ofthe claimed identity of an entity.3.2 Acronyms:AAMT American Association for Medical Transcr
31、iptionABA American Bar AssociationAHIMA American Health Information Management AssociationAIM Advanced Informatics in MedicineASC X3 Accredited Standards Committee X3ASC X9 Accredited Standards Committee X9ASC X12N Accredited Standards Committee X12NCA Certification AuthorityCEN Comit Europen de Nor
32、malisation (European Standards Com-mittee)CLC Comit Europen de Normalisation Electrotechnique(CENELEC)CRL Certificate Revocation ListDSA Digital Signature Algorithm (NIST)EWOS European Workshop for Open SystemsES Electronic SignatureFDA Food and Drug AdministrationFIPS Federal Information Processing
33、 StandardISO International Standards OrganizationITSTC International Technology Steering CommitteeJCAHO Joint Commission on Accreditation of Healthcare OrganizationsMAC Message Athentication CodeNIST National Institute for Standards and TechnologyNTP Network Time ProtocolPCMCIA Personal Computer Mem
34、ory Card Interface AssociationRSA Rivest-Shamir-Adleman (signature algorithm)E1762 95 (2013)2SEISMED Secure Environment for Information Systems in MedicineTHIS Trusted Health Information SystemsTTP Trusted Third Party4. Significance and Use4.1 This guide serves three purposes:4.1.1 To serve as a gui
35、de for developers of computersoftware providing, or interacting with, electronic signatureprocesses,4.1.2 To serve as a guide to healthcare providers who areimplementing electronic signature mechanisms, and4.1.3 To be a consensus standard on the design,implementation, and use of electronic signature
36、s.5. Background Information5.1 The creation of computer-based patient record systemsdepends on a consensus of electronic signature processes thatare widely accepted by professional, regulatory, and legalorganizations. The objective is to create guidelines for enteringinformation into a computer syst
37、em with the assurance that theinformation conforms with the principles of accountability,data integrity, and non-repudiation. Although various organi-zations have commenced work in the field of electronicsignatures, a standard for the authentication of health informa-tion is needed. Consequently, th
38、is standard is intended as anational standard for electronic signatures for health careinformation. Technological advances and increases in thelegitimate uses and demands for patient health information ledthe Institute of Medicine (IOM) to convene a committee toidentify actions and research for a co
39、mputer-based patientrecord (CPR). The committees report endorsed the adoption ofthe CPR as the standard for all health care records and theestablishment of a Computer-based Patient Record Institute(CPRI). National Information Infrastructure initiatives, theever increasing complexity of health care d
40、elivery, a growingneed for accessible, affordable, and retrievable patient data tosupport clinical practice, research, and policy developmentsupport this recommendation. Major issues identified by CPRIas essential to the timely development of CPRs includeauthentication of electronic signatures (as r
41、eplacements forpaper signatures), as well as patient and provider confidenti-ality and electronic data security.5.2 User authentication is used to identify an entity (personor machine) and verify the identity of the entity. Data originauthentication binds that entity and verification to a piece ofin
42、formation. The focus of this standard is the application ofuser and data authentication to information generated as part ofthe health care process. The mechanism providing this capa-bility is the electronic signature.5.3 Determination of which events are documented andwhich documents must be signed
43、are defined by law,regulation, accreditation standards, and the originating organi-zations policy. Such policy issues are discussed in AppendixX4.5.4 Signatures have been a part of the documentationprocess in health care and have traditionally been indicators ofaccountability. Health care providers
44、are faced with the inevi-table transition toward computerization. For electronic healthrecord systems to be accepted, they must provide an equivalentor greater level of accurate data entry, accountability, andappropriate quality improvement mechanisms. In this context,a standard is needed that does
45、not allow a party to successfullydeny authorship and reject responsibility (repudiation).5.5 The guide addresses the following requirements, whichany system claiming to conform to this guide shall support:5.5.1 Non-repudiation,5.5.2 Integrity,5.5.3 Secure user authentication,5.5.4 Multiple signature
46、s,5.5.5 Signature attributes,5.5.6 Countersignatures,5.5.7 Transportability,5.5.8 Interoperability,5.5.9 Independent verifiability, and5.5.10 Continuity of signature capability.5.6 Various technologies may fulfill one or more of theserequirements. Thus, a complete electronic signature systemmay requ
47、ire more than one of the technologies described in thisguide. Currently, there are no recognized security techniquesthat provide the security service of non-repudiation in an opennetwork environment, in the absence of trusted third parties,other than digital signature-based techniques.5.7 The electr
48、onic signature process involves authenticationof the signers identity, a signature process according to systemdesign and software instructions, binding of the signature to thedocument, and non-alterability after the signature has beenaffixed to the document. The generation of electronic signa-tures
49、requires the successful identification and authenticationof the signer at the time of the signature. To conform to thisguide, a system shall also meet health information security andauthentication standards. Computer-based patient record sys-tems may also be subject to statutes and regulations in somejurisdictions.5.8 While most electronic signature standards in thebanking, electronic mail, and business sectors address onlydigital signature systems, this standard acknowledges theefforts of industry and systems integrators to ac
