1、Designation: E 1762 95 (Reapproved 2003)An American National StandardStandard Guide forElectronic Authentication of Health Care Information1This standard is issued under the fixed designation E 1762; the number immediately following the designation indicates the year oforiginal adoption or, in the c
2、ase of revision, the year of last revision. A number in parentheses indicates the year of last reapproval. Asuperscript epsilon (e) indicates an editorial change since the last revision or reapproval.1. Scope1.1 This guide covers:1.1.1 Defining a document structure for use by electronicsignature mec
3、hanisms (Section 4),1.1.2 Describing the characteristics of an electronic signa-ture process (Section 5),1.1.3 Defining minimum requirements for different elec-tronic signature mechanisms (Section 5),1.1.4 Defining signature attributes for use with electronicsignature mechanisms (Section 6),1.1.5 De
4、scribing acceptable electronic signature mecha-nisms and technologies (Section 7),1.1.6 Defining minimum requirements for user identifica-tion, access control, and other security requirements for elec-tronic signatures (Section 9), and1.1.7 Outlining technical details for all electronic signaturemec
5、hanisms in sufficient detail to allow interoperability be-tween systems supporting the same signature mechanism(Section 8 and Appendix X1-Appendix X4).1.2 This guide is intended to be complementary to standardsunder development in other organizations. The determinationof which documents require sign
6、atures is out of scope, since itis a matter addressed by law, regulation, accreditation stan-dards, and an organizations policy.1.3 Organizations shall develop policies and procedures thatdefine the content of the medical record, what is a documentedevent, and what time constitutes event time. Organ
7、izationsshould review applicable statutes and regulations, accreditationstandards, and professional practice guidelines in developingthese policies and procedures.2. Referenced Documents2.1 ISO Standards:ISO 9594-8 1993: The Directory: Authentication Frame-work (also available as ITU-S X.509)2ISO 88
8、25-1 1993: Specification of Basic Encoding Rulesfor ASN.12ISO 7816 1993: IC Cards with Contacts2ISO 10036 1994: Contactless IC Cards22.2 ANSI Standards:ANSI X9.30 Part 3: Certificate Management for DSA,November 1994 (ballot copy)3ANSI X9.31 Part 3: Certificate Management for RSA, July1994 (draft)3AN
9、SI X9.31 Part 1: RSA Signature Algorithm, July 1994(ballot copy) (technically aligned with ISO/IEC 9796)3ANSI X9.30 Part 1: Digital Signature Algorithm, July 1994(ballot copy) (technically aligned with NIST FIPS PUB186)3ANSI X9F1, ANSI X9.45: Enhanced Management ControlsUsing Attribute Certificates,
10、 September 1994 (draft)32.3 Other Standards:FIPS PUB 112: Standards on Password Usage, May 19854FIPS PUB 181: Secure Hash Standard, 1994 (technicallyaligned with ANSI X9.301)4FIPS PUB 186: Digital Signature Standard, 1994 (techni-cally aligned with ANSI X9.301)4PKCS #1: RSA Encryption Standard (vers
11、ion 1.5), Novem-ber 19935PKCS #5: Password-Based Encryption Standard, 19945PKCS #7: Cryptographic Message Syntax Standard, 199453. Terminology3.1 Definitions:3.1.1 access controlthe prevention of unauthorized use ofa resource, including the prevention of use of a resource in anunauthorized manner.3.
12、1.2 accountabilitythe property that ensures that theactions of an entity may be traced uniquely to the entity.3.1.3 attributea piece of information associated with theuse of a document.3.1.4 attribute certificatea digitally signed data structurethat binds a user to a set of attributes.3.1.5 authoriz
13、ationverification that an electronicallysigned transaction is acceptable according to the rules andlimits of the parties involved.1This guide is under the jurisdiction of ASTM Committee E-31 on HealthcareInformatics and is the direct responsibility of Subcommittee E31.25 on HealthcareManagement, Sec
14、urity, Confidentiality, and Privacy.Current edition approved May 10, 2003. Published July 2003. Originallyapproved in 1995. Last previous edition approved in 1995 as E 176295.2Available from ISO, 1 Rue de Varembe, Case Postale 56, CH 1211, Geneve,Switzerland.3Available from American National Standar
15、ds Institute, 11 W. 42nd St., 13thFloor, New York, NY 10036.4Available from NIST, Gaithersburg, MD 20899.5Available from RSA Data Security, 100 Marine Parkway, Redwood City, CA64065.1Copyright ASTM International, 100 Barr Harbor Drive, PO Box C700, West Conshohocken, PA 19428-2959, United States.3.1
16、.6 authorization certificatean attribute certificate inwhich the attributes indicate constraints on the documents theuser may digitally sign.3.1.7 availabilitythe property of being accessible anduseable upon demand by an authorized entity.3.1.8 computer-based patient record (CPR)the computer-based p
17、atient record is a collection of health informationconcerning one person linked by one or more identifiers. In thecontext of this guide, this term is synonymous with electronicpatient record and electronic health record.3.1.9 computer-based patient record system (CPRS)theCPRS uses the information of
18、 the CPR and performs theapplication functions according to underlying processes and itsinteracting with related data and knowledge bases. CPRS issynonymous with electronic patient record systems.3.1.10 data integritythe property that data has not beenaltered or destroyed in an unauthorized manner.3
19、.1.11 data origin authenticationcorroboration that thesource of data received is as claimed.3.1.12 digital signaturedata appended to, or a crypto-graphic transformation of, a data unit that allows a recipient ofthe data unit to prove the source and integrity of the data unitand protect against forge
20、ry, for example, by the recipient.3.1.13 document access timethe time(s) when the subjectdocument was accessed for reading, writing, or editing.3.1.14 document attributean attribute describing a char-acteristic of a document.3.1.15 document creation timethe time of the creation ofthe subject documen
21、t.3.1.16 document editing timethe time(s) of the editing ofthe subject document.3.1.17 domaina group of systems that are under control ofthe same security authority.3.1.18 electronic documenta defined set of digital infor-mation, the minimal unit of information that may be digitallysigned.3.1.19 ele
22、ctronic signaturethe act of attaching a signatureby electronic means.After the electronic signature process, it isa sequence of bits associated with an electronic document,which binds it to a particular entity.3.1.20 event timethe time of the documented event.3.1.21 one-way hash functiona function t
23、hat maps stringsof bits to fixed-length strings of bits, satisfying the followingtwo properties:3.1.21.1 It is computationally infeasible to find for a givenoutput an input that maps to this output.3.1.21.2 It is computationally infeasible to find for a giveninput a second input that maps to the sam
24、e output.3.1.22 private keya key in an asymmetric algorithm; thepossession of this key is restricted, usually to one entity.3.1.23 public keya key in an asymmetric algorithm that ispublicly available.3.1.24 public key certificatea digitally signed data struc-ture which binds a users identity to a pu
25、blic key.3.1.25 repudiationdenial by one of the entities involvedin a communication of having participated in all or part of thecommunication.3.1.26 rolethe role of a user when performing a signature.Examples include: physician, nurse, allied health professional,transcriptionist/recorder, and others
26、.3.1.27 secret keya key in a symmetric algorithm; thepossession of this key is restricted, usually to two entities.3.1.28 signaturethe act of taking responsibility for adocument. Unless explicitly indicated otherwise, an electronicsignature is meant in this guide.3.1.29 signature attributean attribu
27、te characterizing agiven users signature on a document.3.1.30 signature purposean indication of the reason anentity signs a document. This is included in the signedinformation and can be used when determining accountabilityfor various actions concerning the document. Examples in-clude: author, trans
28、criptionist/recorder, and witness.3.1.31 signature timethe time a particular signature wasgenerated and affixed to a document.3.1.32 signature verificationthe process by which therecipient of a document determines that the document has notbeen altered and that the signature was affixed by the claime
29、dsigner. This will in general make use of the document, thesignature, and other information, such as cryptographic keys orbiometric templates.3.1.33 user authenticationthe provision of assurance ofthe claimed identity of an entity.3.2 Acronyms:Acronyms:AAMT American Association for Medical Transcrip
30、tionABA American Bar AssociationAHIMA American Health Information Management AssociationAIM Advanced Informatics in MedicineASC X3 Accredited Standards Committee X3ASC X9 Accredited Standards Committee X9ASC X12N Accredited Standards Committee X12NCA Certification AuthorityCEN Comit Europen de Norma
31、lisation (European Standards Com-mittee)CLC Comit Europen de Normalisation Electrotechnique(CENELEC)CRL Certificate Revocation ListDSA Digital Signature Algorithm (NIST)EWOS European Workshop for Open SystemsES Electronic SignatureFDA Food and Drug AdministrationFIPS Federal Information Processing S
32、tandardISO International Standards OrganizationITSTC International Technology Steering CommitteeJCAHO Joint Commission on Accreditation of Healthcare OrganizationsMAC Message Athentication CodeNIST National Institute for Standards and TechnologyNTP Network Time ProtocolPCMCIA Personal Computer Memor
33、y Card Interface AssociationRSA Rivest-Shamir-Adleman (signature algorithm)SEISMED Secure Environment for Information Systems in MedicineTHIS Trusted Health Information SystemsTTP Trusted Third Party4. Significance and Use4.1 This guide serves three purposes:4.1.1 To serve as a guide for developers
34、of computersoftware providing, or interacting with, electronic signatureprocesses,4.1.2 To serve as a guide to healthcare providers who areimplementing electronic signature mechanisms, and4.1.3 To be a consensus standard on the design, implemen-tation, and use of electronic signatures.E 1762 95 (200
35、3)25. Background Information5.1 The creation of computer-based patient record systemsdepends on a consensus of electronic signature processes thatare widely accepted by professional, regulatory, and legalorganizations. The objective is to create guidelines for enteringinformation into a computer sys
36、tem with the assurance that theinformation conforms with the principles of accountability,data integrity, and non-repudiation. Although various organi-zations have commenced work in the field of electronicsignatures, a standard for the authentication of health informa-tion is needed. Consequently, t
37、his standard is intended as anational standard for electronic signatures for health careinformation. Technological advances and increases in thelegitimate uses and demands for patient health information ledthe Institute of Medicine (IOM) to convene a committee toidentify actions and research for a c
38、omputer-based patientrecord (CPR). The committees report endorsed the adoption ofthe CPR as the standard for all health care records and theestablishment of a Computer-based Patient Record Institute(CPRI). National Information Infrastructure initiatives, theever increasing complexity of health care
39、delivery, a growingneed for accessible, affordable, and retrievable patient data tosupport clinical practice, research, and policy developmentsupport this recommendation. Major issues identified by CPRIas essential to the timely development of CPRs includeauthentication of electronic signatures (as
40、replacements forpaper signatures), as well as patient and provider confidenti-ality and electronic data security.5.2 User authentication is used to identify an entity (personor machine) and verify the identity of the entity. Data originauthentication binds that entity and verification to a piece ofi
41、nformation. The focus of this standard is the application ofuser and data authentication to information generated as part ofthe health care process. The mechanism providing this capa-bility is the electronic signature.5.3 Determination of which events are documented andwhich documents must be signed
42、 are defined by law, regula-tion, accreditation standards, and the originating organizationspolicy. Such policy issues are discussed in Appendix X4.5.4 Signatures have been a part of the documentationprocess in health care and have traditionally been indicators ofaccountability. Health care provider
43、s are faced with the inevi-table transition toward computerization. For electronic healthrecord systems to be accepted, they must provide an equivalentor greater level of accurate data entry, accountability, andappropriate quality improvement mechanisms. In this context,a standard is needed that doe
44、s not allow a party to successfullydeny authorship and reject responsibility (repudiation).5.5 The guide addresses the following requirements, whichany system claiming to conform to this guide shall support:5.5.1 Non-repudiation,5.5.2 Integrity,5.5.3 Secure user authentication,5.5.4 Multiple signatu
45、res,5.5.5 Signature attributes,5.5.6 Countersignatures,5.5.7 Transportability,5.5.8 Interoperability,5.5.9 Independent verifiability, and5.5.10 Continuity of signature capability.5.6 Various technologies may fulfill one or more of theserequirements. Thus, a complete electronic signature systemmay re
46、quire more than one of the technologies described in thisguide. Currently, there are no recognized security techniquesthat provide the security service of non-repudiation in an opennetwork environment, in the absence of trusted third parties,other than digital signature-based techniques.5.7 The elec
47、tronic signature process involves authenticationof the signers identity, a signature process according to systemdesign and software instructions, binding of the signature to thedocument, and non-alterability after the signature has beenaffixed to the document. The generation of electronic signa-ture
48、s requires the successful identification and authenticationof the signer at the time of the signature. To conform to thisguide, a system shall also meet health information security andauthentication standards. Computer-based patient record sys-tems may also be subject to statutes and regulations in
49、somejurisdictions.5.8 While most electronic signature standards in the bank-ing, electronic mail, and business sectors address only digitalsignature systems, this standard acknowledges the efforts ofindustry and systems integrators to achieve authentication withother methods. Therefore, this standard will not be restricted toa single technology.6. Document Structure6.1 For any data or information for which authentication isrequired, the system shall:6.1.1 Provide to the signer an accurate representation of thehealth care information being sig
