1、Designation: E 1762 95 (Reapproved 2009)An American National StandardStandard Guide forElectronic Authentication of Health Care Information1This standard is issued under the fixed designation E 1762; the number immediately following the designation indicates the year oforiginal adoption or, in the c
2、ase of revision, the year of last revision. A number in parentheses indicates the year of last reapproval. Asuperscript epsilon () indicates an editorial change since the last revision or reapproval.1. Scope1.1 This guide covers:1.1.1 Defining a document structure for use by electronicsignature mech
3、anisms (Section 4),1.1.2 Describing the characteristics of an electronic signa-ture process (Section 5),1.1.3 Defining minimum requirements for different elec-tronic signature mechanisms (Section 5),1.1.4 Defining signature attributes for use with electronicsignature mechanisms (Section 6),1.1.5 Des
4、cribing acceptable electronic signature mecha-nisms and technologies (Section 7),1.1.6 Defining minimum requirements for user identifica-tion, access control, and other security requirements for elec-tronic signatures (Section 9), and1.1.7 Outlining technical details for all electronic signaturemech
5、anisms in sufficient detail to allow interoperability be-tween systems supporting the same signature mechanism(Section 8 and Appendix X1-Appendix X4).1.2 This guide is intended to be complementary to standardsunder development in other organizations. The determinationof which documents require signa
6、tures is out of scope, since itis a matter addressed by law, regulation, accreditation stan-dards, and an organizations policy.1.3 Organizations shall develop policies and procedures thatdefine the content of the medical record, what is a documentedevent, and what time constitutes event time. Organi
7、zationsshould review applicable statutes and regulations, accreditationstandards, and professional practice guidelines in developingthese policies and procedures.2. Referenced Documents2.1 ISO Standards:ISO 9594-8 1993: The Directory: Authentication Frame-work (also available as ITU-S X.509)2ISO 882
8、5-1 1993: Specification of Basic Encoding Rulesfor ASN.12ISO 7816 1993: IC Cards with Contacts2ISO 10036 1994: Contactless IC Cards22.2 ANSI Standards:ANSI X9.30 Part 3: Certificate Management for DSA,November 1994 (ballot copy)3ANSI X9.31 Part 3: Certificate Management for RSA, July1994 (draft)3ANS
9、I X9.31 Part 1: RSA Signature Algorithm, July 1994(ballot copy) (technically aligned with ISO/IEC 9796)3ANSI X9.30 Part 1: Digital Signature Algorithm, July 1994(ballot copy) (technically aligned with NIST FIPS PUB186)3ANSI X9F1, ANSI X9.45: Enhanced Management ControlsUsing Attribute Certificates,
10、September 1994 (draft)32.3 Other Standards:FIPS PUB 112: Standards on Password Usage, May 19854FIPS PUB 181: Secure Hash Standard, 1994 (technicallyaligned with ANSI X9.301)4FIPS PUB 186: Digital Signature Standard, 1994 (techni-cally aligned with ANSI X9.301)4PKCS #1: RSA Encryption Standard (versi
11、on 1.5), Novem-ber 19935PKCS #5: Password-Based Encryption Standard, 19945PKCS #7: Cryptographic Message Syntax Standard, 199453. Terminology3.1 Definitions:3.1.1 access controlthe prevention of unauthorized use ofa resource, including the prevention of use of a resource in anunauthorized manner.3.1
12、.2 accountabilitythe property that ensures that theactions of an entity may be traced uniquely to the entity.3.1.3 attributea piece of information associated with theuse of a document.1This guide is under the jurisdiction of ASTM Committee E31 on HealthcareInformatics and is the direct responsibilit
13、y of Subcommittee E31.25 on HealthcareData Management, Security, Confidentiality, and Privacy.Current edition approved April 1, 2009. Published September 2009. Originallyapproved in 1995. Last previous edition approved in 2003 as E 176295 (2003).2Available from ISO, 1 Rue de Varembe, Case Postale 56
14、, CH 1211, Geneve,Switzerland.3Available from American National Standards Institute (ANSI), 25 W. 43rd St.,4th Floor, New York, NY 10036, http:/www.ansi.org.4Available from National Institute of Standards and Technology (NIST), 100Bureau Dr., Stop 1070, Gaithersburg, MD 20899-1070, http:/www.nist.go
15、v.5Available from RSA Data Security, 100 Marine Parkway, Redwood City, CA64065.1Copyright ASTM International, 100 Barr Harbor Drive, PO Box C700, West Conshohocken, PA 19428-2959, United States.3.1.4 attribute certificatea digitally signed data structurethat binds a user to a set of attributes.3.1.5
16、 authorizationverification that an electronicallysigned transaction is acceptable according to the rules andlimits of the parties involved.3.1.6 authorization certificatean attribute certificate inwhich the attributes indicate constraints on the documents theuser may digitally sign.3.1.7 availabilit
17、ythe property of being accessible anduseable upon demand by an authorized entity.3.1.8 computer-based patient record (CPR)the computer-based patient record is a collection of health informationconcerning one person linked by one or more identifiers. In thecontext of this guide, this term is synonymo
18、us with electronicpatient record and electronic health record.3.1.9 computer-based patient record system (CPRS)theCPRS uses the information of the CPR and performs theapplication functions according to underlying processes and itsinteracting with related data and knowledge bases. CPRS issynonymous w
19、ith electronic patient record systems.3.1.10 data integritythe property that data has not beenaltered or destroyed in an unauthorized manner.3.1.11 data origin authenticationcorroboration that thesource of data received is as claimed.3.1.12 digital signaturedata appended to, or a crypto-graphic tran
20、sformation of, a data unit that allows a recipient ofthe data unit to prove the source and integrity of the data unitand protect against forgery, for example, by the recipient.3.1.13 document access timethe time(s) when the subjectdocument was accessed for reading, writing, or editing.3.1.14 documen
21、t attributean attribute describing a char-acteristic of a document.3.1.15 document creation timethe time of the creation ofthe subject document.3.1.16 document editing timethe time(s) of the editing ofthe subject document.3.1.17 domaina group of systems that are under control ofthe same security aut
22、hority.3.1.18 electronic documenta defined set of digital infor-mation, the minimal unit of information that may be digitallysigned.3.1.19 electronic signaturethe act of attaching a signatureby electronic means.After the electronic signature process, it isa sequence of bits associated with an electr
23、onic document,which binds it to a particular entity.3.1.20 event timethe time of the documented event.3.1.21 one-way hash functiona function that maps stringsof bits to fixed-length strings of bits, satisfying the followingtwo properties:3.1.21.1 It is computationally infeasible to find for a giveno
24、utput an input that maps to this output.3.1.21.2 It is computationally infeasible to find for a giveninput a second input that maps to the same output.3.1.22 private keya key in an asymmetric algorithm; thepossession of this key is restricted, usually to one entity.3.1.23 public keya key in an asymm
25、etric algorithm that ispublicly available.3.1.24 public key certificatea digitally signed data struc-ture which binds a users identity to a public key.3.1.25 repudiationdenial by one of the entities involvedin a communication of having participated in all or part of thecommunication.3.1.26 rolethe r
26、ole of a user when performing a signature.Examples include: physician, nurse, allied health professional,transcriptionist/recorder, and others.3.1.27 secret keya key in a symmetric algorithm; thepossession of this key is restricted, usually to two entities.3.1.28 signaturethe act of taking responsib
27、ility for adocument. Unless explicitly indicated otherwise, an electronicsignature is meant in this guide.3.1.29 signature attributean attribute characterizing agiven users signature on a document.3.1.30 signature purposean indication of the reason anentity signs a document. This is included in the
28、signedinformation and can be used when determining accountabilityfor various actions concerning the document. Examples in-clude: author, transcriptionist/recorder, and witness.3.1.31 signature timethe time a particular signature wasgenerated and affixed to a document.3.1.32 signature verificationthe
29、 process by which therecipient of a document determines that the document has notbeen altered and that the signature was affixed by the claimedsigner. This will in general make use of the document, thesignature, and other information, such as cryptographic keys orbiometric templates.3.1.33 user auth
30、enticationthe provision of assurance ofthe claimed identity of an entity.3.2 Acronyms:Acronyms:AAMT American Association for Medical TranscriptionABA American Bar AssociationAHIMA American Health Information Management AssociationAIM Advanced Informatics in MedicineASC X3 Accredited Standards Commit
31、tee X3ASC X9 Accredited Standards Committee X9ASC X12N Accredited Standards Committee X12NCA Certification AuthorityCEN Comit Europen de Normalisation (European Standards Com-mittee)CLC Comit Europen de Normalisation Electrotechnique(CENELEC)CRL Certificate Revocation ListDSA Digital Signature Algor
32、ithm (NIST)EWOS European Workshop for Open SystemsES Electronic SignatureFDA Food and Drug AdministrationFIPS Federal Information Processing StandardISO International Standards OrganizationITSTC International Technology Steering CommitteeJCAHO Joint Commission on Accreditation of Healthcare Organiza
33、tionsMAC Message Athentication CodeNIST National Institute for Standards and TechnologyNTP Network Time ProtocolPCMCIA Personal Computer Memory Card Interface AssociationRSA Rivest-Shamir-Adleman (signature algorithm)SEISMED Secure Environment for Information Systems in MedicineTHIS Trusted Health I
34、nformation SystemsTTP Trusted Third Party4. Significance and Use4.1 This guide serves three purposes:4.1.1 To serve as a guide for developers of computersoftware providing, or interacting with, electronic signatureprocesses,E 1762 95 (2009)24.1.2 To serve as a guide to healthcare providers who areim
35、plementing electronic signature mechanisms, and4.1.3 To be a consensus standard on the design, implemen-tation, and use of electronic signatures.5. Background Information5.1 The creation of computer-based patient record systemsdepends on a consensus of electronic signature processes thatare widely a
36、ccepted by professional, regulatory, and legalorganizations. The objective is to create guidelines for enteringinformation into a computer system with the assurance that theinformation conforms with the principles of accountability,data integrity, and non-repudiation. Although various organi-zations
37、 have commenced work in the field of electronicsignatures, a standard for the authentication of health informa-tion is needed. Consequently, this standard is intended as anational standard for electronic signatures for health careinformation. Technological advances and increases in thelegitimate use
38、s and demands for patient health information ledthe Institute of Medicine (IOM) to convene a committee toidentify actions and research for a computer-based patientrecord (CPR). The committees report endorsed the adoption ofthe CPR as the standard for all health care records and theestablishment of a
39、 Computer-based Patient Record Institute(CPRI). National Information Infrastructure initiatives, theever increasing complexity of health care delivery, a growingneed for accessible, affordable, and retrievable patient data tosupport clinical practice, research, and policy developmentsupport this rec
40、ommendation. Major issues identified by CPRIas essential to the timely development of CPRs includeauthentication of electronic signatures (as replacements forpaper signatures), as well as patient and provider confidenti-ality and electronic data security.5.2 User authentication is used to identify a
41、n entity (personor machine) and verify the identity of the entity. Data originauthentication binds that entity and verification to a piece ofinformation. The focus of this standard is the application ofuser and data authentication to information generated as part ofthe health care process. The mecha
42、nism providing this capa-bility is the electronic signature.5.3 Determination of which events are documented andwhich documents must be signed are defined by law, regula-tion, accreditation standards, and the originating organizationspolicy. Such policy issues are discussed in Appendix X4.5.4 Signat
43、ures have been a part of the documentationprocess in health care and have traditionally been indicators ofaccountability. Health care providers are faced with the inevi-table transition toward computerization. For electronic healthrecord systems to be accepted, they must provide an equivalentor grea
44、ter level of accurate data entry, accountability, andappropriate quality improvement mechanisms. In this context,a standard is needed that does not allow a party to successfullydeny authorship and reject responsibility (repudiation).5.5 The guide addresses the following requirements, whichany system
45、 claiming to conform to this guide shall support:5.5.1 Non-repudiation,5.5.2 Integrity,5.5.3 Secure user authentication,5.5.4 Multiple signatures,5.5.5 Signature attributes,5.5.6 Countersignatures,5.5.7 Transportability,5.5.8 Interoperability,5.5.9 Independent verifiability, and5.5.10 Continuity of
46、signature capability.5.6 Various technologies may fulfill one or more of theserequirements. Thus, a complete electronic signature systemmay require more than one of the technologies described in thisguide. Currently, there are no recognized security techniquesthat provide the security service of non
47、-repudiation in an opennetwork environment, in the absence of trusted third parties,other than digital signature-based techniques.5.7 The electronic signature process involves authenticationof the signers identity, a signature process according to systemdesign and software instructions, binding of t
48、he signature to thedocument, and non-alterability after the signature has beenaffixed to the document. The generation of electronic signa-tures requires the successful identification and authenticationof the signer at the time of the signature. To conform to thisguide, a system shall also meet healt
49、h information security andauthentication standards. Computer-based patient record sys-tems may also be subject to statutes and regulations in somejurisdictions.5.8 While most electronic signature standards in the bank-ing, electronic mail, and business sectors address only digitalsignature systems, this standard acknowledges the efforts ofindustry and systems integrators to achieve authentication withother methods. Therefore, this standard will not be restricted toa single technology.6. Document Structure6.1 For any data or information for