Re: E-Signatures

[David Grisham <DGrisham () SALUD UNM EDU>]

I have not seen much follow-up on this request.  We are documenting an electronic signature procedure for providers who 
verify dictation inside of our patient record.  CMS and The Joint Commission require a documented procedure.  In this 
situation we are using electronic signatures and not the digital signatures which are very different for the state of 
New Mexico.  Although we are not currently looking at including researchers and implementing FDA standards.  It is 
being discussed on our academic side.
I will be glad to share our operational draft process for E -signatures in the medical record.  Please send requests to 
dgrisham () salud unm edu.
Cheers.-grish
David Grisham
Manager, IT Security, UNM Hospitals

> > > Faith Mcgrath <faith.mcgrath () YALE EDU> 1/10/2008 3:09 PM >>>
I am also interested in what people are using for electronic signatures 
if they need to certify that they are in compliance with FDA Electronic 
Records; Electronic Signatures regs -- 21 CFR Part 11 
(http://www.fda.gov/ora/compliance_ref/part11/). I am just being to do some background reading on the requirements, but 
we are beginning to see this requirement related to pharmaceutical research protocols. Thanks. -fm

Harrold Ahole wrote:
> > Is anyone doing any work with e-signatures within their applications?  
> > I'm not talking about crypto-based digital signatures.  Rather, we 
> > need something that is the equivalent of someone signing a piece of 
> > paper to attest that the contents are correct.  Some applications 
> > we've seen just have something like "type your name in this field to 
> > sign this form".  A campus customer is looking for something more 
> > comprehensive than that.  What are other people doing short of 
> > implementing PKI or using login credentials as a signature?
>
> Well, the first thing to decide is what you want to accomplish.  The US 
> Esign law allows "type your name" as a form of electronic signature 
> simply because it's very natural to show consent (willful action).
> The first consideration is how do you authenticate the user at the time 
> they take this action?  Depending on the application, it could be very 
> little, such as if they are requesting the purchase of a transcript, in 
> which authentication may not be too high provided they also pay by 
> credit card.  If the user is logged into a campus application, you can 
> certainly use that as a credential for authentication.
>
> The next consideration is to create a reliable electronic record, one 
> that can be shared with all parties involved.  This is typically done 
> with digital signatures, but of course other methods are likely 
> acceptable if they can be shown to reflect the agreed upon document and 
> are stored in a manner suitable to show non-modifiable archived storage 
> (such as when paper docs are scanned to microfilm, it's generally 
> assumed that the microfilm version is accurate as it's hard to tamper 
> with).
>
> Harry


-- 
Faith McGrath, Associate Director
Yale University ITS - Information Security
faith.mcgrath () yale edu 
voice: 203.737.4087 telefax: 203.737.2859
security () yale edu || security.yale.edu

Please be aware that email communication can be intercepted in 
transmission or misdirected. Please consider communicating any sensitive 
information by telephone, fax or mail. The information contained in this 
message may be privileged and confidential. If you are NOT the intended 
recipient, please notify the sender immediately and destroy this 
message. If you wish to confirm the content of this message and/or the 
identity of the sender please contact me at the phone number given above.