Electronically Signed Documents in Health Care

A. Hollerbach; R. Brandner; A. Bess; P. Schmücker; B. Bergh

doi:10.1055/s-0038-1634003

Methods of Information in Medicine, Table of Contents

Methods Inf Med 2005; 44(04): 520-527
DOI: 10.1055/s-0038-1634003

Original Article

Schattauer GmbH

Electronically Signed Documents in Health Care

Analysis and Assessment of Data Formats and Transformation

Authors

A. Hollerbach

¹Center for Information Technology and Biomedical Engineering, Heidelberg University Medical Center, Heidelberg, Germany
R. Brandner

²InterComponentWare AG, Walldorf, Germany
A. Bess

³PERGIS Systemhaus GmbH, Ludwigshafen am Rhein, Germany
P. Schmücker

⁴Department of Computer Science, Mannheim University of Applied Sciences, Mannheim, Germany
B. Bergh

¹Center for Information Technology and Biomedical Engineering, Heidelberg University Medical Center, Heidelberg, Germany

Abstract

Summary

Objectives: Our objectives were to analyze and assess data formats for their suitability for conclusive and secure long-term archiving and to develop a concept for legally secure transformation of electronically signed documents that are not available in data formats appropriate for long-term archiving.

Methods: On the basis of literature review and Internet searches we developed general evaluation criteria to assess data formats with regard to their suitability for conclusive and secure long-term archiving. The assessment of data formats refers to format specifications and available literature. For the analyses of the transformation of signed documents we analyzed legal requirements on the basis of laws and ordinances as well as technical requirements by means of literature reviews, Internet searches and technical specifications.

Results: The following evaluation criteria are suited for this kind of assessment of data formats: transparency and standardization, stability, presentation and secuity According to our assessment the following data formats are most suitable for conclusive and secure long-term archiving: PDF for formatted and unstructured text documents, XML for markup languages, TIFF for images in general, DICOM for medical images and S/MIME for the storage of e-mail. To transform electronically signed documents we propose an elementary procedure and universal basic model in form of an XML schema definition that includes the necessary legal and technical information.

Conclusions: If electronic documents are to replace paper-based documents in patient records, they have to conform to the criteria for secure long-term archiving. The analyzed data formats are to be extended by mechanisms to guarantee the long-term security of electronic signatures. To transform large quantities of documents in a legally secure way, our basic model has to be extended for automated procedures.

Keywords

Computerized patient records - data security - documentation/standards - electronic signature - transformation

Full Text

References

References
1 Safran C, Goldberg H. Electronic patient records and the impact of the Internet. Int J Med Inf 2000; 60 (02) 77-83.
2 Dujat C, Haux R, Schmücker P, Winter A. Digital Optical Archiving of Medical Records in Hospital Information Systems – A Practical Approach Towards the Computer-based Patient Record?. Methods Inf Med 1995; 34 (05) 489-97.
3 van Bemmel JH. Toward a Virtual Electronic Patient Record. MD Comput 1999; 16 (06) 20-1.
4 Smith E, Eloff JH. Security in health-care information systems – current trends. Int J Med Inf 1999; 54 (01) 39-54.
5 Blobel B. The European Trust Health Project experiences with implementing a security infrastructure. Int J Med Inf 2000; 60 (02) 193-201.
6 Epstein MA, Pasieka MS, Lord WP, Wong STC, Mankovich NJ. Security for the Digital Information Age of Medicine: Issues, Applications, and Implementation. J Digit Imaging 1998; 11 (01) 33-4.
7 van Dyk J. Public Key Infrastructure – Securing the Exchange of Health Information. MD Comput 2000; 17 (05) 44-6.
8 Brandner R, van der Haak M, Hartmann M, Haux R, Schmücker P. The Electronic Signature for Medical Documents – Integration and Evaluation of a Public Key Infrastructure in Hospitals. Methods Inf Med 2002; 41 (04) 321-30. Reprinted in: IMIA Yearbook of Medical Informatics 2004. Stuttgart: Schattauer; 2004
9 Schneier B. Applied Cryptography. New York: Wiley; 1996
10 Housley R, Polk W, Ford W, Solo D. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 3280; April 2002 http://www.ietf.org/rfc/rfc3280.txt last accessed: 2005-01-14
11 Myers M, Ankney R, Malpani A, Galperin S, Adams C. X.509 Internet Public Key Infrastructure Online Certificate Status Protocol – OCSP. RFC 2560; June 1999 http://www.ietf.org/rfc/rfc2560.txt last accessed: 2005 01-14
12 Directive 1999/93/EC of the European Parliament and of the Council of December 13, 1999 on a Community framework for electronic signatures. Official Journal of the European Communities L13: 12-20 http://europa.eu.int/information_society/eeurope/2002/action_plan/pdf/esignatures_en.pdf last accessed: 2005-01-14
13 Law Governing Framework Conditions for Electronic Signatures and Amending Other Regulations. Bundesgesetzblatt Teil I 22: 876-84 http://www.regtp.de/imperia/md/content/tech_reg_t/digisign/119.pdf last accessed: 2005-01-28
14 CEN/TC251 CR1350: 1993. Investigation of syntaxes for existing interchange formats to be used in health care
15 AIIM International: White Paper on Records, Document and Enterprise Content Management. (2): Hewlett Packard Gmb H: Conversion & Document Formats First Edition, Barcelona: DLMForum 2002
16 DLM-Forum. Guidelines on best practices for using electronic documents. Updated and enlarged edition, Luxembourg: European Communities, 1997 http://europa.eu.int/ISPO/dlm/documents/gdlines.pdf last acessed: 2005-02-07
17 Hendley T. Comparison of Methods and Costs of Digital Preservation. British Library Research and Innovation Report 106, Cim Tech Ltd. University of Hertfordshire
18 Pordesch U. [The electronic form and the presentation problem]. Baden-Baden: Nomos Verlagsgesellschaft; 2003. German
19 Hollerbach A. [Data formats and transformation of electronically signed documents]. Diploma Thesis, Fachbereich Medizinische Informatik, Universität Heidelberg/Fachhochschule Heilbronn 2003. German:
20 ISO/CD 19005-1 Document management – Electronic document file format for long-term preservation – Part 1: Use of PDF (PDF/A), Committee Draft.
21 Pravetz J. PDF Public-Key Digital Signature and Encryption Specification. Version 3.2. Acrobat Engineering; September 2001
22 Dolin RH, Alschuler L, Beebe C, Biron PV, Boyer SL, Essin D. et al The HL7 Clinical Document Architecture. JAm Med Inform Assoc 2001; 8 (06) 552-69.
23 Eastlake D, Reagle J. (2002): XML Encryption Syntax and Processing. W3C Recommendation, Dec 2002 http://www.w3.org/TR/xmlenc-core/ last accessed: 2005-02-5
24 Eastlake D, Reagle J, Solo D. (Extensible Markup Language) XML-Signature Syntax and Processing. RFC 3275; March 2002 http://www.ietf.org/rfc/rfc3275.txt last accessed: 2005-01-14
25 ISO 12639: 2004: Graphic technology – Prepress digital data exchange – Tag image file format for image technology (TIFF/IT), (ISO TC130)
26 TIFF Revision 6.0. Adobe Developpers Association. Seattle, 1992 http://partners.adobe.com/public/developer/en/tiff/TIFF6.pdf last accessed: 2005-01-20
27 Mildenberger P, Eichelberg M, Martin E. Introduction to the DICOM standard. Eur Radiol 2002; 12: 920-27.
28 DICOM Standards Committee: Attribute Level Confidentiality (including De-identification). NEMA Standards Publication PS 3, Supplement 55, September 2002 ftp://medical.nema.org/ medical/dicom/final/sup55_ft.pdf last accessed: 2005-01-14
29 DICOM Standards Committee: Digital Signatures. NEMA Standards Publication PS 3, Supplement 41; September 2001 ftp://medical.nema. org/medical/dicom/final/sup41_ft.pdf last accessed: 2005-01-14
30 Housley R: Cryptographic Message Syntax (CMS). RFC 3369, August 2002 http://www.ietf.org/rfc/rfc3369.txt last accessed: 2005-01-14
31 Bürkle T, Schweiger R, Altmann U, Holena M, Blobel B, Dudeck J. Transferring Data from One EPR to Another: Content – Syntax – Semantik. Methods Inf Med 1999; 38 (4/5) 321-5.
32 Third law for the modification of regulations to the administrative procedure Bundesgesetzblatt Teil I. 35: 3322-43.
33 Schmidt A, Gondrom T, Masinter L. Requirements for Certification Services. Internet-Draft of the IETF; October 2004 http://www.ietf.org/internet-drafts/draft-ietf-ltans-notareqs-01.txt last accessed: 2005-01-14