Submitted by gldickinson on
HL7 FHIR Record Lifecycle Event Implementation Guide
Please add/update reference to HL7 FHIR Record Lifecycle Event Implementation Guide, published December 2023: http://hl7.org/fhir/uv/ehrs-rle/Informative1/
The metadata, or extra information about data, regarding who created the data and when it was created.
Data Element |
||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Signature
Description
(Per https://www.hl7.org/fhir/provenance.html): “Provenance.signature: A digital signature on the target Reference(s). The digital signature, inclusive of a hash on the resource being signed (Provenance.signature.type = 1.2.840.10065.1.12.1.14), will ensure that the integrity of the particular electronic health information (EHI) is maintained and not altered in any way. This allows recipients of this EHI to trust the integrity of the content regardless of its most recent origin. • As patient-mediated EHI becomes more prevalent, maintaining the chain of trust via this digital signature will be instrumental in patient-provided health information exchange. |
||||||||||||||||||||||||||||||||||||||||
|
Submitted by gldickinson on
Please add/update reference to HL7 FHIR Record Lifecycle Event Implementation Guide, published December 2023: http://hl7.org/fhir/uv/ehrs-rle/Informative1/
Submitted by LisaRNelson on
In 2018, MaxMD implemented digital signature for CDA documents based on the HL7 Implementation Guide for CDA® Release 2: Digital Signatures and Delegation of Rights, Release 1. We have demonstrated this capability at multiple C-CDA Implementation-A-Thons and FHIR Connectathons. We believe the reason more implementers have not offered digitally signed CDAs is that ONC has not yet required C-CDA documents to be digitally signed. Many issues and questions about data provenance would be addressed by requiring the use of digitally signed documents.
The image A. (below) shows what the HL7 CDA stylesheet renders when a CDA document has been digitally signed. In this example, Yan Wang digitally signed the document on October 17, 2019 at 8:02:27 am in Central time. MaxMD offers a digital document signature service that can be used to digitally sign a CDA document as either an authenticator or as the legal authenticator. Image B. (below) shows a MaxMD verification service that detects if the document has be altered after it was digitally signed. This verification service is offered as a standalone service and it is included in MaxMD's CDA validation service which organizations use to "dial in" their specific rubric rules to ensure a CDA document contains the information it needs to be fit for purpose.
Image A. - A special seal is rendered when a CDA document has been digitally signed and details from the digital signature appear when you hover over the seal. The stylesheet renders the seal which shows the document has been digitally signed and thus has the potential to be verified to determine if the document has been altered subsequent to being digitally signed.
Image B. - MaxMD's digital signature verification service determines if a document has been altered after it was digitally signed or not. The green verification seal confirms this document has not been altered following it being digitally signed by Yan Wang on 6/11/2019. If even one single bit had changed, the verification seal would have appeared in red and it would have indicated the C-CDA digest was invalid. This is a certificate backed process with high trust for the identity of the person associated with the signing certificate. Needing the trustworthiness of digitally signed CDA documents is a common requirement in many use cases. The HL7 standard for defining how to digitally sign CDA documents is mature and services to deliver this capability are commercially available. This is a proven, standardized capability that would be very beneficial for driving improvements in data provenance.
Submitted by KarenP-SSA on
Since creating our submission, we have discovered that digital signature is indeed implemented for CDA documents. Applying digital signatures to FHIR resources (and bundles of FHIR resources) requires maturation, however implementation patterns for CDA digital signatures are well established.
Submitted by yale-coredQMRoadmap on
CMS-CCSQ Support for Signature: adv. from Level 0 to Level 1
CMS-CCSQ supports the PACIO Project’s recommendation of the advancement of the Signature data element from Level 0 to Level 1. This data element represents necessary metadata around documents to validate and accurately understand the information that is gathered from numerous sources.