Submitted by KarenP-SSA on 2020-12-08
Submission UpdateSince creating our submission, we have discovered that digital signature is indeed implemented for CDA documents. Applying digital signatures to FHIR resources (and bundles of FHIR resources) requires maturation, however implementation patterns for CDA digital signatures are well established.
- Digitally signed CDA documents are in production now, and the implementation pattern is mature.
- A digitally signed document was included in the C-CDA R2.1 Companion Guide R2, which is referenced by the ONC Cures Act regulations. The currently released CDA R2.0 stylesheet, which is freely available from HL7 and utilized as the basis for numerous organizations to render CDA documents, already supports rendering valid and invalid digital signature certificates.
- Adding digital signature to the Provenance data class will provide implementers with a roadmap anchored by the ability to use digital signatures for CDA now (including the ability to send digitally signed CDAs inside a FHIR resource). This experience should accelerate the maturation of thinking about FHIR digital signatures.
Submitted by LisaRNelson on 2020-12-31
Maturity of digital signatures for CDA documents
In 2018, MaxMD implemented digital signature for CDA documents based on the HL7 Implementation Guide for CDA® Release 2: Digital Signatures and Delegation of Rights, Release 1. We have demonstrated this capability at multiple C-CDA Implementation-A-Thons and FHIR Connectathons. We believe the reason more implementers have not offered digitally signed CDAs is that ONC has not yet required C-CDA documents to be digitally signed. Many issues and questions about data provenance would be addressed by requiring the use of digitally signed documents.
The image A. (below) shows what the HL7 CDA stylesheet renders when a CDA document has been digitally signed. In this example, Yan Wang digitally signed the document on October 17, 2019 at 8:02:27 am in Central time. MaxMD offers a digital document signature service that can be used to digitally sign a CDA document as either an authenticator or as the legal authenticator. Image B. (below) shows a MaxMD verification service that detects if the document has be altered after it was digitally signed. This verification service is offered as a standalone service and it is included in MaxMD's CDA validation service which organizations use to "dial in" their specific rubric rules to ensure a CDA document contains the information it needs to be fit for purpose.
Image A. - A special seal is rendered when a CDA document has been digitally signed and details from the digital signature appear when you hover over the seal. The stylesheet renders the seal which shows the document has been digitally signed and thus has the potential to be verified to determine if the document has been altered subsequent to being digitally signed.
Image B. - MaxMD's digital signature verification service determines if a document has been altered after it was digitally signed or not. The green verification seal confirms this document has not been altered following it being digitally signed by Yan Wang on 6/11/2019. If even one single bit had changed, the verification seal would have appeared in red and it would have indicated the C-CDA digest was invalid. This is a certificate backed process with high trust for the identity of the person associated with the signing certificate. Needing the trustworthiness of digitally signed CDA documents is a common requirement in many use cases. The HL7 standard for defining how to digitally sign CDA documents is mature and services to deliver this capability are commercially available. This is a proven, standardized capability that would be very beneficial for driving improvements in data provenance.