Signature

The metadata, or extra information about data, regarding who created the data and when it was created.

Data Element

Signature

Description

(Per https://www.hl7.org/fhir/provenance.html): “Provenance.signature: A digital signature on the target Reference(s). The digital signature, inclusive of a hash on the resource being signed (Provenance.signature.type = 1.2.840.10065.1.12.1.14), will ensure that the integrity of the particular electronic health information (EHI) is maintained and not altered in any way. This allows recipients of this EHI to trust the integrity of the content regardless of its most recent origin. • As patient-mediated EHI becomes more prevalent, maintaining the chain of trust via this digital signature will be instrumental in patient-provided health information exchange.

Submitted By: KarenP-SSA / Social Security Administration (SSA)
Data Element Information
Use Case Description(s)
Use Case Description	SSA’s disability determination process requires the review of detailed medical records of disability applicants. Due to the COVID-19 pandemic, SSA field offices are closed. This prevents disability applicants from submitting paper medical records they hold to those field offices. An alternative would be submitting this information to SSA electronically. A matter of convenience that would be used by few in normal times, the demand for this submission channel has mushroomed during the pandemic. However, SSA cannot accept electronic medical records submitted by applicants because the integrity of those records cannot be verified without knowing the author and without (cryptographic) digital signatures of the content. Adding the Signature element to Provenance would provide content integrity verification and resolve this blocker for SSA disability applicants.
Estimate the breadth of applicability of the use case(s) for this data element	3 million disability applicant (patients) interact with SSA annually, involving 15-20 million medical records from almost 500,000 providers.
Link to use case project page	https://github.com/SSAgov/HealthIT
Use Case Description	As consumer-directed health information exchange becomes more prevalent, verifying the integrity of patient-supplied medical information will become an imperative. When EHI obtained by a patient that is digitally signed is provided to a third party along with the chain of trust from its origin, that third party can have confidence in the integrity of that EHI. Consumer apps facilitating the submission of sports physicals and immunization record to schools are inevitable—as are apps driving patient-driven care coordination. Consumers will demand this access to their data, and providers receiving that data will need to know it is unaltered.
Estimate the breadth of applicability of the use case(s) for this data element	Health records are exchanged between millions of providers (and, increasingly, payers) through dozens of health information exchanges (HIEs) in support of millions of patients every year.
Healthcare Aims	Improving patient experience of care (quality and/or satisfaction) Improving the health of populations Reducing the cost of care Improving provider experience of care
Maturity of Use and Technical Specifications for Data Element
Applicable Standard(s)	HL7 FHIR R4 (v4.01: R4 – Mixed Normative and STU) https://www.hl7.org/fhir/provenance-definitions.html
Additional Specifications	FHIR Provenance Resource (v4.0.1) (https://www.hl7.org/fhir/provenance.html) 6.3.4.3 Signatures The Provenance resource includes a signature element (digital signature) which can be used for standards based integrity verification and non-repudiation purposes. The Signature datatype provides details on use of the signature element. The Signature.type coded value of "Source" should be used when the signature is for simply proving that the resource content is the same as it was when the resource was updated or created. Also: https://www.hl7.org/fhir/datatypes.html#Signature (2.24.0.17) • Both XML and JSON cryptographic signatures are supported. For Author: In FHIR, (https://www.hl7.org/fhir/provenance.html): This would likely be “Provenance.agent.who” Basic Provenance Informative Implementation Guide (for C-CDA Author Participation) (https://confluence.hl7.org/display/SEC/Basic+Provenance+Implementation+Guide?preview=/40740218/55940686/20190719_HL7_Basic_Provenance_Security_Posting.docx) does not mention signatures, but signatures are described as a CDA extension in HL7 Implementation Guide for CDA® Release 2: Digital Signatures and Delegation of Rights (http://www.hl7.org/documentcenter/public/standards/dstu/CDAR2_IG_DIGITALSIG_R1_DSTU_2014OCT.pdf) document. Author is a data element originally proposed by ONC for inclusion in UCSDI for Provenance. • Specifications or IG updates may be required to align C-CDA to FHIR.
Current Use	Not currently captured or accessed with an organization
Extent of exchange	N/A
Potential Challenges
Restrictions on Standardization (e.g. proprietary code)	None
Restrictions on Use (e.g. licensing, user fees)	None
Privacy and Security Concerns	Using these data elements will reduce privacy and security concerns about the EHI being exchanged.
Estimate of Overall Burden	Author information should be readily available to implementers already populating Provenance data elements. Although Cryptographic signatures of content (“hashing”) is not widely practiced, the methodology for doing this is straightforward (and specified in detailed in the above-reference FHIR Provenance IG). Implementation should not require more than two two-week sprints.
Other Implementation Challenges	None

Comment

Submitted by rdillaire on 2025-05-12

CMS-CCSQ Recommends the advancement of Signature to Lv1

Recommendation: CMS CCSQ recommends the Signature and Purpose of Capture elements be advanced to Level 1.

Rationale: Vocabulary and functional standards are not sufficiently advanced to merit inclusion in USCDI v6, but merit elevation to Level 1 to advance further discussion and consideration in the future. Signature is required as part of the MDS, IRF-PAI, LCDS, and Hospice Item Set (HIS) assessments. We emphasize the importance of capturing Signature as an individual data element when it is not already exchanged or captured as part of another data element, such as a document, note, or order.

The following LOINC codes can be leveraged to support this data element:
i. 85814-2 (IRF-PAI Signature of persons completing the assessment).
ii. 85647-6 (Signature of person collecting or coordinating collection of assessment information Provider).
iii. 85648-4 (Signature of persons completing the assessment).
iv. 70127-6 (Signature verifying assessment completion).

Submitted by yale-coredQMRoadmap on 2023-09-19

CMS-CCSQ Support for Signature: adv. from Level 0 to Level 1

CMS-CCSQ supports the PACIO Project’s recommendation of the advancement of the Signature data element from Level 0 to Level 1. This data element represents necessary metadata around documents to validate and accurately understand the information that is gathered from numerous sources.

Submitted by gldickinson on 2023-08-07

HL7 FHIR Record Lifecycle Event Implementation Guide

Please add/update reference to HL7 FHIR Record Lifecycle Event Implementation Guide, published December 2023: http://hl7.org/fhir/uv/ehrs-rle/Informative1/

Submitted by LisaRNelson on 2020-12-31

Maturity of digital signatures for CDA documents

In 2018, MaxMD implemented digital signature for CDA documents based on the HL7 Implementation Guide for CDA® Release 2: Digital Signatures and Delegation of Rights, Release 1. We have demonstrated this capability at multiple C-CDA Implementation-A-Thons and FHIR Connectathons. We believe the reason more implementers have not offered digitally signed CDAs is that ONC has not yet required C-CDA documents to be digitally signed. Many issues and questions about data provenance would be addressed by requiring the use of digitally signed documents.

The image A. (below) shows what the HL7 CDA stylesheet renders when a CDA document has been digitally signed. In this example, Yan Wang digitally signed the document on October 17, 2019 at 8:02:27 am in Central time. MaxMD offers a digital document signature service that can be used to digitally sign a CDA document as either an authenticator or as the legal authenticator. Image B. (below) shows a MaxMD verification service that detects if the document has be altered after it was digitally signed. This verification service is offered as a standalone service and it is included in MaxMD's CDA validation service which organizations use to "dial in" their specific rubric rules to ensure a CDA document contains the information it needs to be fit for purpose.

Image A. - A special seal is rendered when a CDA document has been digitally signed and details from the digital signature appear when you hover over the seal. The stylesheet renders the seal which shows the document has been digitally signed and thus has the potential to be verified to determine if the document has been altered subsequent to being digitally signed.

MaxMD Digital Signature

Image B. - MaxMD's digital signature verification service determines if a document has been altered after it was digitally signed or not. The green verification seal confirms this document has not been altered following it being digitally signed by Yan Wang on 6/11/2019. If even one single bit had changed, the verification seal would have appeared in red and it would have indicated the C-CDA digest was invalid. This is a certificate backed process with high trust for the identity of the person associated with the signing certificate. Needing the trustworthiness of digitally signed CDA documents is a common requirement in many use cases. The HL7 standard for defining how to digitally sign CDA documents is mature and services to deliver this capability are commercially available. This is a proven, standardized capability that would be very beneficial for driving improvements in data provenance.

MaxMD Digital Signature Validation Service

Submitted by KarenP-SSA on 2020-12-08

Submission Update

Since creating our submission, we have discovered that digital signature is indeed implemented for CDA documents. Applying digital signatures to FHIR resources (and bundles of FHIR resources) requires maturation, however implementation patterns for CDA digital signatures are well established.

Digitally signed CDA documents are in production now, and the implementation pattern is mature.
A digitally signed document was included in the C-CDA R2.1 Companion Guide R2, which is referenced by the ONC Cures Act regulations. The currently released CDA R2.0 stylesheet, which is freely available from HL7 and utilized as the basis for numerous organizations to render CDA documents, already supports rendering valid and invalid digital signature certificates.
Adding digital signature to the Provenance data class will provide implementers with a roadmap anchored by the ability to use digital signatures for CDA now (including the ability to send digitally signed CDAs inside a FHIR resource). This experience should accelerate the maturation of thinking about FHIR digital signatures.