Not all e-signatures created equal
HIM Connection, January 13, 2006
Want to receive articles like this one in your inbox? Subscribe to HIM Connection!
The proposed HIPAA security rule originally included a standard for electronic signatures--but CMS later removed it in the final rule, even though healthcare organizations may already use e-signatures for electronic documentation that requires a signature (e.g., patient records, physician notes, and dictaphone transcriptions). Many pharmacies already use e-scribing--a form of e-signature--for prescriptions, too.
We will see an e-signature rule at some point, but probably later rather than sooner, says Rebecca Herold, information privacy, security, and compliance consultant, author, and instructor in Van Meter, IA. "But the real challenge right now is defining electronic signatures." A clear definition is what providers need to move forward with e-signatures, she says.
The proposed security rule referred to the use of an e-signature as "the act of attaching a signature by electronic means" and states that the e-signature process involves
- authentication of the signer's identity
- a signature process according to system design and software instructions
- binding of the signature to the document
- nonalterability after the signature has been affixed to the document
There are several types of e-signatures, according to Herold, including
- a simple, electronic image of a person's signature.
- a digital signature--a more complex, technology-specific electronic signature that uses a level of authentication to verify that the person sending the information actually owns the signature. This type of signature is similar to a public key infrastructure and uses the exchange of keys (i.e., digital certificates and encryption algorithms) for authentication.
- the "click here if you agree" section of online click-through forms.
It's important not to confuse the different signatures because all e-signatures don't necessarily have the same level of authentication, adds Englewood, CO-based information technology (IT) consultant Edward B. Tinker, SSCP. "And it's important to know that the person who owns the signature and not his or her assistant is the one sending you the information."
Want to receive articles like this one in your inbox? Subscribe to HIM Connection!
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- HIPAA Q&A: Level of encryption needed for email
- What does case-mix index mean to you?
- Identify potential Medicaid RAC target areas
- QA:Coding multiple initial infusions
- OB services: Coding inside and outside of the package
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- CMS has reformulated payments for some bilateral procedures
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- What does case-mix index mean to you?
- ED-to-inpatient transfers are flawed with safety gaps
- Searched