2007/12/05

HIPAA Electronic Signatures

Introduction to HIPAA Electronic Signatures

An electronic signature under HIPAA means the attribute affixed to an electronic document to bind it to a particular party. HIPAA electronic signature secures the user authentication (proof of claimed identity) at the time the signature is generated; creates the logical manifestation of signature (including the possibility for multiple parties to sign a document and have the order of application recognized and proven); supplies additional information such as time stamp and signature purpose specific to that user; and ensures the integrity of the signed document to enable transportability of data, interoperability, independent verifiability, and continuity of signature capability. Verifying HIPAA electronic signature on a document verifies the integrity of the document and associated attributes and verifies the identity of the signer.

Requirements to HIPAA Electronic Signatures

Electronic signature. If electronic signature is employed, the following three implementation features must be implemented: Message integrity, Non-repudiation, User authentication. Other implementation features of HIPAA electronic signature are optional. No specific technology is mandated by HIPAA, and it also appears to be technology neutral.

HIPAA Electronic Signatures Implementation

Ability to add attributes.
Continuity of signature capability.
Counter signatures.
Independent verifiability.
Interoperability.
Message integrity.
Multiple Signatures.
Non-repudiation.
Transportability.
User authentication.