Go to the Main Laws page

DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS)

HHS is the United States government's principal agency for protecting the health of all Americans and providing essential human services. It administers more grant dollars than all other federal agencies combined. HHS' Medicare program is the nation's largest health insurer, handling more than 1 billion claims per year. Medicare and Medicaid together provide health care insurance for one in four Americans.

"Electronic Signature Guidance" Memo posted 09/09/2004 (Ref: S&C-04-46) - The purpose of this memorandum is to provide guidance to Regional Office (RO) and State
Agency (SA) personnel regarding the use of electronic signatures by certified long-term care providers who have the capability to implement electronic signatures for their clinical records.

Decision
Nursing homes may use electronic signatures in a clinical record including the MDS when permitted to do so by state and local law and when this is authorized by the long-term care facility’s policy. As noted above, the guidance language found in Appendix PP, tag 515, Clinical records currently reflects the use of electronic signatures in the clinical record. Facilities must have written policies in place to ensure that they have proper security measures to protect from the use of an electronic signature by anyone other than to which the electronic signature belongs. The policy must also ensure that access to clinical records is made available to surveyors and others who are authorized by law.

"Electronic Signature Guidance - Clarification" posted on 01/13/2005 - The intent of this clarification is to inform certified long-term care providers who have the capability to implement electronic signatures for their MDS documentation that they may do so whether or not the clinical record is entirely electronic.

 

PUBLIC LAW 104-191 - HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996

To amend the Internal Revenue Code of 1986 to improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery, to promote the use of medical savings accounts, to improve access to long-term care services and coverage, to simplify the administration of health insurance, and for other purposes. (online here)

"SEC. 1173.

(a) STANDARDS TO ENABLE ELECTRONIC EXCHANGE.--

"(1) IN GENERAL.--The Secretary shall adopt standards for transactions, and data elements for such transactions, to enable health information to be exchanged electronically, that are appropriate for--

"(A) the financial and administrative transactions described in paragraph (2); and

"(B) other financial and administrative transactions determined appropriate by the Secretary, consistent with the goals of improving the operation of the health care system and reducing administrative costs.

"(2) TRANSACTIONS.--The transactions referred to in paragraph (1)(A) are transactions with respect to the following:

"(A) Health claims or equivalent encounter information.

"(B) Health claims attachments.

"(C) Enrollment and disenrollment in a health plan.

"(D) Eligibility for a health plan.

"(E) Health care payment and remittance advice.

"(F) Health plan premium payments.

"(G) First report of injury.

"(H) Health claim status.

"(I) Referral certification and authorization.

"(3) ACCOMMODATION OF SPECIFIC PROVIDERS.--The standards adopted by the Secretary under paragraph (1) shall accommodate the needs of different types of health care providers.

(e) ELECTRONIC SIGNATURE.--

"(1) STANDARDS.--The Secretary, in coordination with the Secretary of Commerce, shall adopt standards specifying procedures for the electronic transmission and authentication of signatures with respect to the transactions referred to in subsection (a)(1).

"(2) EFFECT OF COMPLIANCE.--Compliance with the standards adopted under paragraph (1) shall be deemed to satisfy Federal and State statutory requirements for written signatures with respect to the transactions referred to in subsection (a)(1).

Additional information on HIPAA compliant electronic signatures.

 

CENTERS FOR MEDICARE & MEDICAID SERVICES (CMS)

CMS, an agency within the HHS, administers the Medicare and Medicaid programs, which provide health care to about one in every four Americans. Medicare provides health insurance for more than 42.1 million elderly and disabled Americans. Medicaid, a joint federal-state program, provides health coverage for some 44.7 million low-income persons, including 21.9 million children, and nursing home coverage for low-income elderly. CMS also the State Children's Health Insurance Program that covers more than 4.2 million children. Established as the Health Care Financing Administration: 1977.

42 CFR 493 LABORATORY REQUIREMENTS

§ 493.1273 Standard: Histopathology.

(d) Tissue pathology reports must be signed by an individual qualified as specified in paragraph (b) or, as appropriate, paragraph (c) of this section. If a computer report is generated with an electronic signature, it must be authorized by the individual who performed the examination and made the diagnosis.

(e) Slide examination and reporting. The laboratory must establish and follow written policies and procedures that ensure the following:

(e)(D)(iii)(2) The report of gynecologic slide preparations with conditions specified in paragraph (e)(1) of this section must be signed to reflect the technical supervisory review or, if a computer report is generated with signature, it must reflect an electronic signature authorized by the technical supervisor who performed the review.

(e)(D)(iii)(3) All nongynecologic preparations are reviewed by a technical supervisor. The report must be signed to reflect technical supervisory review or, if a computer report is generated with signature, it must reflect an electronic signature authorized by the technical supervisor who performed the review.

These are definitions of authentication and identification of the signatory. These concepts go hand in hand. The stronger your authentication methods are, the less risk you have regarding non-repudiation. It is best to authenticate the user yourself. After all it is your client or business partner you are signing the file with and you know if Steve is Steve, or if he is really someone else.

Misrepresentation is not exclusive to the electronic world, as a person could walk into your office and sign a document, claiming to be someone they are not. This requires businesses to establish authentication based on things they know. A business is really seeking a way to make the signature capturing process an extension of their current business process.

By issuing the appropriate licenses directly to your client, as opposed to using third party vendor verification, you can help to strengthen your case against repudiation. One assumes you know your client or business partner and therefore your authentication of their identity through a recognized email address, phone number and IP address is inherently more compelling than a third party vendor verification that you have never seen. This process will save you time and money over other options on the market when it is time to prove who signed what.