Health and Human Services (HHS) Guidelines for Electronic Signatures
DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS)
HHS is the United States government's principal agency for protecting
the health of all Americans and providing essential human services. It
administers more grant dollars than all other federal agencies
combined. HHS' Medicare program is the nation's largest health insurer,
handling more than 1 billion claims per year. Medicare and Medicaid
together provide health care insurance for one in four Americans.
"Electronic Signature Guidance" Memo posted 09/09/2004 (Ref: S&C-04-46) - The purpose of this memorandum is to provide guidance to Regional Office (RO) and State
(SA) personnel regarding the use of electronic signatures by certified
long-term care providers who have the capability to implement
electronic signatures for their clinical records.
Nursing homes may use electronic signatures in a clinical record
including the MDS when permitted to do so by state and local law and
when this is authorized by the long-term care facility’s policy. As
noted above, the guidance language found in Appendix PP, tag 515,
Clinical records currently reflects the use of electronic signatures in
the clinical record. Facilities must have written policies in place to
ensure that they have proper security measures to protect from the use
of an electronic signature by anyone other than to which the electronic
signature belongs. The policy must also ensure that access to clinical
records is made available to surveyors and others who are authorized by
"Electronic Signature Guidance - Clarification" posted on 01/13/2005 - The intent of this clarification is to inform certified long-term care providers who have the capability to implement electronic signatures for their MDS documentation that they may do so whether or not the clinical record is entirely electronic.
PUBLIC LAW 104-191 - HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996
To amend the Internal Revenue Code of 1986 to improve
portability and continuity of health insurance coverage in the group
and individual markets, to combat waste, fraud, and abuse in health
insurance and health care delivery, to promote the use of medical
savings accounts, to improve access to long-term care services and
coverage, to simplify the administration of health insurance, and for
other purposes. (online here)
(a) STANDARDS TO ENABLE ELECTRONIC EXCHANGE.--
"(1) IN GENERAL.--The Secretary shall adopt standards for
transactions, and data elements for such transactions, to enable health
information to be exchanged electronically, that are appropriate for--
"(A) the financial and administrative transactions described in paragraph (2); and
"(B) other financial and administrative transactions
determined appropriate by the Secretary, consistent with the goals of
improving the operation of the health care system and reducing
"(2) TRANSACTIONS.--The transactions referred to in paragraph (1)(A) are transactions with respect to the following:
"(A) Health claims or equivalent encounter information.
"(B) Health claims attachments.
"(C) Enrollment and disenrollment in a health plan.
"(D) Eligibility for a health plan.
"(E) Health care payment and remittance advice.
"(F) Health plan premium payments.
"(G) First report of injury.
"(H) Health claim status.
"(I) Referral certification and authorization.
"(3) ACCOMMODATION OF SPECIFIC PROVIDERS.--The standards
adopted by the Secretary under paragraph (1) shall accommodate the
needs of different types of health care providers.
(e) ELECTRONIC SIGNATURE.--
"(1) STANDARDS.--The Secretary, in coordination with the
Secretary of Commerce, shall adopt standards specifying procedures for
the electronic transmission and authentication of signatures with
respect to the transactions referred to in subsection (a)(1).
"(2) EFFECT OF COMPLIANCE.--Compliance with the standards
adopted under paragraph (1) shall be deemed to satisfy Federal and
State statutory requirements for written signatures with respect to the
transactions referred to in subsection (a)(1).
Additional information on HIPAA compliant electronic signatures.
CENTERS FOR MEDICARE & MEDICAID SERVICES (CMS)
CMS, an agency within the HHS, administers the Medicare and Medicaid
programs, which provide health care to about one in every four
Americans. Medicare provides health insurance for more than 42.1
million elderly and disabled Americans. Medicaid, a joint federal-state
program, provides health coverage for some 44.7 million low-income
persons, including 21.9 million children, and nursing home coverage for
low-income elderly. CMS also the State Children's Health Insurance
Program that covers more than 4.2 million children. Established as the
Health Care Financing Administration: 1977.
42 CFR 493 LABORATORY REQUIREMENTS
§ 493.1273 Standard: Histopathology.
(d) Tissue pathology reports must be signed by an individual
qualified as specified in paragraph (b) or, as appropriate, paragraph
(c) of this section. If a computer report is generated with an electronic signature, it must be authorized by the individual who performed the examination and made the diagnosis.
(e) Slide examination and reporting. The laboratory must
establish and follow written policies and procedures that ensure the
(e)(D)(iii)(2) The report of gynecologic slide preparations
with conditions specified in paragraph (e)(1) of this section must be
signed to reflect the technical supervisory review or, if a computer
report is generated with signature, it must reflect an electronic signature authorized by the technical supervisor who performed the review.
(e)(D)(iii)(3) All nongynecologic preparations are reviewed
by a technical supervisor. The report must be signed to reflect
technical supervisory review or, if a computer report is generated with
signature, it must reflect an electronic signature authorized by the technical supervisor who performed the review.
These are definitions of authentication and identification of the
signatory. These concepts go hand in hand. The stronger your
authentication methods are, the less risk you have regarding
non-repudiation. It is best to authenticate the user yourself. After
all it is your client or business partner you are signing the file with
and you know if Steve is Steve, or if he is really someone else.
Misrepresentation is not exclusive to the electronic world, as a
person could walk into your office and sign a document, claiming to be
someone they are not. This requires businesses to establish
authentication based on things they know. A business is really seeking
a way to make the signature capturing process an extension of their
current business process.
By issuing the appropriate licenses directly to your client, as
opposed to using third party vendor verification, you can help to
strengthen your case against repudiation. One assumes you know your
client or business partner and therefore your authentication of their
identity through a recognized email address, phone number and IP
address is inherently more compelling than a third party vendor
verification that you have never seen. This process will save you time
and money over other options on the market when it is time to prove who