Methods Inf Med 2002; 41(04): 321-330
DOI: 10.1055/s-0038-1634389
Original article
Schattauer GmbH

Electronic Signature for Medical Documents – Integration and Evaluation of a Public Key Infrastructure in Hospitals

R. Brandner
1   Department of Medical Informatics, University of Heidelberg, Germany
,
M. van der Haak
1   Department of Medical Informatics, University of Heidelberg, Germany
,
M. Hartmann
2   Department of Dermatology, Heidelberg University Medical Center, Germany
,
R. Haux
1   Department of Medical Informatics, University of Heidelberg, Germany
,
P. Schmücker
1   Department of Medical Informatics, University of Heidelberg, Germany
› Author Affiliations
Further Information

Publication History

Received 24 October 2001

Accepted 30 January 2002

Publication Date:
07 February 2018 (online)

Summary

Objectives: Our objectives were to determine the user-oriented and legal requirements for a Public Key Infrastructure (PKI) for electronic signatures for medical documents, and to translate these requirements into a general model for a signature system. A prototype of this model was then implemented and evaluated in clinical routine use.

Methods: Analyses of documents, processes, interviews, observations, and of the available literature supplied the foundations for the development of the signature system model. Eight participants of the Department of Dermatology of the Heidelberg University Medical Center evaluated the implemented prototype from December 2000 to January 2001, during the course of an intervention study. By means of questionnaires, interviews, observations and database analyses, the usefulness and user acceptance of the electronic signature and its integration into electronic discharge letters were established.

Results: Since the major part of medical documents generated in a hospital are signature-relevant, they will require electronic signatures in the future. A PKI must meet the multitude of responsibilities and security needs required in a hospital. Also, the signature functionality must be integrated directly into the workflow surrounding document creation. A developed signature model, fulfilling user-oriented and legal requirements, was implemented using hard and software components that conform to the German Signature Law. It was integrated into the existing hospital information system of the Heidelberg University Medical Center. At the end of the intervention study, the average acceptance scores achieved were x = 3,90; sD = 0,42 on a scale of 1 (very negative attitude) to 5 (very positive attitude) for the electronic signature procedure. Acceptance of the integration into computer-supported discharge letter writing reached x = 3,91; sD = 0,47. On average, the discharge letters were completed 7.18 days earlier.

Conclusion: The electronic signature is indispensable for the further development of electronic patient records. Application-independent hard and software components, in accordance with the signature law, must be integrated into electronic patient records, and provided to certification services using standardized interfaces. Signature-oriented workflow and document management components are essential for user acceptance in routine clinical use.

 
  • References

  • 1 van Bemmel JH. Toward a Virtual Electronic Patient Record. MD Comput 1999; 16 (Suppl. 06) 20-1.
  • 2 Smith E, Eloff JH. Security in health-care information systems – current trends. Int J Med Inf 1999; 54 (Suppl. 01) 39-54.
  • 3 Blobel B. The European Trust Health Project experiences with implementing a security infrastructure. Int J Med Inf 2000; 60 (Suppl. 02) 193-201.
  • 4 Dujat C, Haux R, Schmücker P, Winter A. Digital Optical Archiving of Medical Records in Hospital Information Systems – A Practical Approach Towards the Computer-based Patient Record?. Methods Inf Med 1995; 34 (Suppl. 05) 489-97.
  • 5 Safran C, Goldberg H. Electronic patient records and the impact of the Internet. Int J Med Inf 2000; 60 (Suppl. 02) 77-83.
  • 6 Epstein MA, Pasieka MS, Lord WP, Wong STC, Mankovich NJ. Security for the Digital Information Age of Medicine: Issues, Applications, and Implementation. J Digit Imaging 1998; 11 (Suppl. 01) 33-4.
  • 7 van Dyk J. Public Key Infrastructure – Securing the Exchange of Health Information. MD Comput 2000; 17 (Suppl. 05) 44-6.
  • 8 Diffie W, Hellmann ME. New Directions in Cryptography. IEEE Trans Inf Theory 1976; 22 (Suppl. 06) 644-54.
  • 9 ISO 7498-2. Information processing systems – Open Systems Interconnection – Basic Reference Model – Part 2: Security Architecture. International Organization for Standardization JTC 1. 1989
  • 10 SigG 1997. Federal Act Establishing the General Conditions for Information and Communication Services – Information and Communication Services Act – Article 3 Digital Signature Act. Bundesgesetzblatt Teil I 52: 1872-6.
  • 11 SigR 2000. Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures. Official Journal of the European Communities. L13: 12-20.
  • 12 Anderson JG, Aydin CE, Jay SJ. Evaluating Health Care Information Systems: Methods and Application. Thousand Oaks (California): Sage Publications; 1994
  • 13 O’Brien DG, Yasnoff WA. Privacy, Confidentiality, and Security in Information Systems of State Health Agencies. Am J Prev Med 1999; 16 (Suppl. 04) 351-8.
  • 14 Secude. Security Development Environment for Open Systems. Darmstadt: Secude Sicherheitstechnologie Informationssysteme GmbH; 1997
  • 15 Boy O, Ohmann C, Aust B, Eich HP, Koller M, Knode O. et al. Systematische Evaluierung der Anwenderzufriedenheit mit einem Krankenhausinformationssystem – Erste Ergebnisse. In: Hasman A. eds. Medical Infobahn for Europe – Proceedings of MIE2000 and GMDS2000. Amsterdam: IOS Press; 2000: 518-22.
  • 16 Pruemper J. Software-Evaluation Based upon ISO 9241 Part 10. Lect Notes Comput Sc 1993; 733: 255.
  • 17 SigG 2001. Law Governing Framework Conditions for Electronic Signatures and Amending Other Regulations. Bundesgesetzblatt Teil I. 22: 876-84.
  • 18 ENV 13729. Health informatics – Secure user identification for healthcare strong authentication using microprocessor cards. European Committee for Standardization TC 251. 1999
  • 19 HPC-D v. 1.1. German Health Professional Card – Spezification Physician Version 1.1. Gemeinsame AG der Kassenärztlichen Bundesvereinigung und der Bundesärztekammer. 1999
  • 20 Rivest R, Shamir A, Adleman L. A method for obtaining digital signatures and public key cryptosystems. Commun ACM 1978; 21: 2.
  • 21 ISO/IEC 14888-3. Information technology – Security techniques – Digital signatures with appendix – Part 3: Certificate-based mechanisms. International Organization for Standardization JTC 1/SC 27. 1999
  • 22 ISO/IEC 10118-3. Information technology – Security techniques – Hash-functions – Part 3: Dedicated hash-functions. International Organization for Standardization JTC 1/SC 27. 1998
  • 23 NIST FIPS Publication 180-1. Secure Hash Standard (SHS-1). National Institute of Standards and Technology; 1995
  • 24 PKCS#7. Cryptographic Message Syntax Standard. Public Key Cryptography Standards. RSA Laboratories.; 1993
  • 25 RFC 2251. Lightweight Directory Access Protocol (v3). Network Working Group.; 1997
  • 26 RFC 2560. Online Certificate Status Protocol – OCSP. X.509 Internet Public Key Infrastructure. Network Working Group.; 1999
  • 27 XML Signature. Syntax and Processing W3C Candidate Recommendation 19-April-2001. World Wide Web Consortium.; 2001
  • 28 DICOM Supplement 41. Digital Imaging and Communications in Medicine (DICOM) Digital Signatures. NEMA Standards Publication PS 3. National Electric Manufacturers Association; 2001
  • 29 Winter A, Haux R. A Three Level graph-based Model for Management of Computer-Supported Hospital Information Systems. Methods Inf Med 1995; 34 (Suppl. 04) 378-96.