Policy and Procedure Template - CCAHN



|Tehachapi Valley Healthcare District | |

| | |

| | |

|POLICY: Electronic Signature, Attestation and Authorship |POLICY NUMBER: 111.805 |

| |Original/Rewrite Approved: |

| |05/24/2011 |

|Originating Dept: Medical Records | |

|Applies to Depts: MR Dept, Medical Staff/Allied Health, Nursing, Ancillary, Human Resources, Information | |

|Technology | |

Purpose

To establish a foundation for technical and human interaction policy and procedure decisions to guide legal and compliant electronic signature processes. To improve signature legibility, facilitate the use of electronic signatures for health records generated during healthcare operations, validate information accuracy and completeness, verify the identification and appropriateness of electronic health record authors, and support nonrepudiation.)

Scope: Electronic signature, attestation, and authorship are referred to in this document as e-signature. Individuals authorized to affix an electronic signature to medical record documentation shall be limited to individuals with defined privileges to document in the medical record, such as treating physicians, other clinicians, ancillary healthcare staff, and clinical residents and students.

Policy: Electronic signature is used for health records as a means of attestation of electronic health record entries, transcribed documents, and computer-generated documents. Properly executed electronic signatures are considered legally binding as a means to identify the author of health record entries, confirm content accuracy and completeness as intended by the author, and to ensure e-signature integrity is maintained for the life of the electronic health record.

It is the policy of the Tehachapi Valley Healthcare District to accept electronic signatures as defined within this policy for author validation of documentation, content accuracy and completeness with all the associated ethical, business, and legal implications. This process operates within a secured infrastructure, ensuring integrity of process and minimizing risk of unauthorized activity in the design, use, and access of the electronic health record.

Definitions

Attestation: the act of applying an electronic signature to the content, showing authorship and legal responsibility for a particular unit of information.

Authentication: the security process of verifying a user’s identity with the system that authorizes the individual to access the system (i.e., the sign-on process). Authentication shows authorship and assigns responsibility for an act, event, condition, opinion, or diagnosis.

Authorship: attributing the origination or creation of a particular unit of information to a specific individual or entity acting at a particular time.

Electronic signature: a generic, technology-neutral term for the various ways that an electronic record can be signed, including a digitized image of a signature, a name typed at the end of an e-mail message by the sender, a biometric identifier, a secret code or PIN, or a digital signature.

Policy

The policy defines the components and elements that make up the healthcare organization’s approved approach to e-signature.

1. Electronic Signature Authentication

a. Types of E-Signatures

The policy delineates the types of e-signature functionality acceptable for use in TVHD and the method of organization approval of each type prior to initial use.

A properly executed electronic process signifying an approval of an entry or document content presented in electronic format may encompass a broad gamut of technologies and metho-dologies, ranging from an “I agree” button in a click-through agreement, to an electronic tablet that accepts a handwritten digitized signature, to a digital signature cryptographically tied to a digital ID or certificate.

An electronic signature approach or proposed software design is formally approved by the IT Director prior to first use, and with participation of the medical record committee or an EHR governance committee as needed. A written proposal accompanied by a functional demonstration is recommended as part of the investigation and approval process.

Acceptable and approved functional types may include:

Biometric: use of biological data, such as fingerprints, handprints, retinal scans, and pen strokes, to authenticate an individual.

Digital signature: a cryptographic signature (a digital key) that authenticates the user, provides nonrepudiation, and ensures message integrity. This is the strongest signature because it protects the signature by a type of “tamper-proof seal” that breaks if the message content were to be altered.

Digitized signature: an electronic representation of a handwritten signature. The image of a handwritten signature may be created and saved using various methods, such as using a signature pad, scanning a wet signature, or digital photography. The signature may be “captured” in real time (at the time the user applies the signature), or a saved image captured at the point of normal business operations may be imported. The digitized signature is useful for patient signatures that must be collected for admission consent, surgical consent, authorizations, discharge instructions, advance directives, and generally any other type of electronic form requiring patient signature.

b. Data Elements Required in E-Signature

Policy defines the screen visual and hard-copy appearance of the applied e-signature for user and legal identification.

The e-signature line includes the author’s e-signature, full name, credentials, date, and time of e-signing.

Accompanying signature phrases approved and acceptable for EHR authentication statements are identified. Phrases selected should be fitting to the type of documentation referenced. Examples include “Electronically signed by”; “Signed by”; “Authenticated by”; “Sealed by”; “Data entered by”; “Approved by”; “Completed by”; “Verified by”; “Finalized by”; “Validated by”; “Generated by”; and “Confirmed by.”

c. Amendments, Corrections, Deletions, and Retractions in the EHR

Policy defines the provider’s electronic approach to amendments, corrections, deletions, and retractions in keeping with legal principles. Any necessary revisions to an electronically signed document must follow organizational policy and procedure. These changes require the same data elements described in the “Types of E-Signatures” section. Please refer to Amendments, Corrections and Deletions to Electronic Medical Records, 111.806.

Addendum: new documentation added to original entry. Addendums should be timely and bear the current date and reason for the additional information being added to the health record.

Amendment: documentation meant to clarify health information within a health record. An amendment is made after the original documentation has been completed by the provider. All amendments should be timely and bear the current date of documentation.

Correction: a change in the information that is meant to clarify inaccuracies after the original documentation has been signed or rendered complete.

Deletion: the act of eliminating information from previously closed documentation without substituting new information.

Late entry: delayed EHR documentation. The entry pertains to the regular course of business for the patient it addresses but is recorded subsequent to the usual and customary point-of-care documentation timeliness. The delay often creates documentation sequencing outside of normal chronological order.

Retraction: the act of correcting information that was inaccurate, invalid, or made in error and preventing its display or hiding the entry or documentation from further general view. After an entry or document has been invalidated, it must be retained in a retracted state in the version control portion of the legal health record for access if needed for legal or other purposes. Organizational policy should provide guidelines on when a correction is made versus retraction.

2. Special Consideration for E-Signature

Variation in technology implemented and services offered may require policy coverage of multiple provisions for special e-signature practices. Policy defines the necessary approaches and approved functionalities.

a. Electronic Dual Signatures, Cosignatures, and Countersignatures

Definitions of the three synonyms: Additional or supplemental signature(s), electronically affixed, in those instances where state or federal law, academic teaching programs, facility guidelines, or clinical preference call for multiple attestations on a particular unit of information.

Recommended e-signature practices for dual signatures, co-signatures, and countersignatures are included in the policies regarding amendments, corrections, and deletions in the electronic health record”. See references list.

In the case of transcribed documents, the point at which the e-signature is affixed is the point at which the document is locked for editing changes. After e-signing, the amendments, corrections, and deletions procedures are employed, see Amendments, Corrections and Deletions to Electronic Medical Records, 111.806

b. Entries Made on Behalf of Another

At the point of care. If documentation of care is recorded by one individual for another when both are present, such as in a scribe role or an emergency trauma or code event, the e-signature capture should include identifying information of both individuals. At a minimum, the identification of the person who documented the information, the date, and time should be captured, along with an attestation e-signature of the ultimately responsible caregiver noting corresponding date and time of attestation. Title identity should be clearly noted respectively for each e-signature (e.g., scribe versus caregiver).

For final health record completion. In the event a physician or other clinical provider is protractedly absent leaving unsigned electronic documents or entries, a process is in place to invite qualified alternate signers for purposes of record closure. A qualified alternate signer is one who is able to uphold the purpose of attestation, that of familiarity with the clinical case who can validate the accuracy of the documentation. When entries must be left unsigned due to case unfamiliarity by other caregivers and lack of alternate signers, explanatory documentation is included in the EHR to indicate the reason for record closure with e-signature validation gaps.

c. Proxy, Alternate, or Group Signatures

The process by which another provider is authorized to electronically sign documentation on behalf of the original author in an ongoing manner: The proxy accepts responsibility for the content of the original documentation. The use of proxy signature technology will be monitored to ensure the purpose of e-signature is upheld.

d. Multiple Signatures

Entries or reports containing documented contributions by multiple individuals must be authenticated by each contributor in a way that unambiguously identifies each individual's specific contribution. Multiple signatures are applicable to a single entry or document where required by institutional policy. When applied, each signature should be complete for required elements. Transcribed reports must show the name of the dictator as well as display the names of all e-signers. The sequence of e-signature applications must be evident within the metadata.

e. Auto-attestation

Auto-attestation is the process by which a physician or other practitioner authenticates an entry that he or she cannot review because it has not yet been transcribed or the electronic entry cannot be displayed. This process is strictly prohibited as a method of authentication in a health record.

The method used to apply an electronic signature must promote action by the signer to verify the entry or report content displays as intended and the information is accurate.

f. Patient and Witness Signatures

Documents requiring patient or witness signature are part of the patient’s legal health record. Approaches to legal patient and witness signatures may include electronic signatures such as digitized handwritten signature and digital signature. The same principles for uninterrupted security and guarantee of unalterable functionality apply.

3. Electronic Signature Participation

The policy includes reference to the conditions under which an individual is required or given permission to participate in the e-signature process.

a. Confidentiality and Security

Participant identification: those authorized to affix an electronic signature will be limited to those identified by policy, such as treating physicians, other clinicians, ancillary healthcare staff, and clinical residents and students involved in patient care requiring record documentation and/or review and approval of documentation in the health record. Authorized titles are documented in medical staff bylaws or rules and regulations and organizational policies and procedures.

Security: robust organization security technological safeguards create the foundation of the e-signature functional design. Technology benefits to fortify the reliability of e-signature functions are carefully selected and updated as technology advances. Under no circumstances may users provide any other person including physician office staff, other physicians, or family members (e.g., patient or witness users) access to user ID, PIN, or e-signature functionality. All users of electronic signatures must comply with confidentiality requirements outlined in the facility-wide policies on confidentiality and security of health information. Any security breach, such as problems with passwords, two-factor, multifactor, or biometric authentication, and access ID codes and PINs must be promptly dealt with and changed if they are suspected or known to have been compromised.

System authentication: a unique ID number, code, password, or other measure such as fingerprint or voice activation code should be used to identify each authorized user. This ID, code, or password should be confidential, known only to the user, and adequately complex by security best practices and organization policy.

Participant agreement: each e-signer is required to complete a participation agreement attesting to be the only person with access to the identifier, code, password, or PIN with commitment to safekeeping of user information. The agreement provides acknowledgment of and user intention to uphold organization policies and practices for a properly executed e-signature process. Retention responsibilities for the completed agreements and signing frequency practices are described; for example, requiring that a provider signs an initial agreement prior to first use, with annual agreement renewal thereafter. The agreement can be retained by the health information management department, medical staff office in physician profiles, or human resources department in employee files.

b. Compliance Monitoring

The policy designates requirements for planned compliance monitoring in the form of ongoing or periodic audits to measure participant alignment with policy and procedure expectations and detect inappropriate e-signature practices whether from ignorance, negligence, or overt policy abuse.

Unannounced ongoing audits are part of the TVHD’s performance improvement program. The approach includes a check-the-checker provision, one that recognizes the accuracy of the evaluator should also be checked periodically.

More frequent back-end compliance monitoring with larger sample size may be needed to offset front-end technology limitations in order to adequately measure compliance.

c. Enforcement/Disciplinary Action

The enforcement and sanctioning models adopted are administered in a fair, consistent, and objective manner.

Any individual who makes inappropriate or illegal use of electronic signatures or records is subject to policy enforcement and disciplinary sanctions. Sanctions, based upon the signatory’s relationship with TVHD, may include professional review, suspension, revocation of privileges, termination of employment, and criminal prosecution.

Inappropriate or illegal use includes, but is not limited to, anyone who discloses his or her PIN or ID number, code, or password to others, and anyone using a PIN or ID number, code, or password without authorization.

References:

California Government Code Section 16.5:

22000   Definitions

22001   Digital Signatures Must Be Created By An Acceptable Technology

22002   Criteria for State to Determine if a Digital Signature Technology is Acceptable for Use By

Public Entities

22003   List of Acceptable Technologies

22005   Provisions for Adding New Technologies to the List of Acceptable Technologies

Additional TVHD Policies

Legal Health Record, #111.800

Amendments, Corrections and Deletions to Electronic Medical Records, 111.806

Appendix D: Glossary of Terms

Electronic Signature, Attestation, and Authorship.

Addendum: new documentation added to an original entry. Addendums should be timely and bear the current date and reason for the additional information being added to the health record.

Alternate signature: see proxy signature.

Amendment: documentation meant to clarify health information within a health record. An amendment is made after the original documentation has been completed by the provider. All amendments should be timely and bear the current date of documentation.

American Society for Testing and Materials (ASTM): a nonprofit organization that provides a forum for the development and publication of voluntary consensus standards for materials, products, systems, and services. More than 20,000 members representing producers, users, ultimate consumers, and representatives of government and academia develop documents that serve as a basis for manufacturing, procurement, and regulatory activities.

Ancillary signatures: signatures from other healthcare providers such as laboratory, radiology, respiratory, therapies, and pharmacy.

Append: the act of adding information to documentation already in existence.

Attestation: the act of applying an electronic signature to content showing authorship and legal responsibility for a particular unit of information.

Attributes: characteristics defining properties of a file, such as “read only.”

Augmentation: see correction.

Authentication: the security process of verifying a user’s identity with the system and then authorizing the individual to access the system (the sign-on process). Authentication shows authorship and assigns responsibility for an act, event, condition, opinion, or diagnosis.

Authorship: attributing the origination or creation of a particular unit of information to a specific individual or entity acting at a particular time.

Auto-attestation: the process by which a physician or other practitioner attests an entry that he or she cannot review because it has not yet been transcribed or the electronic entry cannot be displayed. This process should be strictly prohibited from use as a method of authentication in a health record.

Biometric signature: use of biological data, such as fingerprints, handprints, retinal scans, and pen strokes, to authenticate an individual.

Closed note: documentation (or note) that has been closed due to system requirement or after a defined period of time. See final note.

Complete: a note or record that has been attested. See final note.

Completion: the process of completing an entry in the health record by electronically applying the author’s signature. Once the signature is applied the entry is considered complete and the only opportunity to make changes is through an amendment. Organizational policy should define documentation points required for completing an entry and how long documents are available in an incomplete status.

Correction: a change in the information that is meant to clarify inaccuracies after the original documentation has been signed or rendered complete. Synonym: augmentation.

Counter signature or cosignature: an additional signature, electronically affixed, in those instances where state or federal law, academic teaching programs, facility guidelines, or clinical preference call for multiple attestations on a particular unit of information. For example, a resident may dictate, edit, and sign a document to indicate authorship. The responsible supervising physician may be required to sign the document in addition to the resident. Synonym: dual signature.

Data integrity: the assurance that information has not been modified between the time it is sent by the sender and received by the intended recipient. Measures taken to ensure integrity include controlling the physical environment of networked terminals and servers, restricting access to data, and maintaining rigorous authentication practices.

Drug Enforcement Administration number: a series of numbers assigned to a healthcare providers (such as a medical practitioner, dentist, or veterinarian) allowing them to write prescriptions for controlled substances. Legally the DEA number is solely to be used for tracking controlled substances. However, the DEA number is often used by the industry as a general “prescriber” number that is a unique identifier for anyone who can prescribe medication. It contains two letters, six numbers, and one check digit.

Deletion: the act of eliminating information from previously closed documentation without substituting new information.

Digital certificate: an electronic “credit card” that establishes a user’s credentials when doing business or other transactions on the Internet. It is issued by a certification authority. It contains a user’s name, a serial number, expiration dates, a copy of the certificate holder's public key (used for encrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real. Some digital certificates conform to standard X.509. Digital certificates can be kept in registries so that authenticating users can look up other users’ public keys.  

Digital signature: a cryptographic signature (a digital key) that authenticates the user, provides nonrepudiation, and ensures message integrity. A digital signature is the strongest signature because it protects the signature by a type of “tamper-proof seal” that breaks if the message content were to be altered.

Digital Signature Standard (DSS): a standard that specifies a digital signature algorithm used to generate and verify a digital signature. Digital signatures are used to detect unauthorized modifications to data and to authenticate the identity of the signatory. In addition, the recipient of signed data can use a digital signature in proving to a third party that the signature was in fact generated by the signatory. This is known as nonrepudiation since the signatory cannot, at a later time, repudiate the signature.

Digitized signature: an electronic representation of a handwritten signature. The image of a handwritten signature may be created and saved using various methods, such as using a signature pad, scanning a wet signature, or digital photography. The signature may be “captured” in real time (at the time the user applies the signature), or a previously saved image may be applied.

Documentation management system: a computer system used to control documents during their lifecycle. The system is designed to maintain data elements about each document concerning authorship, creation, review, revision, utilization, and retention. 

Dual signature: see counter signature or cosignature.

Electronic health record (EHR): a longitudinal electronic record of patient health information generated by one or more systems in any healthcare delivery setting.

Electronic routing: the automation of a business process, in whole or part, during which documents, information, or tasks are passed from one participant, human, or machine to another for action, according to a set of procedural rules.

Electronic signature: a generic, technology-neutral term for the various ways that an electronic record can be signed, such as a digitized image of a signature, a name typed at the end of an e-mail message by the sender, a biometric identifier, a secret code or PIN, or a digital signature. 

Electronic signature pad: an electronic device used to capture written signatures and convert them to digital format. See digitized signature.

Encryption: the process of transforming text into an unintelligible string of characters that can be transmitted via communications media with a high degree of security and then decrypted when they reach a secure destination.

Final note: a note finalized through attestation, system requirement, or after a defined period of time per organizational policies and procedures, applicable rules and regulations, and medical staff bylaws.

Final signature: the process of applying the responsible provider’s electronic signature to documentation. Once applied, the documentation is considered complete. See completion.

Group signature: See proxy signature.

Hybrid health record: a system with functional components that include both paper and electronic documents and use both manual and electronic processes.

Incomplete: any note or record that is not complete as defined by state or federal law, facility guidelines, or clinical preference.

Invalidate: the act of declaring documentation invalid, taking away its legal force or rendering it ineffective. Documents may need to be invalidated in the electronic health record for various reasons such as wrong patient, patient left without being seen, or duplicate notes started for same appointment.

Late entry: delayed EHR documentation. The entry pertains to the regular course of business for the patient it addresses but is recorded subsequent to the usual and customary point of care documentation timeliness. The delay often creates documentation sequencing outside of normal chronological order.

Locked: the process by which a health record entry is complete. Any changes to the entry must be made through an amendment.

Metadata: data about data. Metadata describe how the data within a system are collected, who collected them, and when. Metadata are often referenced in an electronic health record’s audit trail.

Multiple signatures required: documentation requiring two (or more) official signatures (i.e., multidisciplinary treatment plan).

National provider identifier (NPI) : a 10-digit number used to identify all healthcare providers including individuals (e.g., physicians, nurses, dentists, chiropractors, physical therapists, and pharmacists) or organizations (e.g., hospitals, home health agencies, clinics, nursing homes, residential treatment centers, laboratories, ambulance companies, group practices, HMOs, suppliers of durable medical equipment, and pharmacies. The NPI is used to identify all providers of healthcare in HIPAA standard transactions and inpatient health records.

Nonrepudiation: a claim guaranteeing that the source of the health record documentation cannot later deny that he or she was the author.

Pending notes: see preliminary notes or reports.

Provider identification number or personal identification number (PIN): a personal identification number that can be used as a password for entry into an electronic system.

Preliminary entries or documents: documentation that is available for viewing but has not been authenticated or attested.

Provider: any staff member providing care to a patient who has privileges to treat and document within a health record.

Provider file: a file of the provider's demographic, medical licensure, DEA number, NPI number, and National Practitioner Data Bank status, kept current so the correct provider identification numbers appear on outgoing claims when they are dropped for billing.

Proxy signature: the process by which another provider is authorized to electronically sign documentation on behalf of the original author in an ongoing manner. The proxy accepts responsibility for the content of the original documentation. The use of proxy signature technology should be monitored closely for patterns of abuse. Synonyms: alternate signature and group signature.

Remote access: the ability to access a computer from a remote location. In order for a remote access connection to take place, the local machine must have the remote client software installed (such as virtual private network). Organizations may also implement clientless remote access methods that require no special client-based software. The remote machine must have the remote server software installed. A username and password are the preferred requirements to authenticate the connecting computer.

Reports: transcribed reports not generated within electronic health record.

Retracted state: the period after a document has been invalidated (see invalidate) during the version control portion of the legal health record.

Retraction: the act of correcting information that was inaccurate, invalid, or made in error and preventing its display or hiding the entry or documentation from further view.

Signature ceremony: the act of signing a document that calls to the signer’s attention the legal significance of the signer’s act.

Strong authentication: a two-factor authentication or multifactor sign-on authentication process that creates a higher level of security for granting privileges to an application. Strong authentication combines two or more independent factors of identification, such as password (something the user knows), a token (something the user has), or voice or fingerprint verification (something the use is). Strong authentication is also sometimes called “strong security.”

Two-factor authentication: a specific form of multifactor authentication. Examples include a password (something the user knows) combined with something the user is (such as a voice verification or fingerprint identification). Two-factor authentication is comprised of exactly two independent factors that are utilized together to create a stronger authentication than the use of a single factor, such as a password.

Unique physician identification number (UPIN): a number used to identify a physician who is enrolled in a Medicare program and is responsible for coordinating care of patients in a healthcare facility. The UPIN is often used to identify a physician in an abstracted document. The UPIN has been discontinued as of June 2007 and replaced with the national provider identifier (NPI).

Verification: the act of proving or disproving the subject matter or documents in question or comparing an activity, process, or product with the corresponding requirements or specifications.

Versioning: the storage and management of previous versions of a piece of information, documentation, or documents for security, diagnostics, and interest.

Virtual private network (VPN): a way to use a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization’s network. A VPN can be contrasted with an expensive system of owned or leased lines that can only be used by one organization. The goal of a VPN is to provide the organization with the same capabilities at a lower cost.

References

AHIMA. Pocket Glossary for Health Information Management. Chicago, IL: AHIMA, 2008.

AHIMA EHR Practice Council. “Developing a Legal Health Record Policy.” Journal of AHIMA 78, no. 9 (Oct. 2007) 93–97.

AHIMA e-HIM Work Group on Maintaining the Legal EHR. “Update: Maintaining a Legally Sound Health Record—Paper and Electronic.” Journal of AHIMA 76, no. 10 (Nov–Dec 2005) 64A–L.

American Bar Association. “Digital Signature Guidelines.” August 1, 1996. Available online at scitech/ec/isc/dsgfree.html.

Colorado Secretary of State. Uniform Electronic Transactions Act (UETA) Program. Available online at sos.state.co.us/pubs/UETA/UETA_Home_Page.htm.

Health Level Seven. HL7 EHR-S Records Management and Evidentiary Support Functional Profile 2009. Available online at .

Veterans Health Administration. “iMedConsent.” Handbook 1004.05. Available online at .

[pic]

|Article citation: |

|AHIMA. "Electronic Signature, Attestation, and Authorship. Appendix D: Glossary of Terms." Journal of AHIMA 80, no.11 (November-December |

|2009) |

ELECTRONIC SIGNATURE AUTHORIZATION/CONFIDENTIALITY FORM

An electronic signature establishes authorship and validity of a statement, order, document, report or record by an electronic means.

Request for an electronic signature must be approved by the Information Systems Department.

Electronic Signature Name: User ID:

Confidentiality of systems' accounts, passwords, personal identification numbers (PINs) and other types of authorization assigned to individual users must be maintained and protected, and not inappropriately shared.

Documents that are available to electronically sign are as follows:

I understand that when I am no longer affiliated with __________________ Hospital, I or my direct supervisor will notify the Information Technology Department that I am no longer on staff.

By signing this Authorization/Confidentiality Form, I acknowledge that I am a user of the electronic signature system and will not release my user identification code or password to anyone, or allow anyone to access or alter information using my identity.

I also understand that the electronic signature system I use is intended to be the legally binding equivalent of my authorized personal handwritten signature.

I am also responsible for the security of information stored in the Information Technology Department.

Name of Physician/Employee (print): Title:

Signature of Physician/Employee: Date:

Authorized By: Date Request Approved:

NOTES:

Please check your state for specific laws or regulations addressing electronic signatures.

Please have your legal department review this form prior to implementation for compliance with hospital practices and state and local regulations.

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download