Many physicians have migrated to the electronic record in the in-patient and out-patient setting. Physicians routinely use electronic and digital signatures in lieu of a hand written signature. This enables providers to order prescriptions and diagnostics, update and sign off on records, transmit orders from any location. Electronic submission necessitates security measures to verify and authenticate the physician’s identity.
The law defines an electronic signature as: “An electronic sound, symbol or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.” (15 U.S.C. §7006; Civil Code §1633.2(h).) A digital signature is a specific type of electronic signature that uniquely identifies the signatory and authenticates the digital message or document with a digital code. Under California law, a digital signature is a type of electronic signature and is defined as “an electronic identifier, created by computer, intended by the party using it to have the same force and effect as the use of a manual signature.”
What are the risks of using electronic signatures? The use of electronic signatures may increase the risk for potential opportunities for fraud, medical errors and liability. The risks will vary with the nature of the transaction and the security measures in place to ensure proper authentication and confidentiality, when necessary. At one extreme, the risks may be low for sending an email to a colleague. However, when sending orders, providing a diagnosis on a patient and or discussing the patient and name at length on a non-encrypted device may become an issue. Message integrity and authentication must be addressed and solved before the physician adopts electronic signatures for any critical communications where a patient’s treatment and individually identifiable protected health information is involved. For more information on laws regarding the security of protected health information.
In order to be reimbursed by Medicare, a physician’s hand written or electronic signature are needed for billing purposes. For prescribing of narcotics, DEA and state laws allow for electronic submission for Schedule II-V. Physicians must ensure the integrity and security of the system. Also the authority and confidentiality must be maintained. Providers must maintain a two-factor authentication system. The system used must be approved federally, to ensure that only the ordering physician has access necessary to authorize and sign electronic prescriptions. A physician may also sign electronically with their personal computer at home, as long as the system meets criteria elements.
The various government agencies concerned with e signing and HIPAA continue to work together. The eSign law has no authentication or other security requirements. The HIPAA Security Rule requires all covered entities to ensure the confidentiality, integrity, and availability of all electronic protected health information that the physician creates, receives, maintains, or transmits. (45 C.F.R. §164.306.)
Authored by Joseph Wager
CAP Senior Risk Management and Patient Safety Specialist
If you have questions about this article, please contact us. This information should not be considered legal advice applicable to a specific situation. Legal guidance for individual matters should be obtained from a retained attorney.