Exchange of documents and data in commercial organizations is normally
accomplished using traditional workflow methodologies. Successful
implementation of workflow in these organizations is encouraging
agencies that did not look at these workflow methodologies favorably
because data and documents exchanged were considered confidential
and restricted and for use only by authorized users. The workflow
in these organizations requires that user be authenticated before
accessing the document/data as well as obtain their signatures at
each step due to legal requirements associated with these processes.
In addition retaining the confidentiality of the document/data based
on user authentication is of utmost concern. Recent advances in
digital signature technology and its use in replacing traditional
signature have opened the possibility of creating a successful document/data
exchange workflow for authenticated documents and data. Further
this approach could be extended to authenticate each user and their
role to meet confidentiality and security requirement. Some of the
processes that can be identified for authenticated document/data
- Document/data exchange associated with healthcare document
requiring HIPAA compliance.
- Judicial transactions like TRO’s (Temporary Restraining
- Financial Disclosure Documents
- Documents associated with Federal or State approval i.e.
FDA, FAA etc.
- Documents associated with sensitive national security matters
used by Local, State, Federal and International government agencies.
In this paper we will provide a brief introduction to digital
certificate technology and its evolution followed by outlining
why forms based workflow is critical to automate workflows involved
in most of the situations outlined above. Next we will consider
evolution of electronic filing and the workflow associated with
electronic document/data exchange. Finally we will outline the
new frontier that is taking shape where identity management using
digital certificate can be utilized to authenticate users and
their roles to create a paperless workflow maintaining the privacy
and legal requirements that are essential to these processes.
EVOLUTION OF ELECTRONIC
SIGNATURE AND DIGITAL AUTHENTICATION:
Some of the key events associated with adoption of Digital Certificate
based electronic signature are listed below:
- National Institute of Standards and Technology (NIST) established
a federal digital signature standard (DSS) during the period
- Many U.S. States established legal frameworks for digital
signatures, most of them based on Utah's legislation (1995).
See Biddle (1996) for a commentary on matters of concern about
the Utah model, including privacy aspect.
- On Oct. 1, 2000, the U.S. Electronic Signatures in Global
and National Commerce Act went into effect. The so-called e-signature
law allows for electronic signatures to be as legally binding
as handwritten signatures.
In the next paragraphs we will outline the significance of legal
precedence associated with signature and evolution of digitally
SIGNATURES AND THE LAW
According to ABA, “a signature is not part of the substance
of a transaction, but rather of its representation or form”.
Signature serves the following general purposes:
- Evidence:Signatures authenticate a writing by identifying
the signer with the signed document. A signature is a distinctive
mark used by the signer that makes the writing attributable
to the signer.
- Approval:In certain contexts defined by law or custom, a
signature expresses the signer's approval or authorization of
the writing, or the signer's intention that it has legal effect..
A signature on a written document can impart a sense of clarity
and finality to the transaction and may lessen the subsequent
need to inquire beyond the face of a document.
The formal requirements for legal transactions, including the
need for signatures, vary in different legal systems, and with
the passage of time. Sometimes it is necessary to use a Notary
to authenticate the signer's signature on a paper.
To summarize the basic purposes of signatures outlined above,
a signature must have the following attributes according to ABA:
- Signer Authentication:A signature should, indicate the signer
of the document, message or record, and should be difficult
for another person to produce without authorization.
- Document Authentication: A signature should identify what
is signed, making it impracticable to falsify or alter either
the signed matter or the signature without detection.
Digital signature technology generally surpasses paper technology
in all these attributes. To understand why, one must first understand
how digital signature technology works.
HOW DIGITAL SIGNATURE TECHNOLOGY
Thus, use of digital signatures usually involves two processes,
one performed by the signer and the other by the receiver of the
- Digital signature creation uses a hash result derived from
and unique to both the signed message and a given private key.
For the hash result to be secure there must be only a negligible
possibility that the same digital signature could be created
by the combination of any other message or private key.
- Digital signature verificationis the process of checking
the digital signature by reference to the original message and
a given public key, thereby determining whether the digital
signature was created for that same message using the private
key that corresponds to the referenced public key.
- To sign a document or any other item of information, the
signer first delimits precisely the borders of what is to be
signed. The delimited information to be signed is termed the
"message" in these Guidelines. Then a hash function
in the signer's software computes a hash result unique (for
all practical purposes) to the message. The signer's software
then transforms the hash result into a digital signature using
the signer's private key. The resulting digital signature is
thus unique to both the message and the private key.
PUBLIC KEY CERTIFICATES
To verify a digital signature, the verifier must have access
to the signer's public key and have assurance that it corresponds
to the signer's private key. However, a public and private key
pair has no intrinsic association with any person; it is simply
a pair of numbers. Some convincing strategy is necessary to reliably
associate a particular person or entity to the key pair.
In a transaction involving only two parties, each party can simply
communicate (by a relatively secure "out-of-band" channel
such as a courier or a secure voice telephone) the public key
of the key pair each party will use. Such an identification strategy
is no small task, especially, when the parties are geographically
distant from each other, normally conduct communication over a
convenient but insecure channel such as the Internet, are not
natural persons but rather corporations or similar artificial
entities, and act through agents whose authority must be ascertained.
As electronic commerce increasingly moves from a bilateral setting
to the many-on-many architecture of the World Wide Web on the
Internet, where significant transactions will occur among strangers
who have no prior contractual relationship and will never deal
with each other again, the problem of authentication/nonrepudiation
becomes not merely one of efficiency, but also of reliability.
An open system of communication such as the Internet needs a system
of identity authentication to handle this scenario.
CHALLENGES AND OPPORTUNITIES
The prospect of fully implementing digital signatures in general
commerce presents both benefits and costs. The costs consist mainly
On the plus side, the principal advantage to be gained is more reliable
authentication of messages. Digital signatures if properly implemented
and utilized offer promising solutions to the problems of:
- Institutional overhead:The cost of establishing and utilizing
certification authorities, repositories, and other important
services, as well as assuring quality in the performance of
- Subscriber and Relying Party Costs: A digital signer will
require software, and will probably have to pay a certification
authority some price to issue a certificate.
- Hardware to secure the subscriber's private key:There may
be cost associated with securing the digital certificate on
part of signer.
- Digital certificate verification cost: Persons relying on
digital signatures will incur expenses for verification software
and perhaps for access to certificates and certificate revocation
lists (CRL) in a repository.
- Identity theft: The possibility of identity theft is eliminated
except in case of loss of digital certificate;
- Imposters, by minimizing the risk of dealing with imposters
or persons who attempt to escape responsibility by claiming
to have been impersonated;
- Message integrity, by minimizing the risk of undetected message
tampering and forgery, and of false claims that a message was
altered after it was sent;
- Formal legal requirements, by strengthening the view that
legal requirements of form, such as writing, signature, and
an original document, are satisfied, since digital signatures
are functionally on a par with, or superior to paper forms;
- Open systems, by retaining a high degree of information security,
even for information sent over open, insecure, but inexpensive
and widely used channels. The most widely used standard for
digital certificates is X.509.
FORMS RUN ORGANIZATIONS
& ELECTRONIC FORMS MAKE IT SIMPLE AND PAPERLESS
From Courts to healthcare, from manufacturing to financial institutes,
everyone uses forms. But the sheer mass of paper generated by
excess printing and the lack of error protection inherent in a
paper-based form workflow makes it costly and impractical.
Electronic forms like XForms, InfoPath were created to solve
these problems and eliminate cost and inefficiencies associated
with paper forms.
Using paper forms invites disorder, filing mistakes, damage, loss,
waste, and other complications. To solve these problems, organizations
could format their documents into HTML for publication on the
web, but this is a costly and time-consuming process. What's more,
the user remains unable to submit documents directly to the recipient
from the computer screen, but instead can only print them out
to mail or fax, resorting again to paper - and all of its attendant
costs. Most organizations use forms to collect data from customers,
employees, vendors, and contractors. Forms contain information
that need to be processed, secured, and acted upon for a variety
of purposes. To be effective, forms-based processes should be
flexible to meet an organization's needs. They should be efficient
in getting input and approval from everyone involved, and equipped
to allow collaboration among several people or departments. Approval
and validation of forms by multiple authorities is an important
part of workflow used by number of organizations. The data exchange
needed between the forms and line of business applications has
resulted in development of XMLschemas that have become standard
for different industries. In following paragraphs we have outlined
few of the standards:
LEGAL XML STANDARD
THE GLOBAL JUSTICE XML DATA MODEL (GLOBAL JXDM):
The Global Justice XML Data Model (Global JXDM) is intended to
be a data reference model for the exchange of information within
the justice and public safety communities. The Global JXDM is
a product of the Global Justice Information Sharing Initiative's
(Global) Infrastructure and Standards Working Group (ISWG). It
was developed by the Global ISWG's XML Structure Task Force (XSTF)
XML STANDARD FOR PROCESS
DEFINITION LANGUAGE (XPDL) VERSION 1.0.
The Workflow Management Coalition (WfMC) has announced the release
of its Workflow Standard XML Process Definition Language - XPDL
1.0. "Together with other WfMC standards, XPDL provides a
framework for implementing business process management and workflow
engines, and for designing, analyzing, and exchanging business
processes. XPDL is the culmination of a fifteen-month effort by
multiple vendors and users to provide a standard that satisfies
the needs of diverse organizations. One of the key elements of
the XPDL is its extensibility to handle information used by a
variety of different tools. Based upon a limited number of entities
that describe a workflow process definition ('Minimum Meta Model'),
XPDL thus supports a number of differing approaches. The specification
is intended for use by software vendors, system integrators, consultants
and any other individual or organization concerned with the design,
implementation, and analysis of business process management systems
as well as with interoperability among workflow systems."
HEALTHCARE XML STANDARD
Hospitals, doctors, and other healthcare centers around the world
require the ability to send and receive healthcare data, including
patient information and various lab reports. As a result, vast
amounts of healthcare information are exchanged on a daily basis.
However, medical data can be extremely complicated due to the
abundance of clinical terminology, as well as the structural complexity
in the formation of the presented information. Thus, this information
must be presented in a standardized format in order to ensure
that the data is universally understood and organized. In order
to achieve this, all healthcare information must be sent in a
specialized healthcare language. The language that has been developed
to overcome these obstacles is HL7. The HL7 protocol was developed
by the Health Level 7 Organization, which consists of grammar
and vocabulary that is standardized so that clinical data can
be shared amongst all healthcare systems, and easily understood
by all. By using the HL7 messaging protocol as a standard, all
systems following the HL7 specifications are able to communicate
easily with one another, without the need for information conversion.
October 4, 2000—Health Level Seven, Inc. (HL7) successfully
balloted what it believes to be the first XML-based standard for
healthcare—the Clinical Document Architecture (CDA). The
CDA, which was until recently known as the Patient Record Architecture
(PRA), provides an exchange model for clinical documents (such
as discharge summaries and progress notes)—and brings the
healthcare industry closer to the realization of an electronic
medical record. The CDA Standard is expected to be published as
an ANSI approved standard by the end of the year.
Clinical Document Architecture, Release One (CDA R1), became
an American National Standards Institute (ANSI)–approved
HL7 Standard in November 2000, representing the first specification
derived from the Health Level 7 (HL7) Reference Information Model
(RIM). CDA, Release Two (CDA R2), became an ANSI-approved HL7
Standard in May 2005 and is the subject of this article, where
the focus is primarily on how the standard has evolved since CDA
R1, particularly in the area of semantic representation of clinical
events. CDA is a document markup standard that specifies the structure
and semantics of a clinical document (such as a discharge summary
or progress note) for the purpose of exchange. A CDA document
is a defined and complete information object that can include
text, images, sounds, and other multimedia content. It can be
transferred within a message and can exist independently, outside
the transferring message. CDA documents are encoded in Extensible
Markup Language (XML), and they derive their machine process able
meaning from the RIM, coupled with terminology. The CDA R2 model
is richly expressive, enabling the formal representation of clinical
statements (such as observations, medication administrations,
and adverse events) such that they can be interpreted and acted
upon by a computer. On the other hand, CDA R2 offers a low bar
for adoption, providing a mechanism for simply wrapping a non-XML
document with the CDA header or for creating a document with a
structured header and sections containing only narrative content.
The intent is to facilitate widespread adoption,
while providing a mechanism for incremental semantic interoperability.
HL7 V3, like V2.x, is a standard for exchanging messages among
information systems that implement healthcare applications. However,
V3 strives to improve the V2 process and its outcomes. The original
process for defining HL7 messages was established in 1987 and
has served us well. The development principles behind HL7 V3 lead
to a more robust and fully specified standard.
New capabilities offered in Version 3 include:
BUSINESS XML STANDARD
- Top-down message development emphasizing reuse across multiple
contexts and semantic interoperability.
- Representation of complex relationships.
- Formalisms for vocabulary support.
- Support for large-scale integration.
- Solving re-use and interoperability across multiple domain
- A uniform set of models.
- Expanded scope to include community medicine, epidemiology,
veterinary medicine, clinical genomics, security, etc.
Introduction:The Electronic Business (eBusiness) Extensible Markup
Language (XML) [ebXML] set of specification enable electronic trading
relationships between business partners and integrates new technologies:
- Communicate data in common terms (Core Components Technical
- Register and provide eBusiness artifacts and services (ebXML
Registry Services [ebRS v3.0] an Registry information Model
- Configure technical contract between business partners (Collaboration
Protocol Profile and Agreements [CPP/CPA v2.0])
- Provide secure and reliable transport (ebXML Messaging Services
- Enable business processes (ebXML Business Process Specification
Schema, [ebBP v2.0.3]).
DOCUMENT AND DATA EXCHANGE USING XML:
Multiple government agencies are implementing electronic filing
and electronic recordation of documents as a means of document/data
exchange between courts and attorney's and other departments e.g.
Child Support department, County recorder's office etc. E-filing
allows organization to create a workflow across multiple departments
across a WAN. We have outlined two case studies to demonstrate
how the electronic filing is creating authenticated document/data
exchange using a look a like image of the signature of the filers
and court clerk. Later we have outlined case studies where true
digital authentication is used to create a document/data exchange
between various county departments to accomplish TRO Temporary
Restraining Order) and other document types.
E-FILING CASE STUDIES:
E-filing is complete automation of the workflow needed between
various agencies e.g. Sheriff, D.A., DCSS, Probation agencies,
Juvenile agencies etc. as well as users e.g. attorneys, Pro Se
Litigants, Process Servers etc. This automation uses multitude
of technologies and standards that will allow these diverse entities
to exchange document and data electronically. The complexities
in this automation arise out of security concerns, data compatibility
issues and legal concerns. These case studies outline the base
modules needed to accomplish this automation and also describes
need for standards and what is needed to make acceptance of these
standards easy for future implementations of E-filing process.
The process can be divided into following modules:
RIVERSIDE COUNTY CHILD
SUPPORT E-FILING SYSTEM:
- Document assembly and workflow automation at the filing entity
to generate the document and data envelope needed by receiving
- Document/data transformation to receiving agency in a standard
- Acceptance/rejection module.
- Electronic return receipt generation module.
- Transfer module for transferring data to Line of business
- Transfer module for transferring document to document repository.
WORKFLOW INVOLVING AUTHENTICATED DOCUMENT/DATA EXCHANGE:
A number of organizations as outlined below are forced to rely on
paper documents to create processes that will withstand the challenges
created by our legal system and conform to rules, such as: recording
process involved in transfer of real estate; court filings used
to obtain judgments via court proceedings; recordation of wills
and testaments etc. Generally authorities responsible for legal
validation of these processes have regarded electronic documents
as unreliable resulting in, paper documents to be the only legally
acceptable document. Other instances needing paper documents with
wet signature involve legal, healthcare and other type of transactions
requiring authentication of parties' involved and providing confidentiality
and privacy for the information that by law cannot be released to
unauthorized individuals. These type of transactions must be accomplished
by secure transfer of documents between parties and require that
unauthorized personnel can not access the document during the exchange
process between parties that are generally located at different
location. Some of the agencies that are involved in these kinds
of transactions are:
Some of these agencies have established rules that have been established
over decades and can not be modified without going through exhaustive
analysis of implications of these changes. Some of these processes
can not be modified without changes in laws.
- Judicial agencies such as Courts, Sheriff, District Attorneys
- Healthcare agencies like Hospitals, Clinics, Laboratories,
Pharmacies, Insurance agencies.
- Parties involved in criminal proceedings involving minors
or child support matters.
- Financial transactions e.g. sensitive financial information
needed by SEC
- Drug and medical appliance certification and approval applications
- Educational organizations.
- National security agencies that deal with sensitive data
related to national security and government affairs.
All these considerations outlined above make acceptance of digitally
authenticated documents by these authorities difficult.
At the same time reliance on authenticated identities is becoming
an increasingly crucial requirement for the introduction of Internet-based
solutions. Technology companies are forced to address multiple localized
identity solutions, adding cost and time to software development,
requiring custom consulting services, the need for multiple training
approaches, complex, and expensive product implementations one glaring
example of these problems is .State-based Medicaid administration,
a morass of local regulations and rules that render truly standardized
products unworkable. Standardized solution will eliminate interoperability
costs and barriers to rapid customer adoption and implementation
of products that require identity management. The more quickly these
solutions can be implemented, the faster these organizations will
realize cost and efficiency returns. Failure to solve the identity
problem globally will leave only one option—in-house administration
of proprietary identities, an approach with significant inherent
Today these organizations face unnecessary cost and complexity.
Defining, administering, and maintaining an identity scheme—event
ID number + password—is expensive and yields no competitive
advantage. Every entity-specific identification process imposes
costs and generates customer service issues. In spite of all the
difficulties associated creating Authenticated document workflow,
a number of agencies have created pilot or working prototypes
to demonstrate the viability of digital authentication and workflow.
The case studies outlined below, highlight the next frontier that
is evolving in creating authenticated document workflow.
SEALED AND CERTIFIED
DOCUMENT WORKFLOW IN COURTS:
Anyone who’s been through the court system, whether for
domestic violence, elderly abuse or child-support issue, knows
how burdensome it can be. There are arraignments, bail hearings,
trial and court dates, and mounds of paperwork. The amount of
work that goes into every aspect of anyone’s legal travails
is overwhelming, and it’s the organizations behind the courts
that, in some ways, truly feel the weight of the work. Victims
are overwhelmed by the number of pages of forms, many involving
repetitive questions. Victim’s advocates spent two to three
hours filling out forms, and they often have to wait hours for
an available advocate. It takes another four to six hours from
the time a judge signs the Order of Protection until the sheriff
receives the service paperwork. Up to five agencies are involved
in each procedure, all of which are in different locations. Therefore,
manual paper delivery uses up valuable time and sometimes forces
the victim to live with abuse rather than approach the court authorities.
BASED PROCESS TO OBTAIN TRO (TEMPORARY RESTRAINING ORDER).
When a Judge gets a document digitally signed by Attorney, to
verify the signature on the document, Judge's software first uses
CA’s (the certificate authority's) public key to check the
signature on Attorney’s certificate. Successful de-encryption
of the certificate proves that CA created it. After the certificate
is de-encrypted, Judge's software can check if Attorney is in
good standing with the certificate authority and that all of the
certificate information concerning Attorney’s identity has
not been altered (Although these steps may sound complicated,
they are all handled behind the scenes by Judge's user-friendly
software). Judge then signs his order digitally and a copy is
electronically delivered to sheriff and court clerk in minutes.
Sheriff can digitally authenticate judge’s certificate and
can make it available to other parties i.e. sheriff in another
county if they provide proper credentials, for viewing. The digitally
authenticated document provides:
- Proof of Identity.
- Prevention from unauthorized use.
- Intuitive UI for end users (encryption, decryption, and digital
- In the event that information is intercepted, encryption ensures
privacy that prevents third parties from reading and or using
RECORDS (EBR) AUTOMATION
Pharmaceutical companies have traditionally used paper (hard copy)
to maintain production batch records (PBR), also called master production
batch records (MPBR), for FDA-compliance purposes. With the advent
of 21 CFR Part 11 in 1997, the FDA began to accept electronic batch
records. Since then, more and more manufacturers have recognized
the advantages of automating the process of controlling EBR.
Under CGMP regulations found in 21 CFR Parts 210-211, the EBR
must demonstrate the accomplishment of every significant step
in the production, packing, and holding of each batch of a drug
product. CGMP requires extensive EBR documentation, including
batch dates, identity of major equipment/lines used, components/materials
used and their weights, in process and laboratory control results,
complete labeling control records, sampling, and identification
of personnel supervising or checking each step. The paper tracking
associated with the process can be onerous. A digitally authenticated
workflow could provide better control, security, audit ability,
and make the entire process simple and efficient for pharmaceutical
companies and FDA.
Technological advances in medicine have made it possible to prolong
life in patients with no hope of recovery. The physician is faced
with deciding whether measures used to keep patients alive are
extraordinary in individual situations. Advance Medical Directives
are documents intended to provide guidance to medical professionals
and your loved ones if you are incapacitated and cannot make your
own medical decisions.
Advance directives can be defined as the right of incompetent
patients to refuse unnecessarily burdensome treatment but at the
same time emphasize the necessity for written evidence documenting
their wishes. This empowers an agent, who has the power of an
attorney, to make end-of-life decisions and give instructions
about your health care wishes, if you are in a “chronic
vegetative state”. Most of us procrastinate in creating
an AHCD due to difficulty in obtaining proper advice, help and
documents. Even in those cases where a person has signed an AHCD,
it may be difficult to for him to have his wishes enacted due
to unavailability of signed documents when they are needed.
Governor Schwarzenegger signed AB 2805 on sept 28, 2006, a measure
authored by Assemblyman Sam Blakeslee.
AB 2805 permits AHCD's to be digitally signed and notarized using
the California digital signature standards which were established
in law in 1995. The measure protects current requirements for
AHCD's to be signed and either notarized or witnessed by two people.
But, also allows patients and notaries to use digital signatures
and requires the use of a digital certificate for that signature.
“An advanced health care directive could have been instrumental
in alleviating confusion around a case such as that of Terri Schiavo,”
said Blakeslee. “However, making end-of-life or life-sustaining
treatment decisions is just the first step. AHCD's only work if
people proactively record these decisions with their medical provider.”
ADVANCED HEALTH CARE
DIRECTIVE (AHCD), A CMA INITIATIVE:
CMA (California Medical Association), Mede pass and Image-X have
teamed to create www.healthcarewishes.com to allow a person to
digitally sign an Advanced Healthcare Directive and also provide
digital notarization. Further a physician with valid authentication
to comply with the patient’s wishes can retrieve the AHCD
on web in compliance with AB 2805.
The electronically stored Advance Healthcare Directives is available
to health care providers at any time via secure Internet or facsimile.
From case studies outlined above, one can summarize that this
is just the start of the digital authentication process to replace
the onerous paper based process. As more and more agencies understand
advantages of digital authentication and approve these processes
by passing necessary rules, we hope to see better security and
privacy as well as more efficient process and conformance with