Wednesday, March 21, 2012

NEHTA Provides A Final Report On E-Signatures - Useful To Know It Exists.

The following pair of documents popped up a few days ago:
Here is their description of the release.

Release Notification

Final Recommendations - Electronic Signatures



NEHTA is pleased to announce its Final Recommendations for Electronic Signatures on an initial set of clinical document types.
Following research and consultation with stakeholders in 2011, NEHTA’s Electronic Signatures initiative reached national consensus on well-defined mechanisms for clinicians to apply personal electronic signatures to attest to the content of clinical documentation within an eHealth context.


The purpose of this document is to present the agreed recommendations for the signing of clinical documents. The recommendations are intended to be used as a basis for the development of technical specifications, software systems, legislative instruments, and local policies.


The recommendations apply to clinical documents where the sender and the receiver are in separate and independent healthcare organisations. Different risk profiles (e.g. associated senders and receivers) imply different approaches, which are discussed in detail.
The document contains specific recommendations for the following clinical document types:
  • Prescriptions
  • Dispense records
  • Referrals
  • Specialist letters
  • Diagnostic imaging requests and reports
  • Discharge summaries.

Next Steps

NEHTA has already built support for the recommendations into current technical specifications and will be moving to produce implementation guidance. NEHTA has also commenced work with Commonwealth, state and territory governments to facilitate regulatory approvals in support of the recommendations where appropriate.
NEHTA expects to expand the recommendations to cover other clinical document types as the eHealth programme evolves.


NEHTA welcomes feedback on the document, which can be emailed to Kieron.McGuire at as can any related questions. Priority areas for feedback include errors of omission or commission, and potential issues affecting patient outcomes or choice.
----- End Announcement.
I have browsed through the associated documents and it seems reasonably clear what is intended.
Basically for most documents in the list above - other than prescriptions and medication records - the level of risk and the need for authentication beyond the use of individual log-on and use of an organisation or personal certificate is seen as adequate.
With medications the risk is assessed as moderate in some circumstances related to prescribed medicines and drugs or abuse or addiction.
Here a NASH Token, time expiring PIN and PKI are recommended.
At first blush I wonder if the approach to minimal / low risk might be a trifle lax and that repeated entry of PINs as well as token use might not be rather frustrating an annoying for the prescribing / dispensing functions.
Time will tell how this works in practice.
On another issue, why is it a Version 1.0 FINAL document? Given that has had no field implementation why is the term FINAL used. Surely Draft for Trial Use and Review would be more sensible. After 2-3 years if it all works out as hoped for Version 2.0 can be Final.
I just don’t get this approach to documentation, especially when comments are sought!
Pretending to be God like and to speak 'ex-cathedra' is not what we should be seeing from such a clearly fallible organisation - think recent pause etc..