CDA R3 Electronic signature

From HL7Wiki
Jump to navigation Jump to search


Return to SDTC page; Return to CDA R3 Formal Proposals page.

(An announcement of this proposal must be submitted to the Structured Documents list to be formally submitted.)


Submitted by: HL7 France - Nicolas Canu Revision date: Nov 18 2009
Submitted date: Nov 18 2009 Change request ID: <<Change Request ID>>

Issue

One of the principles of CDA is persistence. It is therefore essential to include in CDA documents security characteristics so that the document contains elements needed to guarantee on the long term its content integrity and privacy as well as non-repudiation and authenticity of its author(s) / authenticator(s).

Recommendation

Electronic signature as defined in the XAdES-a standard is particularly relevant for guaranteeing long-term integrity, long-term authentication and long-term non-repudiation as all elements needed for signature validation are included in the format. This kind of signature based in XML-DSig standard allows signature of sections, multiple signatures, inclusion of additional elements like timestamps, signer’s attributes, signer’s roles, signer’s authorizations... XAdES is also required in France by national guideline on signature and in Europe by the Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures.

Rationale

XAdES electronic signature has several implementation options. One of those, allowing a CDA document to include its own security elements, is the enveloped signature. The enveloped signature approach guarantees that the signature is always stored / sent with the CDA document while not changing the very nature of the XML CDA document (it still begins with a clinicaldocument tag). Unlike detached signature, enveloped signature will still be available along with the document on the long term even if indexing system for documents becomes obsolete. This approach aims at defining electronic signature guidelines to be included in the CDA framework (algorithms, canonization, encoding…)

Discussion

This approach requires that CDA schema include a “Signature” tag for signature(s) either in the header or in specific section(s) to include signature and security data.

Recommended Action Items

The issues presented in that request are addressed in the request Digital_signature_for_header_participations_-_author,_authenticator,_legalAuthenticator as long as Xades signature can be used (which is the aces according to the text in the rational section). As the request "Digital signature for header participations - author, authenticator, legalAuthenticator" has been approved, the present request can be discarded.

Resolution

(Resolution is to be recorded here and in the referenced minutes, which are the authoritative source of resolution).