Written Testimony of DrFirst Regarding Standards for e-Signature
Presented to the National Committee on Vital and Health Statistics
Subcommittee on Standards and Security
December 9, 2004
3206 Tower Oaks Blvd. Suite 310
Rockville, MD 20852
Fax: (301) 231-9512
DrFirst, a vendor of electronic prescribing (ePrescribing, eRx) software, is pleased to provide testimony on the subject of standards for electronic signature, in response to the invitation of the National Committee on Vital and Health Statistics (NCVHS) Subcommittee on Standards and Security. This written testimony complements oral testimony to be provided to the subcommittee on December 9, 2004.
Prior to founding DrFirst, I worked in the field of internet security and pioneered virtual private networks (VPN). I hold or share six patents relating to VPN technology and as a result of my current position, have continued to monitor Internet security-related developments.
We at DrFirst believe that the subject being discussed this morning translates without modification to all electronic health care transmissions and is not limited to ePrescribing.
We intend to stress three points this morning:
- The cost and complexity of Public-key/Private-key Infrastructure (PKI) has yet to be proven effective enough to recommend for eHealthcare, especially as a sole standard for electronic signature
- Unique User ID/Password combinations with secondary PINs meet the requirements for e-signature, but we also recommend allowing various existing and emerging signature technologies
- Biometric validation, while attractive, is not yet accurate enough, affordable enough, or prevalent enough to recommend for electronic prescribing
We will also call for a nationally-recognized database, a “master list” of providers, be developed and endorsed.
For an e-Signature methodology to be successful, it must satisfy the core tenets of integrity, security, and non-repudiation while providing for the delivery of healthcare at an affordable cost. The following three methodologies are commonly recommended for e-Signature standards and should be evaluated for their ability to provide security without introducing excessive costs:
- Public-Key/Private Key Infrastructure (PKI)
- User ID/Password/PIN
Public-Key/Private Key Infrastructure (PKI)
PKI’s strength lies in its ability, depending on implementation method, to meet the requirements of integrity, security, and non-repudiation. However, although PKI has been recommended by some organizations as the most appropriate standard for e-signatures, we believe that it fails the cost-effectiveness test.
PKI, as it has been envisioned for healthcare, requires a certification authority (CA) to issue, update, expire, and revoke the certificates associated with the PKI system. Even with an efficient, centralized implementation of CAs, there remains a high cost associated with this new layer of infrastructure. Interaction with a CA also introduces increased complexity into an electronic process which is attempting to decrease complexity for providers.
Legacy systems have not been built for PKI. Many healthcare systems are not Web-enabled or XML-savvy; often they cannot by themselves validate a digital signature. Moving to a PKI infrastructure will mean that many providers will find it difficult to participate in e-healthcare without upgrading systems—a significant expense in both dollars and time.
An additional concern regarding PKI is the push to implement it at the individual user level. It is unclear whether this can be managed cost-effectively. We discussed this question with Thomas Sullivan, MD, immediate past president of the Massachusetts Medical Society and a principal in the AMA’s attempt at a universal secure physician identifier. He stated:
“The AMA and its partner—and it is on its second partner—have tried for several years to deploy [PKI], and because of the complexity of maintaining the certificate and developing a successful business case, have not so far succeeded… The real problem was the complexity of maintaining the certificate – the revocation, the expiration, the re-registration. The users weren’t willing to pay anything, but thought it should be free.”
PKI remains unproven in terms of its ability to support a very-high-volume, real-time, clinical transaction network. e-Prescribing, for instance, requires a methodology able to support the real-time processing of billions of transactions flowing between over 50,000 pharmacies, more than 400,000 prescribers, and many payers. To date we are not aware of successful PKI implementations similar to those that have been recommended for e-healthcare.
There has also been discussion of a federated ID manager – each enterprise does their own ID access management within the enterprise—but when they collaborate with other entities, they exchange information about their validation for the user, and/or attributes of the user through a standardized protocol, such as Security Assertion Markup Language (SAML).
By introducing additional layers of cost structure and complexity into healthcare systems, PKI will by its very nature slow the speed of adoption. We cannot recommend it as the sole standard for e-signature.
Unlike PKI, it is less clear that biometrics can meet the basic tenets of a security methodology. Its relative “strength” is very dependent on the technology involved, and, like PKI, it introduces additional costs into healthcare delivery.
Affordable, accurate biometric authentication continues to elude the healthcare industry. Although devices with biometric readers (generally fingerprint) are becoming more common, complaints abound regarding both the ease of fooling these readers (false positives, a security issue), and the frequent misreading of authorized users (false negatives, which will frustrate users). Adding a level of uncertainty to existing workflows is not the most effective path to universal adoption of an e-signature technology.
Implementing biometric e-signatures also generally requires the purchase of specialized equipment for all users. Unless these expenses are reimbursed, biometrics will become another “unfunded mandate” for providers.
DrFirst believes that biometric technology has promise but will only recommend the use of biometric authentication when devices are affordable, accurate, and common.
User ID/Password/PIN (UPP)
Today, in the e-Prescribing arena, all participants are connecting through a secure, encrypted network which is accessed by users via individual user IDs and passwords. In the DrFirst system, an additional password (PIN) is required in order to actually transmit a prescription. When combined with appropriate management processes, this system satisfies both the security tenets and the cost-effectiveness test, and meets HIPAA guidelines for security.
Of particular note, legacy systems do not require upgrades in order to participate in e-healthcare using UPP. This e-signature method is a standard industry practice and is well-accepted by providers today.
In the drive toward adoption of e-healthcare, UPP is the shortest, most cost effective route.
Recommendations of DrFirst
An e-signature standard must drive rapid adoption, meet the basic tenets of security, and not impede progress by raising costs for participants. It must also meet the test of being a “better” alternative that the current paper and pen method.
At DrFirst, we believe that unique User IDs/Passwords/PINs meet the requirements for e-signature, but we recommend that this Committee adopt language that is broad enough in scope to encompass existing standards while leaving room for the introduction of new technologies when they mature sufficiently to merit implementation.
In addition, we would like to note that the lack of a nationally recognized database of credentialed physician identifiers has and will continue to hinder the ability of technology providers to offer universal solutions in the e-signature arena. Although physician identifier databases exist (DEA, CMS, AMA), none has been deemed a national standard and made available to e-healthcare vendors. We recommend that the development or endorsement of such a database be considered an important part of establishing e-signature guidelines.