Convert your FHIR JSON -> XML and back here. The CDA Book is sometimes listed for Kindle here and it is also SHIPPING from Amazon! See here for Errata.

Monday, September 26, 2011

Security, Masking, and Legal Signatures in CDA

A while back I made a statement about how "Masking" interferes with the wholeness and legal authenticity of a document that has been signed in CDA.  Someone recently asked for clarification on the point that I made:
The main problem with "MASKING" as it were are that in implementing such an infrastructure you are interfering with the wholeness and legal authenticity of the content being viewed. 

So, to clarify:

  1. In CDA, the legal signature attests that the provider has legally signed (and is thereby taking responsibility) for the content in the whole document.
  2. That signature does not necessarily apply to the provider taking responsibility for a "MASKED" version of the document, as masking could eliminate critical information.
What the signature means in this case depends on how one interprets the applicable policies. 

Two other questions were also asked:
  1. What is the legal authenticity of a CCD?
    CDA documents need not be signed, but can be.  A CCD does not require a legal signature, that is up to organizational policies.  A couple of other points: The signature of a CDA document (and thus a CCD) is not a "digital signature".  Instead, it is an "electronic signature".  The latter is merely a mark indicating that a signature has been obtained.  The former is a strong mathematical proof that it was obtained.  For more information on using digital signatures with CDA documents, see two excellent posts from John Moehrke:
    1. IHE Privacy and Security Profiles (a detailed Bloginar on several security related topics)
    2. Signing CDA Documents
  2. Does a CCD have to be diplayed in its entirety?
    How the CCD is used depends upon also upon organizational policy.  The advice I give is that if the use case is to "summarize the encounter" to a human, to display the whole content, but there are plenty of other uses that may not have that same requirement, such as medication reconciliation.

In all cases, the actually resolution of these questions would need to be addressed by local policy.  Local policy is a phrase you will frequently hear security geeks use to mean:  Governing laws, regulation and the procedures instituted by organizations to implement them.  Essentially that means that the CDA and CCD specifications do not set forth what is the "legal authenticity".  Those decisions are made in courts.  They do however, support procedures that enable others to establish the "legal authenticity".