Article

By Mary Ann Smeltzer

A movement is growing in the United States to create, make accessible, and maintain electronic health care records for patients and their care providers. In line with this effort, an increasing number of hospitals, health care programs, and providers are purchasing and implementing software programs, thereby rendering paper charts a thing of the past.

What Is an Electronic Signature?

Medicolegal considerations – such as the question of authenticity of medical information, records, and signatures – are a legitimate concern for health care software developers and users. Electronic signatures will play a vital role in meeting medicolegal requirements and achieving the goal of a secure paperless record.

Systems that use electronic signatures work like this. When an original document is created and viewed on a computer screen, the document’s author validates the information he or she has entered and creates a unique “signature” for that document. This personal signature appears in the document and on the screen, and can exist in a variety of forms (a unique code, a biometric form such as a fingerprint, a password, etc.). No matter how the signature appears in the document, a password to validate the signer’s identity will be required for him or her to use the electronic signature feature.

Electronic signature components are not standardized throughout the United States. Not all states have specifications for electronic signatures, and those that do vary significantly from state to state. Compounding the confusion, individual hospitals or providers may hold different specifications for electronic signatures and their use; some may not permit their use at all. If you are considering a paperless charting system or working toward the inclusion of electronically signed forms in your paper records, you should first determine whether your state and facility recognize its use. Additionally, it is important to confirm the requirements regarding the inclusion of electronic signatures in patient charts.

Do Regulatory Bodies Recognize Electronic Signatures?

The Joint Commission on Accreditation of Healthcare Organizations (JCAHO) allows the use of electronic signatures in patient records. The JCAHO standards require an organization to maintain signed statements for each individual who has electronic signature capability, stipulating the user as the sole individual with access to his or her unique password as well as to the electronic signature function.

The Centers for Medicare and Medicaid Services (CMS) addresses electronic signatures in the Code of Federal Regulations, Section 482.24. CMS requires the organization to maintain a list of computer codes and written signatures that is readily available and safeguarded against unauthorized access. It describes sanctions for unauthorized use of electronic signatures within the Interpretive Guidelines and Survey Procedures for Hospitals. However, CMS does not specify any particular method to achieve electronic signatures.

The Health Information Portability and Accountability Act (HIPAA) attempted to address electronic signatures in health care records in August of 1998 but has backed away from that plan. The U.S. Secretary of Health and Human Services and the Secretary of Commerce both note that standards should be adopted for the procedure for electronic transmission and signing of health care documents as part of the HIPAA Security Rule. However, at this point, the rule from HIPAA (04/21/2003) does not include this aspect of documentation, and there is no projected time frame to address electronic signatures through HIPAA.

States may or may not address electronic signature use in their statutes. Some states – but by no means all – will allow batch signing of multiple charts. Medical records departments in hospitals should access state regulations regarding electronic documentation of health care information and use of electronic signatures.

Do Any Universal Rules Exist for the Use of Electronic Signatures?

We have discussed how electronic signature practices can vary greatly from state to state and hospital to hospital. However, there do exist some consistent standards for health care documentation that are universal, crossing state boundaries. These generally adhere to the standard medicolegal requirements for documentation in an electronic environment:
• Patient chart documents must be signed; electronic records are no exception.
• An original document must be viewable on the computer screen. If necessary, the person who signs the document should be able to revise the contents in an approved manner. The document’s content can be entered by typing the text or by using a mouse to select text in certain fields, or the document can be scanned into the computer. However it arrives on the computer’s screen, the health care provider who claims responsibility for the contents must authenticate the information in the document.
• The data included in the electronically signed document must remain identical to the original data throughout any transaction.
• The person signing a document electronically must not be able to manipulate or deny the validity of the process used to authenticate the document.
• It is necessary to verify that the people who electronically sign the document are who they say they are. The electronic signature must verify the identity of the signer, reflect the date and time of the executed signature, and display the meaning of the signature (e.g., authorship, review, approval). Electronic signatures differ from auto-authentication or auto-signing forms.
• Any action taken to create, modify, or delete information from the document associated with a signature must be accessible to all approved users.
• The electronic signature must be viewable and legible in both the electronic and the print formats.

How Can My Facility Prepare to Implement the Electronic Signature Feature?

In addition to ensuring the permissible use of electronic signatures in both the organization and the state in which they are intended for use, we recommend the following guidelines below to strengthen the validity of those signatures if challenged in a medicolegal situation. The guidelines also provide decisive support for those who will have electronic signature capability. Most of the guidelines involve policy and procedure development, approval, and implementation:

1. Develop a policy stating where electronic signature use is approved. Prohibit the copying and pasting of electronic signatures.
2. Develop a policy on password use specifying the process involved in issuing, changing, and terminating a password as well as its user’s access to the electronic signature functionality. Specify the characteristics of a password (e.g., number of characters, alphanumeric or special characters).
3. Determine which documents must be signed and by whom. Which ones will require a co-signature or validation of information entered by another individual?
4. Determine how scanned items will be handled to indicate the review of contents.
5. Determine who is authorized to modify information entered by another individual. Consider using an addendum to the original content of a signed document rather than an amendment; this will preserve both the original and the new information intended by each author. If you allow the editing of signed documents, you must maintain both versions for medicolegal reasons. No signed document can be permanently deleted from the electronic documentation system.
6. Develop and maintain a log of confidentiality statements signed by all users to acknowledge their responsibility and accountability for each electronic signature. Be sure that your policy states that each user is the only individual with access to – and use of – his or her password.
7. Determine whether hard copies of electronically completed chart forms will be generated once electronic signature use is implemented. If so, specify how authorization and responsibility will be assigned to print and file documents according to a particular time frame (e.g., following each encounter, upon the patient’s discharge, at the end of each billing cycle, monthly).
8. Determine when and how copies of the chart pages can be sent to others such as additional health care providers, insurers, or lawyers. Should the documents be signed first? If so, is there any risk of delay in providing information to others treating the patient?
9. Devise a process for documentation and signature of chart forms if the computer application is unavailable. If you intend to use paper forms until the application is available, you will need to devise a plan by which to transfer the paper-based information into the electronic record that preserves the validity and authenticity of the information captured on paper.
10. Develop a policy that conforms to your organization’s definition of a legal medical record and satisfies the requirements for record retention.

The development of electronic documentation software is enhancing and improving the health care system as we know it. Such advancements provide patients and health care providers the ability to communicate and work together with an unprecedented level of simplicity and security.

Mary Ann Smeltzer is a Masters prepared nurse certified in wound care by WOCNB with over 25 years of nursing experience, over eight of those in wound care. She has held positions in nurse management, education and as a legal nurse consultant, and provided clinical support, education and quality oversight to more than 22 wound programs. She is currently Director of Clinical Operations for Net Health Systems, Inc., creator of the WoundExpert® software for electronic documentation and outcomes management for wound care and hyperbaric oxygen therapy. Ms. Smeltzer is also a Disease Specific Care Program Reviewer for JCAHO and an adjunct faculty member at Community College of Allegheny County.