esMD+Digital+Signatures+(AoR+L1,+L2)+Pilot

include component="page" wikiName="siframework" page="esMD SidebarRight" include component="page" wikiName="siframework" page="space.template.inc_contentleft_begin" include component="page" wikiName="siframework" page="esMD PageTabs" =Overview= CMS is collaborating with DHHS Office of the National Coordinator for Health IT (ONC) to develop a method to replace wet signatures with digital signatures for medical documents and transactions. Through working with the Standards and Interoperability (S&I) Framework, CMS has identified requirements within the following major topics for Author of Record (AoR):
 * Identity Proofing
 * Digital Credential Management
 * Digital Signatures & Signature Artifacts
 * Delegation of Rights

These topics are focused on meeting requirements for signature non-repudiation and data integrity.

The Author of Record pilots are focused on four different types of signatures: 1) Signatures on transactions (see esMD use case 1 and ) 2) Signatures on bundles of documents using the IHE DSG standards as defined in. 3) Signatures on individual C-CDAs using the XADES-X-L standard defined in the . 4) Delegation of rights assertions using a SAML assertion as defined in the guides.

=Objectives=

The pilots are designed to test signatures and delegations of rights on transaction, bundles of documents and individual documents. The end goals of the Author of Record pilots include addressing the following capabilities to:
 * identity proof individuals and organizations at Federal Bridge Medium Assurance
 * manage X.509v3 signing certificates and authorization tokens in a secure signing application
 * create the appropriate artifacts required by the specific application
 * create the appropriate delegation of rights assertion
 * validate the delegation of rights
 * calculate the appropriate message digest
 * incorporate the artifacts in the specific structure
 * receive and validate the signature artifacts and data integrity

=Documentation Streams= __Stream 1: Signature on transactions__ 1) White papers 2) 3)
 * Digital Credentials
 * Identity Proofing
 * Digital Signatures & Delegation of Rights

__Stream 2: Signature on document bundle__ 1) White papers 2)
 * Digital Credentials
 * Identity Proofing
 * Digital Signatures & Delegation of Rights

__Stream 3: Signature on a Consolidated CDA__ 1) White papers 2) Author of Record Level 2 Implementation Guide (in progress) 3)
 * Digital Credentials
 * Identity Proofing
 * Digital Signatures & Delegation of Rights

=Pilot Streams= __Stream 1 – Use Case 1 Provider Registration (signing a transaction)__ Goal: Phase 1
 * 1) Test the ability to incorporate digital signatures and delegation of rights onto a provider registration transaction.
 * 2) Accept, validate, and verify transaction data integrity

Pilot Participants:
 * 1) CA/RA
 * 2) Digital Signature Application provider
 * 3) EHR vendor
 * 4) HIH
 * 5) Provider

__Stream 2 – Author of Record Level 1 (signing a bundle of documents)__ Goal: Phase 1
 * 1) Test the ability to incorporate digital signatures and delegation of rights for a bundle of documents using the IHE DSG profile, meeting requirements for non-repudiation.
 * 2) Accept, validate, and verify data integrity on the digitally-signed bundle of documents.

Pilot Participants:
 * 1) CA/RA
 * 2) Digital Signature Application provider
 * 3) EHR vendor
 * 4) HIH
 * 5) Provider

__Stream 3 – Author of Record Level 2 (signing an individual CDA document)__ Goal: Phase 1
 * 1) Test the ability to incorporate digital signatures onto an individual CDA document, meeting requirements for non-repudiation and applying signatures at the time of document creation, modification or review.
 * 2) Accept, validate, and verify data integrity on the digitally-signed CDA

Pilot Participants:
 * 1) CA/RA
 * 2) Digital Signature Application provider
 * 3) EHR vendor
 * 4) HIH
 * 5) Provider

peterb@pahisp.org ||= ||=   || tim.staley@nea-fast.com ||=  ||=   || gyost@inpriva.com
 * Participating Organizations:**
 * = **Organization** ||= **POCs** ||= **Pilot Project Profile** ||= **Status** ||
 * = PAHISP LLC & NHDS ||= Peter Bachman
 * = MEA ||= Tim Staley
 * = Inpriva ||= Ginna Yost

Don Jorgenson djorgenson@inpriva.com ||=  ||=   || bschreiber@max.md ||= ||=   || dborden@mrocorp.com
 * = MaxMD ||= Bruce Schreiber
 * = MRO Corporation & DigiCert ||= David Borden

Scott Rea scott@digicert.com ||=  ||=   || m.pilley@strategichs.com ||=  ||=   || mark.codeablelanguage@gmail.com Susan Hemme susan.mediprofit@gmail.com ||=  ||=   ||
 * = Strategic Healthcare Solutions ||= Dr. Mark Pilley
 * = MediProfit ||= Mark Kimmel

=Reference Materials=
 * ~ Reference Material Description ||~ Link to Reference Material ||
 * Digital Signatures Pilot Description || [[file:Author of Record Pilot Description V1.2.docx]] ||
 * Author of Record Level 2 Implementation Guide || [[file:esMD AoR Level 2 IG Final.docx]] ||
 * Author of Record White Paper || Author of Record Level 1 Sub-Workgroups ||
 * AoR L1 Use Case || Author of Record Level 1 ||
 * AoR L2 Use Case || Author of Record Level 2 ||
 * Author of Record Level 2 Use Case Draft || [[file:esMD_AoR_Level_2_UC_DRAFT V2 03.docx]] ||
 * esMD Pilots Launch Presentation || [[file:esMD Pilots V1.1.pptx]] ||
 * esMD Pilot Project Profile || [[file:esMD_PilotProjectProfile_v2.docx]] ||
 * Pilot Organizations, PoCs, and Organization Types || [[file:Pilot Organizations, PoCs, and Organization Types.xlsx]] ||

include component="page" wikiName="siframework" page="esMD Contacts" include component="page" wikiName="siframework" page="space.template.inc_contentleft_end"