HIPAA tech
HIPAA dvisory
HIPAAdvisory > HIPAAtech Phoenix Health Systems
news
regs
action
tech
wares
alert
live
latest
online HIPAA training
HIPAAstore
HIPAA help desk
search
contact us
site map

Digital Signature

Definition:

An electronic signature that cannot be forged. It is a computed digest of the text that is encrypted and sent with the text message. The recipient decrypts the signature and recomputes the digest from the received text. If the digests match, the message is authenticated and proved intact from the sender.

Signatures and Certificates

A digital signature ensures that the document originated with the person signing it and that it was not tampered with after the signature was applied. However, the sender could still be an impersonator and not the person he or she claims to be. To verify that the message was indeed sent by the person claiming to send it requires a digital certificate (digital ID) which is issued by a certification authority. See digital certificate.

Example:

The sender uses a one-way hash function to compute a small digest of her text message. Using her private key, she encrypts the digest, turning it into a digital signature. The signature and the message are then encrypted using the recipient's public key and transmitted. The recipient uses his private key to decrypt the text and derive the still-encrypted signature. Using his public key, he decrypts the signature back into the sender's digest and then recomputes a new digest from the text message. If the digests match, the message is authenticated.

Use of Electronic Signatures: Past and Present by Gail D. Sausser, Esq., Healthcare Financial Management Magazine, June 2002
The healthcare industry could achieve greater convenience and efficiency by adopting a national standard regarding the use of electronic signatures. Unfortunately, HHS regulators still have not finalized the 1998 proposed rule that relates to electronic signatures in accordance with HIPAA. Until further action is taken, useful insight can be gained by examining the approaches used by the Food and Drug Administration (FDA) and other governmental bodies that have developed electronic signature laws and regulations.

Scope of Authorization to Use of Electronic Signatures in Enacted Legislation A table listing enacted legislation, by State, giving authorization to use electronic signatures. Does not list or cover proposed legislation.

Digital Signature Guidelines
The American Bar Association Section of Science and Technology Law has produced the first legal overview of the use of cryptology, electronic signatures, and entity authentication over an open network like the Internet. The resulting document is called the Digital Signature Guidelines, now available online for FREE from the ABA.

Articles

Why Digital Signatures Are Not Signatures
Digital signatures are a fundamental component of business in cyberspace. And numerous laws, state and now federal, have codified digital signatures into law. These laws are a mistake. Digital signatures are not signatures, and they can't fulfill their promise. Understanding why requires understanding how they work.

Electronic signatures: Digital scrawl
How do you sign something that isn't on paper? The advent of digital and electronic signatures will help answer that question.

E-SIGN On the Dotted E-Line
The Electronic Signatures in Global and National Commerce Act - also known as E-Sign - recognizes electronic signatures as having the same legal weight as handwritten signatures for most commercial transactions, and provides for certain technology-neutral approaches to the adoption of standards relating to electronic signatures.

The Esign effect
The Electronic Signatures in Global and National Commerce Act (Esign) brings enterprises face-to-face with the complex process of developing the business rules and policies that must be established before implementing digital signature technologies.

Go to TOP