You are viewing limited content. For full access, please sign in.

Question

Question

electronic signature legal question

Laserfiche
Updated March 5, 2018
asked on February 27, 2018

We want to take digital signatures for our clinic consent forms.  We've emailed our lawyer and he sent us back some things with the Ohio Revised Code.  I'm having issue's with (B)2.  Anyone had anything similar.  Does this mean they want Laserfiche to have two-factor authentication?  I can't believe that every e-sign in Ohio has 2 factor auth.  I'm also not sure the Ohio Revised Code knows what they are talking about with this item as if you google "two-level access control mechanism electronic signature" you come up with the Ohio revised code and nothing else.  

(B) All notes, orders, and observations entered into a health care record, including any interpretive reports of diagnostic tests or specific treatments, such as radiologic or electrocardiographic reports, operative reports, reports of pathologic examination of tissue, and similar reports, shall be authenticated by the individual who made or authorized the entry. An entry into a health care record may be authenticated by executing handwritten signatures or handwritten initials directly on the entry. An entry that is an electronic record may be authenticated by an electronic signature if all of the following apply:

 

  1. The entity responsible for creating and maintaining the health care record adopts a policy that permits the use of electronic signatures on electronic records.
  2. The entity's electronic signature system utilizes either a two-level access control mechanism that assigns a unique identifier to each user or a biometric access control device.
  3. The entity takes steps to safeguard against unauthorized access to the system and forgery of electronic signatures.
  4. The system includes a process to verify that the individual affixing the electronic signature has reviewed the contents of the entry and determined that the entry contains what that individual intended.
  5. The policy adopted by the entity pursuant to division (B)(1) of this section prescribes all of the following:

(a) A procedure by which each user of the system must certify in writing that the user will follow the confidentiality and security policies maintained by the entity for the system;

(b) Penalties for misusing the system;

(c) Training for all users of the system that includes an explanation of the appropriate use of the system and the consequences for not complying with the entity's confidentiality and security policies.

0 0

Replies

replied on February 27, 2018

I think that the "two-level" mechanism is about access control in general and is not specific to digital signatures, so I think limiting your search to include that term is too narrow.  For instance, I found this citation for the rest of the phrase.  As far as interpreting what it's saying, I don't find it clear at all.

0 0
replied on February 28, 2018

 They seem to be describing two factor authentication. I think you would need additional legal advice on interpretation, but my admittedly cursory research seems to show a major trend toward health systems adopting the technology. It's entirely possible they don't know what they're talking about, policy writers often don't. 

If you're trying to do your own research I recommend using terms like 2FA and two factor, relative to Ohio and American laws in this area. 

0 0
replied on February 28, 2018

Is the two factor auth on the submitter side or the retrieval side?  Like do the people filling out the form have to authenticate or do my employee's have to have two factor auth into laserfiche to retrieve the form?  That's what i can't figure out as well.  

0 0
replied on March 5, 2018

Sorry for the lack of response, I've been away. My understanding is that there are secure customer facing products available - given your other post I think you've figured this out already. Two factor authentication into LF seems to be touch and go if discussions on here are to be believed; the technology is available, but for the windows client at least, there are other options. 

 

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...