Electronic Signature for Medical Documents – Integration and Evaluation of a Public Key Infrastructure in Hospitals

Abstract

Our objectives were to determine the user-oriented and legal requirements for a Public Key Infrastructure (PKI) for electronic signatures for medical documents, and to translate these requirements into a general model for a signature system. A prototype of this model was then implemented and evaluated in clinical routine use. Analyses of documents, processes, interviews, observations, and of the available literature supplied the foundations for the development of the signature system model. Eight participants of the Department of Dermatology of the Heidelberg University Medical Center evaluated the implemented prototype from December 2000 to January 2001, during the course of an intervention study. By means of questionnaires, interviews, observations and database analyses, the usefulness and user acceptance of the electronic signature and its integration into electronic discharge letters were established. Since the major part of medical documents generated in a hospital are signature-relevant, they will require electronic signatures in the future. A PKI must meet the multitude of responsibilities and security needs required in a hospital. Also, the signature functionality must be integrated directly into the workflow surrounding document creation. A developed signature model, fulfilling user-oriented and legal requirements, was implemented using hard and software components that conform to the German Signature Law. It was integrated into the existing hospital information system of the Heidelberg University Medical Center. At the end of the intervention study, the average acceptance scores achieved were mean = 3.90; SD = 0.42 on a scale of 1 (very negative attitude) to 5 (very positive attitude) for the electronic signature procedure. Acceptance of the integration into computer-supported discharge letter writing reached mean = 3.91; SD = 0.47. On average, the discharge letters were completed 7.18 days earlier. The electronic signature is indispensable for the further development of electronic patient records. Application-independent hard and software components, in accordance with the signature law, must be integrated into electronic patient records, and provided to certification services using standardized interfaces. Signature-oriented workflow and document management components are essential for user acceptance in routine clinical use.