Health agency ready for digital IDs

Department of Health and Human Services officials will be able to approve all official correspondence and regulations with digital signatures by this fall, a National Institutes of Health official said.

Digital signatures, which are electronic tamperproof seals guaranteeing that a file has not been modified, are one benefit of a new electronic records management system that NIH will start using this summer. After NIH officials test the System for Enterprise Records and Correspondence Handling (SERCH), HHS officials intend to deploy it departmentwide on a voluntary basis, said Star Kline, NIH's information systems manager.

SERCH supports HHS Secretary Michael Leavitt's goal to move the government into the Digital Age. When he was governor, Utah became the first state to pass legislation recognizing digital signatures as a legal means to authenticate electronic communications. HHS would be one of the first civilian departments in the federal government to use digital signatures on all official letters.

The Defense Department has already issued more than 5 million smart cards with digital signature capabilities.

Experts predict that most federal civilian agencies will use digitally stamped, encrypted autographs in the next two years. Advances in workflow management systems such as SERCH and homeland security policies will make digital signatures ubiquitous in government. Agencies will profit from cost-savings, time efficiency and greater accountability.

Additionally, digital signatures help federal officials adhere to government rules to reduce paperwork by eliminating printing, scanning and copying fees. Because the signatures travel through cyberspace, multiple parties can instantly approve documents from any location without waiting for them to arrive in the mail. A digital signature's cryptography ensures that the message remains unaltered, preventing forgeries and increasing integrity.

Kline said SERCH's digital signature is a numeric code accompanied by a representation of the individual's autograph.

Digital signatures should not be confused with electronic signatures. The latter are digital illustrations of handwriting, not something cryptographically stamped. Some government officials use e-signatures for bulk endorsements.

Kline said the main reasons for transitioning to digital signatures are saving time and legal requirements. "You can ensure who exactly signed the document and exactly when," she said.

NIH and HHS attorneys have reviewed SERCH's digital signature process to ensure that signed documents are trustworthy enough to hold up as evidence in court. For example, tobacco litigation has a need for secure signatures.

Several HHS agencies have already opted in, including the Health Resources and Services Administration, the Agency for Healthcare Research and Quality, the Centers for Medicare and Medicaid Services, the Indian Health Service, and the Substance Abuse and Mental Health Services Administration.

NIH and HHS officials signed a five-year contract for SERCH at an initial cost of $2.45 million. The cost for other HHS agencies to opt in will be lower because the software license is already paid for.

SERCH is based on several products, including Adobe software for digital signatures. Kline said she chose Adobe because the company's free Reader eliminates the cost of installing viewer software on each computer.

Experts say HHS' PIN-accessible digital signatures are not as fortified as federal identification technology that will be available in the next few years, but they have advantages.

Under new governmentwide smart card specifications, known as Federal Information Processing Standard (FIPS) 201, the majority of federal employees will have a smart card token capable of inserting a digital signature with minimal extra cost.

William Burr, manager of NIST's Security Technology Group, said any form of digital signature is more credible than a computerized autograph or a handmade scribble.

"Digital signatures are the strongest form of electronic signatures," he said. "They are cryptographic ... so technical attacks against them are very difficult. ... It's a self-authenticating record."

Burr added that PIN-accessible signatures, while less airtight, allow employees to authenticate documents from home or on the go, without smart card readers.

Ben Jun, vice president of Cryptography Research, a data security firm, said HHS is particularly well-positioned to test digital signatures.

"They've had a 10-year head start on thinking about how to move their paper processes into the electronic world" because of Health Insurance Portability and Accountability Act transaction regulations, he said.

Jun predicts that most federal agencies will adopt digital signatures in stages. First, public outreach organizations, such as the Government Printing Office and the Internal Revenue Service, might broadcast digital signatures on documents they release daily. Then agencies will sign off on financial transactions digitally. Finally, government officials will approve digital signatures for use in e-mail messages.

The inner workings of SERCH

The System for Enterprise Records and Correspondence Handling (SERCH) will play a major role in enabling Department of Health and Human Services officials to use digital signatures to verify the validity of electronic documents.

The signature process does not use smart cards now, but it will. Currently, when a document is ready for a signature, it is sent to the employee via secure SERCH workflow software. The process does not rely on insecure e-mail.

The employee then drags an icon of his or her signature to the signature line. Once that image is in place, the employee saves the file and types in a user name and password to obtain a public-key infrastructure digital certificate.

The request and authorization travel back and forth securely via the Internet, similar to the way credit card approval works for online purchases. Once the person's identity is confirmed, the computer marks the document with the digital signature.

— Aliya Sternstein

NEXT STORY: Croom takes over DISA, JTF-GNO

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.