Secure signatures and prevent modification of associated record.

[TWillson]

I am providing home Physical Therapy services to infants and required to write a note which parent and I both sign (I would like to do this digitally using FM Go, and sync with a FM Advance on a laptop computer.) The state I am working in has the following requirements for electronic records: 

 

   * Record itself must meet the general and specific requirements of the regulations as to content.

   * Possible to determine when the record was created.

   * Process to prevent records from being altered after they are created.

   * If records can be altered, alteration process is documented.

   * Actual caregiver identified in the record.

   * Caregiver identified as having selected menu entries.

   * System of internal controls that insures that actual completed service delivery drives Medicaid billing.

   * Records should be maintained in the ordinary course of business so that no "special" programming, software, language, etc., is required to access them.

 

I am using timestamps, audit logs and tracking database access by account login. 

 

My question is regarding electronic signatures, specifically the parent signature. Below are two ideas I have for attaching the signature to the note and to prevent editing of the signed document:

 

1)generate a pdf (locked by a random password) with the parents signature (which is cleared after the pdf is generated), and store the pdf in a container field for printing (I need to submit printed copies.) The issue I anticipate is regarding database size. Each pdf would be 196 KB, with approx 10 new records per week.

 

2)capture and store the parent’s signature in a table along with a hash of the note at the time of signing. When printing, generate a hash of the note, so that the parent’s signature will only appear if the session note hasn’t been modified. The issue I have relates to me being both the developer and user. Couldn’t I technically have the ability to make changes to the note and re-hash to have the signature appear? Is it possible to lock down the signature table (even from the developer (me)) when removing Full Access to prevent ever changing the hash or duplicating the signature?

 

Any thoughts or feedback on either of the two scenarios would be much appreciated.

 

Thanks,

 

Tom