Secure Software Systems for Healthcare
We have strong expertise in building high quality software for the healthcare sector with cryptographically secure digital signatures.
Digital and Electronic signatures are a complex area, full of poor or misleading marketing and a lot of user misunderstanding. The result is that people buy systems because they think they are cryptographically secure, when often they are not. Real security depends on the package of measures used, which is explained in detail below.
One area of confusion is the difference between an electronic signature and a digital signature. An electronic signature is an on-screen representation of the written signature attached to a contract or other record, used by a person with an intent to sign. However, it doesn’t include an individual, personal cryptographic key, because these are expensive. Instead signature security is based on the signer logging on securely to the suppliers’ system, and the supplier checking their identity. Electronic signatures are still often digitally signed, but instead of using a personal digital certificate, they sign using a company issued certificate.
In contrast, a digital signature explicitly uses a personal cryptographic key to validate the authenticity of the individual and the document. This cryptographic signature is also placed on the document to prevent tampering. This should guarantee that an electronic document is authentic – but this actually depends on the security of the rest of the system too.
Different Mechanisms for Signature Verification
Electronic signatures are some combination of the mechanisms shown below. The weak ones omit step No.2, but as long as you have a good provider, the whole system should work as intended. Digital signatures use mechanisms No.5 or No.6. For electronic prescriptions, either will do.
Putting an electronic picture of a signature on the document. This has some value because a person can still recognise that signature.
Requiring the signer to sign into some online system and using a robust login mechanism to make sure it’s the right person – for example bank logins that use 2FA authentication. The identity confirmed by the login is used to store a key that is used to sign in.
Getting the signer to manually verify their identity – asking for a passport or other official document, and then linking that verification to #2. This again is a reasonable step – and many big companies do this.
Putting a centrally issued cryptographic signature onto the document, sometimes called a witness signature. Again, combined with the other items above, this is useful. For example, if I have a document from you with a cryptographic signature from DocuSign, that’s their promise that they’ve checked you out.
Giving you an individual cryptographic signature and storing it in the digital system. The recipient can now see it has a crypto signature that was issued just to you. This is actually a less robust method of verification, as the trust falls on the online system: if the online system is insecure, someone else could potentially sign with your signature.
Giving you an individual signature and storing it on your PC. This provides maximum security, in theory, because now the only person who can sign is you.
Some Of Our Projects
We build high quality healthcare applications to ensure digital electronic signatures are automatically secure.
Dimec Online Repeat Prescription App
An NHS repeat prescription app that integrates with the NHS Electronic Prescription Service and is easy to understand and use, secure and reliable. This was one of the first repeat prescription apps, and the first to use IM1, giving people the benefit of direct access to NHS repeat prescription records. In September 2018, the Co-op acquired the technology in a multi-million pound deal.
Pharmax Pharmaceutical Products Platform
A Procurement Platform of Pharmaceutical Products for pharmacists and wholesalers, which provides access to over 10,000 brokered medicinal products, including branded medicinal products, generics, OTC’s and ULM’s - including an interface to receive and process pharmaceutical orders sent by existing pharmacy dispensing software. Pharmax, which was an entrepreneurial project, was subsequently sold to United Drug.
Medescribe Prescription-Only Medicines Web App
Medescribe is an independent medical agency, regulated by the Care Quality Commission (CQC) and the Regulation and Quality Improvement Authority (RQIA). The project in online medical screening has resulted in business with National pharmacy association (NPA) and Alliance Healthcare.
Still Have Questions? We’ve Got Answers
In our experience:
Electronic Signature systems usually do not use personal digital certificates. They may use a single certificate created by the company who makes the system – which (if it is an ATL certification) will verify in Adobe. This can be robust, but is possibly not the best solution. The certificate says: “this document was signed by Acme Corp – if you trust them, the document was signed by Fred”.
Digital Signature systems generally do use personal digital certificates, but they often still require trust in the provider of the system, because they normally hold the actual private key inside their system. In this case, the certificate says: “this document was signed by someone called Fred”, and Acme who made the system is saying “and Fred is Fred Green Jr.”
We’ve found that the suppliers of online signature systems generally do not explain much of this. We've see suppliers selling witness systems as secure, when strictly speaking they are not. Users tend to trust a well-presented website much more than an explanation of the technology - and if the marketing is confusing, then it opens the possibility of buying the wrong product.
For Private Prescriptions, the “Human Medical Regulations 2012” controls how prescriptions work, and the key points can be found in section 5 of the act, which states:
“Advanced electronic signature” means an electronic signature that is –
a) uniquely linked to the person (“P”) giving the prescription;
b) capable of identifying “P”;
c) created using means that “P” can maintain under “P’s” sole control;
d) linked to the data to which it relates in such a manner that any subsequent change of data is detectable.
Although these regulations are written without specific reference to public key cryptography, most experts now assume that these regulations require a personal, per-prescriber digital signature to be used to sign
the prescription PDF.
Note: public/private key technology can be used to sign any document or file, but PDFs are the most familiar, and now have built-in support for signatures.
We Can Help With Private Prescription Software
If you have a requirement for a software system that allows doctors and other prescribers to create online prescriptions safely and securely, please contact us. We have years’ of experience supporting online pharmacies. And all our software is designed to integrate with other healthcare data sources, such as PAS, GP address data and drugs databases.
What Our Clients Say
Andrew W. Bailey
Co-Director | Dimec Ltd.
"Time and again, they proved to be true experts, undaunted by the complexity of our project, whilst remaining proactive in communication and helpful at every stage."
Managing Director | Merrick Healthcare
"Due to their accurate project planning, they met every milestone."
– a cryptographic system that uses complex mathematics to make it possible to verify a digital signature. A secret private key (owned by a person or company) is used to make the signature. The public key is visible to everyone and is used to check the signature is valid.
– a central organization that issues public/private keys and also provides a way for an end-user to verify a signature. A CA needs to be a highly trusted and secure organisation, because the CA effectively provides a guarantee that someone signing a document is who they say they are.
– a digital certificate typically stored on users PCs which allows software to confirm that a signature is valid – if the Root Certificate is missing, users can be prompted to install it, and can do this with no loss of security.
– a company that provides a set of tools for implementing electronic/digital signatures, like DocuSign, HelloSign and SigningHub. Usually, the main purpose of these tools is to make the process of signing easy enough that end users will do it – but they also take a role in making sure the signature is valid, possibly by validating the user. These tools may support either Electronic Signatures and/or Digital Signatures. The company may also offer to check the identity of people making signatures too.
– Adobe Trusted List – a list of trusted CAs whose Root Certificates are built into Adobe PDF Reader. Being built-in gives these CAs a huge advantage: PDF documents which are signed with certificates linked to these CAs will show as valid with no further user action, which makes them more trusted by users.
are an online method of signing documents that is based on personal cryptographic keys. There are two main options:
- A system where the personal signature is created and managed personally as a PFX file. The prescriber must provide this file to the prescribing software each time they want to sign something.
- A system where the personal signature is created and stored within a web application. Obviously, there is a security risk – if the web application is hacked, someone might get access to the private key and use it. This can be partially resolved by encrypting each private Key inside another secure file which prompts for password on each use.
– two of the many names used to refer to a personal private key, which can be used to sign documents. If issued directly to a person, these keys are usually wrapped in a PKCS12 or .pfx file – and an extra layer of encryption is often used to protect the key – the signer has to type in the passphrase before signing.
can be created privately without a link to a CA, or they can be created through the CA. Only keys created through a CA linked to the ATL will validate immediately in Adobe Reader – other keys need more steps. Keys linked to a CA vary in price depending on the “standing” of the CA and other factors. Typical prices for document-signing certificates are around $300 per year for the top-end CAs.
is an online method of signing a document that generally does not include an individual, personal cryptographic key – because these are expensive. Instead signature security is based on the signer logging on securely to the suppliers’ system, and maybe on the supplier checking their identity. Electronic Signatures are still often digitally signed, but instead of using a personal digital certificate, they sign using a company issued certificate.