Failings in the Treatment of Electronic Signatures

Original article can be found at: http://www.herts.ac.uk/courses/schools-of-study/law/hertfordshire-law-journal/home.cfmPeer reviewe

Identificação eletrónica, assinatura e serviço de confiança

A generalização do uso de comunicações eletrónicas em todas as esferas das atividades humanas traz a necessidade de uma nova perspetiva legal. Esta necessidade é particularmente sentida a nível da União Europeia com o objetivo assumido de construir um mercado digital único e fiável. O Regulamento 910/2014 foi estabelecido como o principal quadro jurídico europeu destinado a harmonizar o entendimento de instrumentos como identificação eletrónica, autenticação eletrónica, serviços eletrónicos e também outros serviços de confiança da sociedade de informação, como selos eletrónicos, carimbos, serviços de entrega registrada eletrónica e autenticação de sites. No seu conjunto, o Regulamento 910/2014 visa estabelecer um quadro jurídico comum que permitisse aos cidadãos europeus tirarem pleno partido dos serviços digitais num ambiente técnica e juridicamente seguro.The generalization of the use of electronic communications in all spheres of human activities brings along a need for a new legal perspective. This need is particularly felt at European Union level with the assumed aim of building a trustable Digital Single Market. Regulation 910/2014 was set as the main European legal framework aimed at harmonizing the understanding of instruments such as electronic identification, electronic authentication, electronic services, and other trust services of information society, such as electronic seals, electronic time stamps, electronic registered delivery services and website authentication. In the whole, Regulation 910/2014 is intended to establish a common legal framework allowing European citizens to take full advantage of digital services in a technically and legally secure environment

The hare and the hortoise [sic]: The potential versus the reality of eTP implementation

In a health system increasingly driven by cost constraints, there is a focus on improved electronic transfer of information to support healthcare delivery. One area of healthcare that has moved more quickly than others to achieve this is prescribing in the primary care environment. Whilst the move to electronic transfer of prescriptions has reduced transcription errors, the regulatory environment persists with handwritten signatures. This constraint, whilst addressed slowly with technology solutions, needs support from legislative change. The ultimate step is to have a secure mobile model, which would support the move to a fully-electronic, paperless transaction model

Review of The Electronic Transaction Ordinance: Can The Personal Identification Number Replace The Digital Signature?

In a recent consultation document, the Information Technology and Broadcasting Bureau proposed that personal identification numbers (PINs) be accepted as a form of signature for the purposes of the Electronic Transactions Ordinance (ETO) (Cap 553). This article explains why this proposal is fundamentally flawed. The article identifies three basic requirements for a signature and examines whether they are satisfied by digital signatures and PINs. It concludes that while a digital signature has built into it all the elements necessary for compliance with the requirements, a PIN can only be used for the purpose of authorisation and cannot be elevated to the status of a signature as required by the ETO.published_or_final_versio

A framework for development of android mobile electronic prescription transfer applications in compliance with security requirements mandated by the Australian healthcare industry

This thesis investigates mobile electronic transfer of prescription (ETP) in compliance with the security requirements mandated by the Australian healthcare industry and proposes a framework for the development of an Android mobile electronic prescription transfer application. Furthermore, and based upon the findings and knowledge from constructing this framework, another framework is also derived for assessing Android mobile ETP applications for their security compliance. The centralised exchange model-based ETP solution currently used in the Australian healthcare industry is an expensive solution for on-going use. With challenges such as an aging population and the rising burden of chronic disease, the cost of the current ETP solution’s operational infrastructure is certain to rise in the future. In an environment where it is increasingly beneficial for patients to engage in and manage their own information and subsequent care, this current solution fails to offer the patient direct access to their electronic prescription information. The current system also fails to incorporate certain features that would dramatically improve the quality of the patient’s care and safety, i.e. alerts for the patient’s drug allergies, harmful dosage and script expiration. Over a decade old, the current ETP solution was essentially designed and built to meet legislation and regulatory requirements, with change-averting its highest priority. With little, if any, provision for future growth and innovation, it was not designed to cater to the needs of the ETP process. This research identifies the gap within the current ETP implementation (i.e. dependency on infrastructure, significant on-going cost and limited availability of the patient’s medication history) and proposes a framework for building a secure mobile ETP solution on the Android mobile operating system platform which will address the identified gap. The literature review part of this thesis examined the significance of ETP for the nation’s larger initiative to provide an improved and better maintainable healthcare system. The literature review also revealed the stance of each jurisdiction, from legislative and regulatory perspectives, in transitioning to the use of a fully electronic ETP solution. It identified the regulatory mandates of each jurisdiction for ETP as well as the security standards by which the current ETP implementation is iii governed so as to conform to those regulatory mandates. The literature review part of the thesis essentially identified and established how the Australian healthcare industry’s various prescription-related legislations and regulations are constructed, and the complexity of this construction for eTP. The jurisdictional regulatory mandates identified in the literature review translate into a set of security requirements. These requirements establish the basis of the guiding framework for the development of a security-compliant Android mobile ETP application. A number of experimentations were conducted focusing on the native security features of the Android operating system, as well as wireless communication technologies such as NFC and Bluetooth, in order to propose an alternative mobile ETP solution with security assurance comparable to the current ETP implementation. The employment of a proof-of-concept prototype such as this alongside / coupled with a series of iterative experimentations strengthens the validity and practicality of the proposed framework. The first experiment successfully proved that the Android operating system has sufficient encryption capabilities, in compliance with the security mandates, to secure the electronic prescription information from the data at rest perspective. The second experiment indicated that the use of NFC technology to implement the alternative transfer mechanism for exchanging electronic prescription information between ETP participating devices is not practical. The next iteration of the experimentation using Bluetooth technology proved that it can be utilised as an alternative electronic prescription transfer mechanism to the current approach using the Internet. These experiment outcomes concluded the partial but sufficient proofof- concept prototype for this research. Extensive document analysis and iterative experimentations showed that the framework constructed by this research can guide the development of an alternative mobile ETP solution with both comparable security assurance to and better access to the patient’s medication history than the current solution. This alternative solution would present no operational dependence upon infrastructure and its associated, ongoing cost to the nation’s healthcare expenditure. In addition, use of this mobile ETP alternative has the potential to change the public’s perception (i.e. acceptance from regulatory and security perspectives) of mobile healthcare solutions, thereby paving the way for further innovation and future enhancements in eHealth

Doctoring Prescriptions: Federal Barriers to Combating Prescription Drug Fraud Against On-Line Pharmacies in Washington

Prescription drug abuse represents a significant portion of drg abuse in the United States. Drug-seeking individuals alter, steal, or forge prescriptions to sustain their own dependence on prescription medications or to divert the drugs to sell to others at inflated rates. On-line pharmacies are a relatively new source for prescription medications and a potential target for prescription drug fraud. The federal government recently enacted the Electronic Signatures in Global and National Commerce Act (E-SIGN), which governs electronic signatures and preempts inconsistent provisions of state laws, such as the Washington Electronic Authentication Act (WEAA). WEAA is a legal framework that could be effectively amended to eliminate nearly all prescription drug fraud perpetrated against on-line pharmacies. However, E-SIGN preempts a crucial WEAA provision and prohibits enacting a key recommended amendment to WEAA, both of which are necessary to combat this problem. Options permissible after E-SIGN, such as voluntary self-regulation by the on-line pharmacy industry and amendment of WEAA, will not comprehensively and effectively prevent this type of fraud. Therefore, E-SIGN fundamentally alters Washington\u27s ability to protect the public\u27s health, safety, and welfare from prescription fraud perpetrated against online pharmacies