Search
Close this search box.
Categories
Digital Signature

Digital Signature: a mandatory requirement in the New TISS Standard 04.01.00 for healthcare providers and operators

The National Agency for Supplementary Health (ANS) recently announced the implementation of the new TISS Standard 04.01.00, which includes the requirement for a digital signature for all healthcare providers and operators.

This change represents an important milestone in the industry, bringing greater security, reliability, and efficiency to health-related processes and the protection and privacy of patient data.

In this article, we will discuss relevant points of this requirement regarding digital signature adoption, the benefits and challenges, and how Eval, a company specializing in digital signature solutions, can help with this transition.

Digital Signature in TISS 04.01.00: mandatory requirement for security and compliance in the healthcare sector

Before we review the concept of digital signature, it is worth highlighting the requirement established by the National Agency of Supplementary Health (ANS) for the adoption of digital signature in the new TISS 04.01.00 standard.

This requirement seeks to guarantee the security, authenticity, and integrity of the information exchanged between healthcare providers and carriers.

The implementation of the digital signature, in practice, brings significant benefits for those involved, while also representing a challenge for the adequacy of the processes and systems used by health institutions.

About digital signature

As a cryptographic technology, the digital signature allows the verification of the authenticity and integrity of digital documents, ensuring that their content, as well as the sender, is legitimate and has not been tampered with.

In addition, the digital signature has legal validity, ensuring that digitally signed documents have the same legal value as manually signed physical documents.

By adopting the digital signature in TISS 04.01.00, healthcare providers and operators ensure not only compliance with ANS requirements, but also reap a number of benefits that directly impact their operations and relationships.

Benefits of Digital Signature for healthcare providers and operators

The adoption of the digital signature in the new TISS Standard 04.01.00 brings several benefits for healthcare providers and operators:

  1. Increased security and reduced fraud:

With the use of advanced cryptography and digital certificates, the digital signature ensures the authenticity and inalterability of the exchanged documents, minimizing the risk of fraud and leakage of sensitive patient information.

  1. Improving operational efficiency:

The adoption of digital signatures speeds up information exchange processes, reduces the paperwork associated with manual verification of authenticity and signatures, and eliminates the need for physical documents, resulting in savings of time and resources.

  1. Greater trust between those involved:

The use of the digital signature strengthens the trust between providers, operators, and healthcare institutions, since it guarantees the authenticity and integrity of the information exchanged and increases the credibility of the parties involved.

  1. Transparency and Traceability:

The digital signature promotes greater transparency and traceability in information exchange processes, since each document has an encrypted record that can be traced and verified, facilitating auditing and process control.

  1. Agility in conflict resolution:

The guarantee of authenticity and integrity provided by the digital signature facilitates the resolution of disputes between those involved, allowing faster and more efficient decision-making.

Overcoming Challenges and Impacts of Digital Signature Implementation in TISS 04.01.00

While the adoption of the digital signature in TISS 04.01.00 brings numerous benefits to healthcare providers and operators, it can pose challenges and impacts that must be considered and managed.

We will analyze the main challenges and impacts involved in implementing digital signatures, offering insights on how to overcome them and ensure a successful transition.

Technological adaptation

The implementation of digital signature requires the adoption of new technologies and IT infrastructures.

Healthcare providers and operators must invest in systems and solutions compatible with the new standard, ensuring efficient integration with existing processes.

To overcome this challenge, it is essential to count on specialized partners, such as Eval, that can provide technical support and guidance during the transition.

Training and qualification of collaborators

The move to digital signature requires employees in healthcare institutions to understand and adapt to the new processes and tools.

It is essential to invest in training and qualification, ensuring that everyone is able to use the new technologies and contribute to the efficiency and safety of the processes.

Raising awareness about the importance of digital security

The implementation of digital signature demands a change in organizational culture, emphasizing the importance of digital security and proper handling of patient information.

Providers and carriers should promote awareness among their employees and establish clear policies and procedures to ensure compliance with standards and regulations.

Cost and investment management

The transition to digital signature may generate additional costs related to technology acquisition, training, and support.

However, it is necessary to consider the long-term benefits provided by digital signatures, such as reduced operating costs, increased efficiency, and security.

Planning and managing investments effectively is crucial to minimize financial impacts and ensure a positive return.

Regulatory monitoring and compliance

ANS establishes specific rules and deadlines for the implementation of digital signature in TISS 04.01.00 (
extended until d
ezembro
of 2023
). Healthcare providers and operators must closely follow and monitor regulatory requirements, ensuring compliance and avoiding penalties and fines.

By proactively addressing these challenges and impacts and relying on the support of expert partners such as Eval, providers and carriers can ensure a successful implementation of the digital signature in TISS 04.01.00. In this way, they will reap the benefits of improved security, efficiency, and compliance.

Eval can help with transition to new TISS Standard 04.01.00

Eval is a company specialized in digital signature solutions, with extensive experience in the healthcare industry and ANS standards.

With our expertise, we can help healthcare providers and carriers adapt to the new TISS Standard 04.01.00 by offering:


  • Consulting and planning
    We assist you in developing an action plan for digital signature implementation, analyzing the current scenario, and defining appropriate strategies.

  • Customized Solutions
    : we develop digital signature solutions adapted to the specific needs of each client, ensuring integration with existing systems.

  • Support and training
    : We offer ongoing training and support for the team, ensuring that all professionals are able to use the digital signature solutions efficiently and securely.

  • Monitoring and compliance
    : we closely monitor the evolution of regulations in the sector and update our solutions to ensure compliance with the standards set by the ANS.

Digital signature: an important step towards modernization and security in the healthcare sector

The requirement for a digital signature in the new TISS Standard 04.01.00 represents a fundamental step towards modernization and security in the healthcare sector.

To meet the challenges of this transition and ensure compliance, it is critical to have the support of a specialized company like Eval.

Don’t leave it to the last minute, start the process of implementing the digital signature in your organization now and be prepared for the changes to come.

Contact Eval today. https://eval.digital/contato/

About Eval

EVAL has been developing projects in the financial, health, education, and industry segments for over 18 years. Since 2004, we have offered solutions for Authentication, Electronic and Digital Signature, and Data Protection. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.

With value recognized by the market, EVAL’s solutions and services meet the highest regulatory standards of public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.

Categories
Digital Signature

Take advantage of the deadline extension and adopt the New TISS Standard 04.01.00

Don’t leave it to the last minute.

Learn how digital signature will impact providers, operators, and healthcare institutions.

With the change in the effective date of the New TISS Standard 04.01.00 to 12/31/2023, providers, operators and healthcare institutions have a unique opportunity to update and adapt to the new standard.

It is essential to take advantage of this extension and not leave it to the last minute, thus ensuring a smooth and efficient transition.

One of the main innovations is the adoption of digital signatures in specific documents sent between institutions.

In this article, we will address the importance of the digital signature and the impacts of this feature with the effectiveness of the TISS standard 04.01.00.

Understanding the TISS Standard 04.01.00

TISS 04.01.00, established by the National Supplementary Health Agency (ANS), is the most recent update of the Standard for the Exchange of Information in Supplementary Health (TISS).

This norm aims to standardize electronic communication among all those involved in the medical sector, ensuring greater efficiency, safety, and legal compliance.

Let’s look in detail at some important aspects of TISS 04.01.00.

TISS Standard Components 04.01.00

TISS is made up of four main components:

  • Organizational Component:
    Defines the guidelines, responsibilities, and deadlines for implementing the TISS standard. It also establishes the security and privacy rules and requirements for the protection of patient data.
  • Content and Structure Component:
    Details the structure of the electronic messages and documents that will be exchanged between the parties involved. It also includes the definition of terms, codes, and domain tables.
  • Health Concepts Representation Component: Describes the concepts, terminologies, and encodings used in the medical sector, facilitating interoperability and understanding of the exchanged data.
  • Communication Component:
    Specifies the protocols and communication mechanisms used in the electronic exchange of information and documents in the TISS standard.

Digital Signature

As mentioned earlier, TISS 04.01.00 introduces the requirement for a digital signature on certain documents, as stipulated by domain table no. 81.

The digital signature is a technology that guarantees the authenticity, integrity, and non-repudiation of the information exchanged, increasing security and trust between the parties involved.

Update and maintenance of the TISS standard

The ANS periodically updates the TISS standard to ensure that it is aligned with the needs and advances in the segment.

These updates are communicated to the parties involved and must be implemented within the deadlines set by the agency.

Compliance and Enforcement

The ANS is responsible for overseeing TISS implementation and compliance among plan operators and service providers. The agency can apply penalties and sanctions in case of noncompliance with the established rules and deadlines.

By understanding the details of TISS 04.01.00, institutions, providers, and health insurance carriers can better prepare to implement the changes and ensure compliance with industry requirements.

TISS 04.01.00: the impacts of the digital signature for providers, operators and health institutions

With the increasing number of cyber attacks and data leaks, protecting patient information has become a priority for all medical institutions.

The digital signature, based on cryptography and digital certification, ensures that the documents exchanged between healthcare actors are authentic and cannot be altered or repudiated.

The adoption of the digital signature in the TISS 04.01.00 standard brings several impacts and benefits for providers, operators, and healthcare entities.

Increased security

Digital signatures provide an additional layer of protection for organizations. Using advanced cryptography and digital certificates, digital signatures ensure that the documents exchanged are authentic and unalterable.

This minimizes the risk of fraud, protecting sensitive patient information and ensuring transaction integrity.

Legal Compliance

TISS standard 04.01.00 requires the adoption of the digital signature in certain documents and its implementation ensures that institutions are in compliance with the rules and regulations of the medical sector, avoiding penalties and financial losses resulting from non-compliance.

Greater confidence

The use of digital signatures in communications between providers, operators, and healthcare institutions strengthens the trust between the various players in the sector.

By ensuring the authenticity and integrity of the information exchanged, the digital signature provides greater security in transactions and increases the credibility of the parties involved.

Operational Efficiency

The implementation of the digital signature in the processes of information and document exchange contributes to the simplification and speeding up of these transactions.

Eliminating physical documents and reducing the bureaucracy associated with manual verification of authenticity and signatures contributes to reducing operating costs and increasing efficiency in institutions.

Transparency and traceability

The adoption of the digital signature in TISS standard 04.01.00 also promotes greater transparency and traceability in the information exchange processes.

With the digital signature, each document has an encrypted record that can be traced and verified, making auditing and process control easier.

Agility in conflict resolution

The digital signature facilitates the resolution of conflicts between providers, operators, and medical entities because it guarantees the authenticity and integrity of the information exchanged.

With the assurance that the documents are genuine and unalterable, the parties involved can resolve disputes more quickly and efficiently.

When considering the transformation generated, it is evident that the adoption of the digital signature in TISS standard 04.01.00 is beneficial for all actors involved. It contributes to a safer, more efficient, and more regulatory compliant industry.

Eval can help institutions adapt to TISS standard 04.01.00

With over 18 years of experience in the market, Eval is a pioneer in the use of electronic signatures, digital certification and cryptography in Brazil.

We offer customized solutions, adapted to the needs of each institution, ensuring compliance with the new TISS 04.01.00 standard.

Eval has a broad portfolio of products and services, including:

  • Implementation of digital signatures:
    Eval helps implement digital signatures on documents exchanged between providers, operators, and healthcare institutions, ensuring security and compliance with TISS 04.01.00.
  • Training and support:
    We provide training and ongoing support to healthcare professionals, ensuring they are up to date on the latest trends and best practices in information security and TISS standard compliance.
  • Integration with existing systems:
    Together with the institutions and other providers, Eval is working to ensure the integration of the electronic signature and information security with existing systems and processes, providing a smooth transition to the new TISS 04.01.00 standard.

Providers, operators and healthcare institutions cannot miss this unique opportunity

With the extension of the deadline for TISS 04.01.00 to go into effect until 12/31/2023, providers, operators and healthcare institutions have a unique chance to update and ensure the security of patient information.

Eval, with its vast experience and expertise in electronic signature, digital certification and cryptography, is the ideal partner to help your company adapt to the new TISS standard and ensure the security of patient information.

Take advantage of the deadline extension and contact Eval today!

Find out how we can help your institution meet the challenges of TISS 04.01.00, ensuring security and compliance in the industry.

Time is of the essence, and the risk of not acting can have serious consequences for your institution and your patients. Protect yourself with Eval’s expertise and ensure a safer future for your facility and the patients you serve.

Don’t miss this opportunity to upgrade and strengthen security in the healthcare industry.

Access now
https://eval.digital/contato/

About Eval

EVAL has been developing projects in the financial, health, education, and industry segments for over 18 years. Since 2004, we have offered solutions for Authentication, Electronic and Digital Signature, and Data Protection. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.

With value recognized by the market, EVAL’s solutions and services meet the highest regulatory standards of public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.

Categories
Document and Contract Management

Is the signature of a witness in a digital contract still necessary?

In Brazil, there are still doubts about the need for witnesses in a digital contract to be valid.

In practice, in some cases it is believed that, as with physical contracts, witnesses are not required for a digital contract to be binding.

In other situations, it is argued that because it is a digital contract, that is, an electronic document, witnesses must be required for it to be considered legal.

In still other cases, it is held that the validity of a digital contract should depend on the jurisdiction in which it is made.

Let’s understand the whole context and clarify all these points.

What is a digital contract?

Digital contracts can be understood as business or agreement concluded by electronic means, that is, formed and signed by means of a mobile device or computer.

In Brazil, since 2006, it has been possible to make valid digital contracts under the law. Law 11.419/06 regulated the use of electronic signatures in the country and allowed contracts to be signed online – without the need for paper or pen.

Since then, digital contracts have been adopted in commercial and personal relationships, whether they be for buying and selling, renting, providing services, or contracting health insurance, among others.

The ease of contracting online is one of the main advantages of the digital contract. All you have to do is access the company’s website or application to do business, without the need to go to a physical store or face lines to contract a product or service.

Another positive point is that digital contracts are stored safely, preventing the loss of important documents. In addition, digital contracts can also be easily shared – just send an email to the contractor.

The role of witnesses when signing a contract

Witnesses are usually required for important contracts and documents, such as records of purchase and sale, rent, and even in the provision of services.

Its role is to make sure that the parties involved in signing the contract are aware of their rights and obligations.

In addition, the witnesses also guarantee that the contracting parties agree with the content of the contract and that there is no mistake or misunderstanding at the time of signing.

However, despite the common use of witnesses in business formalization, there is no mandatory requirement. According to article 104 of the Civil Code, the contract is valid as long as it meets three requirements:

  1. Be performed by a capable agent;
  2. It deals with an object that is lawful, possible, determined or determinable;
  3. Whether performed in a manner prescribed by law or not.

In other words, contracts are legally valid even if they have no witnesses. Even without their presence, the document represents a legal transaction.

However, one point of attention must be emphasized: the contract without witnesses cannot be transformed into an extrajudicial title. This, in practice, means that the parties involved will not be able to enforce the contract in court if one of the parties does not fulfill its duties.

Item III of article 784 of the Code of Civil Procedure states that “to be an extrajudicial enforcement instrument, the contract (in this context, called a private document) must be signed by the debtor and two witnesses”.

However, the requirement of witnesses for digital contracts is still a controversial subject and there is no consensus about this in Brazilian legislation. This is due to the fact that there is still no specific regulation on digital contracts in the country.

 

Conheça as vantagens da assinatura eletrônica para empresas brasileiras

 

Witnesses in digital contracts: is it necessary?

Is the signature of a witness in a digital contract still necessary? This is a very common doubt among people who want to contract products and services over the Internet.

Virtual contracts are, in fact, a reality in Brazil. The ease and practicality of contracting products and services online make this modality one of the most preferred by consumers.

The digital signature is a technological resource that guarantees the authenticity of the contract and the legal validity of the contractual clauses. However, for the contract to be valid, the parties involved in the negotiation must be identified and have a valid digital certificate.

In practical terms, just as witnesses are not required for physical contracts, they are not required for digital ones either. However, it is worth remembering that the electronic signature of a digital contract has the same legal value as the physical signature.

What does the law say about the role of witnesses when signing a digital contract?

According to the understanding adopted by the Third Panel of the
Superior Court of Justice (STJ)
, in the session of judgment of Special Appeal No. 1.495.920/DF, held on May 15, 2018, the “Electronic contract with digital signature, even without the presence of witnesses, is an enforceable title”.

For Justice Paulo de Tarso Sanseverino, the reporting justice on the appeal regarding the validity of the electronic contract, STJ case law holds that the list of extrajudicial enforcement instruments provided for in article 784 of the
Code of Civil Procedure
(CPC) is exhaustive.

“It is possible to enforce electronic contracts in which the signatures of two witnesses are absent, even though the hypothesis in question is not described by the legal provision”.

It is worth noting that in order for electronic contracts to have the same validity as contracts entered into physically, they must be validated by means of a digital certificate according to the standard required by the
Brazilian Public Key Infrastructure (ICP-Brazil)
.

The STJ also recognizes the inconvenience of requiring the signatures of two witnesses in the context of electronic contracts, whose greatest virtue “is to enable parties that are distant from each other to maintain contractual relations quickly and inexpensively.

So that the imposition of the requirements that are normally demanded by article 784, CPC, could lead to the invalidation of digital contracts, especially in the scope of commercial transactions.

Although there is no specific legislation regarding the requirement of witnesses when signing a digital contract, the position adopted by the STJ has been used as a basis to ensure the debureaucratization of contractual relations.

evalSign: an important tool in digital contract signing and validation

If you are looking for a fast, easy and secure way to sign documents and adopt an efficient digital workflow, evalSign is the perfect solution for you. The evalSign solution is more than just an electronic signature – it is a digital experience that makes signing documents simple and fast.

Offered by EVAL Technology, to optimize the process of electronically signing or collecting signatures from customers in different industries and company sizes, the evalSign solution is a complete solution for document approval workflows, advanced digital signatures, and document status tracking.

It allows you to electronically sign documents, anywhere and anytime, in a practical, secure, and dynamic way. Designed to quickly optimize the way companies deliver, review, approve, and sign their business documents. And since evalSign is a digital signature, you can be sure that your documents are safe and secure.

evalSign provides a fast and easy digital signature platform for sending, viewing, signing, and returning your electronic documents.

evalSign is the perfect solution for companies of all sizes

Whether you are a small business or a large corporation, evalSign can help you save time and money. In practice, there is no need to print out documents or make copies for each person.

And since evalSign is a digital signature, you can be sure that your documents are safe and secure.

In practice, the evalSign solution presents as practical benefits the management of large numbers of contracts and other documents:

1. improves document organization

By using the evalSign solution, you can organize your documents simply and quickly. You and your company have access to all your documents in one place – just log in to your account and you can access all your signed documents.

evalSign also offers the option of sharing signed documents with others, which makes document management even easier and faster.

2. Increases security in information exchange

With evalSign, you can be sure that your information is secure. This is because all documents are encrypted and stored on secure servers.

The solution offers the option of user authentication, which makes sharing documents even more secure and legally valid.

3. Optimizes processes

By using the evalSign solution, you can optimize your internal processes, and you can sign documents anywhere in the world, at any time – all you need is an Internet-enabled device.

You can create PDF documents and send them for signature with just a few clicks. This means that you no longer have to worry about sending paper documents for signature.

4. It is even more sustainable

By using the evalSign solution, you also contribute to a better world. This is because evalSign is a sustainable solution, which does not use paper or other materials to function.

In addition, the solution is fully digital, meaning no energy is wasted on printing and other paper-related activities.

5. Facilitates process management

By using evalSign, you also make it easier to manage your processes. With the solution you can monitor all signed documents in one place – just log in to your account to track the status of each document.

In addition, you can set up alerts so that you are notified as soon as a document is signed. This means that you don’t have to monitor processes manually.

6. It is a legally valid solution

By using the evalSign solution, you can also be sure that your signature is legally valid. This is because evalSign is ICP-Brasil certified, which means that its signature has the same legal validity as a conventional signature.

In practice, all documents are encrypted and stored on secure servers. This means that your subscription is protected against fraud and invasions of privacy.

For all these reasons, it is clear that evalSign is the ideal solution for companies of all sizes. With the solution, you can save time and money, and contribute to a better world. Try evalSign right now and see how your company can benefit!

If you are looking for a fast, easy and secure way to sign documents, evalSign is the perfect solution for you.

About Eval

EVAL has been developing projects in the financial, health, education and industry segments for over 18 years. Since 2004, we have offered Authentication, Electronic and Digital Signature and Data Protection solutions. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.

With value recognized by the market, EVAL’s solutions and services meet the highest regulatory standards of public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.

Categories
Data Protection

Personal health information: ensuring safety and security

Personal health information refers, in short, to demographic information, medical histories, test and lab results, mental health conditions, insurance information, and other data that a healthcare professional collects to identify an individual and determine appropriate care.

This same detailed information about our health is also a product. In addition to their use for patients and healthcare professionals, they are also valuable for clinical and scientific researchers when anonymized.

For hackers this data is a treasure trove. After all, this is personal patient information that could be stolen and sold elsewhere. What’s more, they can hijack the data via ransomware until the medical institution pays the ransom.

Medical institutions deal with personal health information and this can be a risk

As we have seen, by the nature of the sector, healthcare institutions deal with confidential patient data. This information includes date of birth, medical conditions and health insurance applications.

Whether in paper records or in an electronic record system, personal health information describes a patient’s medical history, thus including diseases, treatments and outcomes.

To give you an idea, from the first moments after birth, a baby today is likely to have their personal health information entered into an electronic health record system, including weight, length, body temperature and any complications during delivery.

Tracking this information over the course of a patient’s life provides the clinician with the context of the person’s health. This way it is better for the professional to make treatment decisions.

When properly recorded, personal health information can be stored without identifying features and added anonymously to large databases of patient information.

These de-identified data can contribute to population health management and value-based care programs.

However, there are cases where data security, protection and privacy measures are not applied. This puts health institutions, staff and especially patients at serious risk.

Cybersecurity threats in healthcare affect patients and institutions

As technology advances, healthcare professionals work to implement innovations to improve care, but cybersecurity threats continue to evolve as well.

Ransomware attacks ransomware and healthcare data breaches remain top concerns for healthcare entities and business partners of all sizes.

Ransomware is a good example of a major impact for the healthcare sector. It is considered high-risk, as healthcare organizations are tasked with caring for people. Thus, if certain information is locked or inaccessible, this care may be affected.

The responsibility for the protection of personal health information lies with all institutions and their business partners.

A situation that is sometimes misunderstood by health institutions is that privacy and security of health information do not always move together.

While privacy requires security measures, it is possible to have security restrictions that do not fully protect the private information of patients and caregivers.

Let’s think of an example: if a healthcare institution or a cloud provider shares encrypted medical data to an outpatient clinic, protection and privacy may be at risk.

After all, institutions need to enter into a partnership agreement that includes requirements for data security processes and policies. If this does not occur, the information shared is at high risk.

Despite the high risk, it is possible to protect your organization from cybercrime by securing patient information

Ransomware and other cybercrime attacks occur when a hacker gains access to an organization’s network. In the aftermath, files are encrypted or stolen.

In the specific case of ransomware, the files are inaccessible by the target until a ransom is paid.

To protect your organization from attacks like this and other cybercrimes targeting the healthcare industry, data protection experts recommend ten practices for securing health information:

1. Define clear data protection and privacy policies and processes

An important step in the protection and privacy of patient and caregiver health information is to clearly define data protection and privacy policies and processes.

This is the kick-off for all the other safety recommendations for the benefit of medical institutions.

2. Protect patient information in the workplace

Use access controls to ensure that patient health information is accessed only by authorized staff.

 
3. Conduct staff training on health data protection and privacy policies and processes

A protected health organization must train all members of its workforce on the policies and procedures regarding personal health information.

Training should be provided to each new professional within a reasonable period of time after the person joins the institution.

In addition, staff members should also be trained if their roles are affected by a material change in policies and procedures in the defined privacy and protection rules.

4. Procedures for disclosure or sharing of health information must be documented and authorized

A written authorization from the patient is required when a healthcare facility needs to share or disclose psychotherapy, substance abuse disorder, and treatment records, information, or notes.

5. Define secure health data storage and retrieval procedures

Data should be backed up periodically. Incidentally, it is also a best practice to regularly back up data via hardware such as flash drives and external hard drives, and then copy the data through the cloud while it is being modified.

This redundancy ensures that critical information is readily available. If possible, health institutions should have backups in multiple locations.

6. Firewalls are essential to ensure that protected information is not improperly destroyed

Properly using a firewall can help prevent your organization from falling victim to unauthorized access that could potentially compromise the confidentiality, integrity or availability of patient health information.

7. Health data recorded on paper should be protected

The concern for data protection and privacy also applies to the use of paper and other physical files. In addition to policies and procedures covering the physical security of documents, staff should be instructed to immediately report all incidents that may involve the loss or theft of such paper records.

8. Personal health information should never be left unattended

Extra care should be taken when patient records are temporarily transported to other health care institutions.

This information must be supervised and protected by responsible professionals during the journey, delivery and storage of personal health information.

9. Document and device encryption must protect medical data from cybercriminals

In short, devices and documents should be protected using encryption and digital signature when sharing between institutions and other healthcare professionals.

10. Keeping anti-virus and anti-malware software up to date is vitally important for personal health information

In addition, software updates and patches must be applied in a timely manner to keep networks and systems secure.

It is also worth remembering that common sense is always a good best practice. Employees should never share passwords. Default passwords should be changed immediately after assigning a new application. Finally, they should not be reused between different systems and should also be changed if they are compromised.

The ultimate goal is to achieve high levels of data security, protection and privacy, thus ensuring the integrity of the personal health information of patients and other caregivers.

About Eval

A EVAL está a mais de 18 anos desenvolvendo projetos nos segmentos financeiro, saúde, educação e indústria, Desde 2004, oferecemos soluções de Autenticação, Assinatura Eletrônica e Digital e Proteção de Dados. Atualmente, estamos presente nos principais bancos brasileiros, instituições de saúde, escolas e universidades, além de diferentes indústrias.

Com valor reconhecido pelo mercado, as soluções e serviços da EVAL atendem aos mais altos padrões regulatórios das organizações públicas e privadas, tais como o SBIS, ITI, PCI DSS, e a LGPD. Na prática, promovemos a segurança da informação e o compliance, o aumento da eficiência operacional das empresas, além da redução de custos.

Inove agora, lidere sempre: conheça as soluções e serviços da Eval e leve sua empresa para o próximo nível.

Eval, segurança é valor.

Categories
Digital Signature

What is the legal value of an electronic signature?

In the past, many people were reluctant to use electronic documents or signatures, questioning their legal validity and ability to use them as evidence in court cases or other legal contexts.

Here in this text the idea is to approach a little of what we have seen in these years, since the MP2200 that gave legal validity to electronic signatures. The idea in this article is a look at a technology company, so we will cover some signature models to help you in the process of defining a type of e-signature that fits well for every business in your institution.

Consulte o departamento jurídico

It is worth remembering that you should always consult with the legal department to find out what type of electronic signature should be used for each business in your organization.

Having made these initial considerations, let’s get to it. In most Western countries this reluctance to use electronic signatures is already unnecessary, as legislation has been updated to recognize electronic documents and signatures. In other words, it cannot be denied legal effect, enforceability, or admissibility as evidence in legal proceedings just because they are in electronic format.

To get an idea of the impact of electronic signatureIn the US the Electronic Signatures in Global and National Commerce Act, the Uniform Electronic Transactions Act, and other (state) laws also regulate in this regard.

Here in Brazil it could be no different. Through Provisional Measure No. 2200 of August 24, 2001, almost 19 years ago, which established the Brazilian Public Key Infrastructure, the ICP-Brasil, the authenticity, integrity, and legal validity of documents in electronic form, support applications, and enabled applications that use digital certificates, as well as secure electronic transactions were guaranteed.

Additionally, he also talks about other forms of electronic signatures without the need for digital certificates, which add value to the business, so it is important that the legal area of the institution validates which electronic signature model should be used in each case.

In addition, we have the Civil Code and the National Tax Code that also serve as the legal basis for the use of the electronic signature in electronic transactions.

E-signatures represent one of the biggest opportunities to start doing digital business

What is an electronic signature? This is a signature made electronically using information systems, in which there are several types, among the best known:

  • Digital Signature ICP-Brasil;
  • Digital Signature;
  • Electronic signature with third-party seal;
  • Behavioral e-signature;
  • Authenticated electronic signature;
  • Basic electronic signature;

Most of them seek to identify the author of the action, others furthermore seek the integrity of the data, and finally, the most secure one also seeks a mechanism that guarantees non-repudiation.

So we are sharing with you different types of existing subscriptions for you to learn about, helping you with the choice of the best alternative – be it your institution. Our goal is to explain and help, not to set absolute rules. Because there may be specific legislation, rules and/or standards for different specializations, performances, and documents to be signed.

Thus, this guide does not assume that it is necessary to choose only one type of signature in the institution; several types of signature can coexist in the same infrastructure, responding to different types of needs and documents, providing a secure and scalable way of digital transformation of the institution.

Conheça as vantagens da assinatura eletrônica para empresas brasileiras
 

Main Features

In order to reflect the same legal value as a handwritten signature, an online electronic signature must meet the following conditions:

  • The signer must have an associated identity;
  • The intention to sign is also another important question;
  • Integrity is important, so the document to be signed must be original, unalterable and uneditable;
  • Another important point is whether the signature system is auditable, whether it provides important information for future verification;

Anyway, there are other features that can be added and provide even more security, but this should be the basics.

Are electronic signatures legal everywhere?

The answer is that it depends on where you are doing business.

In 27 countries – including Brazil, China, the United States, Russia, Australia, Canada, and European Union countries – the electronic signature is legally binding. Besides believing in the security of electronic signatures, it is essential that you research the laws and the weight of digital or electronic signatures in the country you are in.

If you live in a country that has not yet passed legislation, you can of course fall into a gray area of the law and your electronic signature will be accepted in many if not most contracts, however, it may not be legally binding in court.

So, which electronic documents are really valid?

In short, any electronic version should be considered equal to its equivalent version, ensuring that it meets the functional characteristics of the formal requirements of the applicable law.

Only in specific situations should an explicit paper document be used, for example to buy real estate in most countries you will need to go to a notary or legal representative for an action.

Fortunately, in most personal or business situations, the format of the document is the individual’s choice, even to the extent of a contract written on a napkin, if desired!

Examples of electronic signatures:

Basically there are different types of documents to be signed electronically:

  • Internal Authorizations,
  • E-mails,
  • Commercial contracts,
  • Contracts with suppliers,
  • NDA;
  • Internal memos,
  • HR Processes,
  • Purchase orders.

In short, all processes, forms, contracts that need a signature can use the electronic signature, as long as they do not have legislation mandating the use of handwritten signatures. Finally, it is necessary to pay attention to whether the type of document to be signed has specific legislation for the case. So always consult the legal department.

In addition, there are different file formats for signed documents, including:

  • Word format,
  • PDF,
  • XML,
  • Image formats, like JPG or PNG for example.

The most common file format is PDF, because it is easy to view and there is already a culture of it being a format that does not change. So you can have a prior negotiation of what is going to be signed, and then when everyone is in agreement, the PDF is generated with the content to be signed.

The electronic signature is already a reality

In a survey done by EVAL at CIAB 2019, 92% of decision makers said they use electronic signatures. No wonder that most of today’s transactions can already be signed electronically.

Think of the plethora of online documents formed with the click of an “I Accept” button, or with a name typed at the end of a reply e-mail, or authenticating the user, as well as obtaining a behavioral electronic signature, or even a digital signature.

The latter, the ICP-Brasil digital signature, is always compared to the notary-authenticated handwritten signature, so if you have documents that require notary authentication this may be the recommended electronic signature model. But remember, always consult the legal department to know the best electronic signature model to be used for each business of your institution.

About Eval

A EVAL está a mais de 18 anos desenvolvendo projetos nos segmentos financeiro, saúde, educação e indústria, Desde 2004, oferecemos soluções de Autenticação, Assinatura Eletrônica e Digital e Proteção de Dados. Atualmente, estamos presente nos principais bancos brasileiros, instituições de saúde, escolas e universidades, além de diferentes indústrias.

Com valor reconhecido pelo mercado, as soluções e serviços da EVAL atendem aos mais altos padrões regulatórios das organizações públicas e privadas, tais como o SBIS, ITI, PCI DSS, e a LGPD. Na prática, promovemos a segurança da informação e o compliance, o aumento da eficiência operacional das empresas, além da redução de custos.

Inove agora, lidere sempre: conheça as soluções e serviços da Eval e leve sua empresa para o próximo nível.

Eval, segurança é valor.

Categories
Digital Signature

Learn how the Digital Signature works

Don’t confuse it with a digital certificate! This is the first step in learning how the digital signature works. It serves to validate the authenticity and integrity of a message, software, or electronic document.

Equivalent to a handwritten signature or stamped seal, the digital signature offers security and authenticity in electronic form. It is aimed at solving problems such as tampering and representation in digital communications.

If you still have doubts about the efficiency of the digital signature in your business, check out this post and clear up any doubts about how it works and the advantages of adopting this feature in your company.

The strategic value of digital signature for companies

For enterprises these solutions provide guarantees of evidence of origin, identity, and status of electronic documents, transactions, or messages. In addition, it also guarantees recognition and authenticity of what has been digitally signed.

To get an idea of the efficiency of digital signatures in companies, we can look at the United States. After all, there digital signatures have the same legal significance as more traditional forms of signed documents.

The U.S. Government Printing Office regularly publishes electronic versions of the budget, public and private laws, and congressional bills with digital signatures.

What’s behind the digital signature

Basically, digital signatures use public key or asymmetric cryptography to be created. A public key cryptography involves a pair of keys: one public and one private.

The two keys are mathematically related. The public key, as the name implies, is open and available to anyone who wants to access it. It can, for example, be stored on a public key server.

On the other hand, the private key is kept in a secure company environment, it will never be transmitted publicly. The sender of an electronic document uses his private key to encrypt that document, this is the digital signature.

Finally, the receiver then decrypts the signature with the public key to verify that it matches the attachment. In addition, the private keys are unique to each user, providing verified authenticity to the sender’s message.

Only the sender’s private key can be used to create the digital signature. The corresponding public key is used to confirm this signature, for which the digital certificate is used.

The use of digital signature optimizes investments and increases productivity

A digital signature can be used with any type of message, whether it is encrypted or not. It is used so that the recipient can be sure of the sender’s identity and that the message has arrived intact.

In this way digital signatures make it difficult for the “signer” to deny having signed something (non-repudiation). After all, the digital signature is unique for both the document and the signer.

The digital certificate contains the digital signature of the certificate issuing authority and binds a public key to an identity, and can be used to verify that a public key belongs to a specific person or entity.

Most e-mail programs, Internet browsers, and text readers, such as Adobe Reader, support the use of digital signature and digital certificate. This makes it easy to sign any outgoing email and validate incoming messages, or other types of digitally signed files.

Digital signatures are also widely used to provide proof of authenticity, data integrity, and non-repudiation of communications and transactions over the Internet.

 6 benefícios mais importantes da assinatura digital
 

You can reduce costs with digital signature

By migrating their business processes to digital media, companies reduce paper consumption and the costs associated with printing and transporting documents. This strategy allows, for example, to direct what has been saved to strategic sectors of the organization.

And even increase productivity

Besides optimizing investments in the core business, reducing printing costs and using digital media for process automation also increases productivity.

Organizations and their employees no longer perform manual processes and can focus on core activities without having to stop their tasks to print documents or take them to different departments, i.e., it is possible with digital signature to achieve strategic gains throughout the company.

Can any company use a digital signature?

Finally you may be wondering if any firm or organization can get a digital signature. How is it obtained? Is it worth investing in?

To answer this question, it is enough to review the concepts that we saw at the very beginning of the article. In other words, when a user creates a document, he signs it with a unique digital signature and sends it to the recipient.

If the sender’s signature uses a recognized certification authority, in Brazil’s case those that are homologated by the ITI, within ICP-Brazil, the recipient will trust the certification authority to confirm the identity of the publisher. In this way it authenticates the message and provides non-repudiation.

So yes, any person, company, agency, etc. can and should get a digital signature. Moreover, it is a matter of strategic company security. In addition, there are several companies, known as certification authorities (CA), which manage the issue of digital certificates and are approved by the ITI.

As you may have seen, companies can only gain by adopting digital signatures in their business processes.

In the midst of the Digital Transformation era, adopting this technology means that the company as a whole, suppliers, and customers can benefit from strategic efficiency in relation to the sale of products and services.

If you still have any questions about the subject, contact EVAL right now. Our experts are ready to help you overcome your difficulties and start your digital signature adoption project.

About Eval

A EVAL está a mais de 18 anos desenvolvendo projetos nos segmentos financeiro, saúde, educação e indústria, Desde 2004, oferecemos soluções de Autenticação, Assinatura Eletrônica e Digital e Proteção de Dados. Atualmente, estamos presente nos principais bancos brasileiros, instituições de saúde, escolas e universidades, além de diferentes indústrias.

Com valor reconhecido pelo mercado, as soluções e serviços da EVAL atendem aos mais altos padrões regulatórios das organizações públicas e privadas, tais como o SBIS, ITI, PCI DSS, e a LGPD. Na prática, promovemos a segurança da informação e o compliance, o aumento da eficiência operacional das empresas, além da redução de custos.

Inove agora, lidere sempre: conheça as soluções e serviços da Eval e leve sua empresa para o próximo nível.

Eval, segurança é valor.

Categories
Data Protection

Information Integrity Can Be a Challenge

Business process management and automation are two factors that are leading companies to use digital documents more and more. This strategy also results in reduced costs and increased productivity. However, concerns about the integrity of the information have generated major doubts and insecurity for managers.

Digital documents are one of the main strategies adopted to improve business processes. They are also present in optimizing the use of companies’ investments and IT infrastructure in the production process.

One example of this strong trend is print outsourcing. He recommends assessing which documents should be printed and which can be kept digitally.

As well as cutting costs, digital documents make workflows more efficient and help businesses evolve. Despite the benefits, many doubts have arisen and need to be clarified in order to effectively adopt this strategy.

Digital document processing has benefited companies, but there are many doubts

This is very reminiscent of when cloud computing first appeared. After all, at the time many companies showed good results in terms of cost reduction and increased productivity. However, others had many doubts and therefore postponed using the technology.

And the migration of documents to digital media is no different. Similar to what happened with the cloud, the possible problems with information integrity have led to a number of questions:

  • Will my stored document not be modified?

  • When I consult a document, has it not changed since I read it?

  • Who can guarantee that an approved document hasn’t been manipulated?

  • Who is responsible for the integrity of the information?

  • Who solves the problems with information integrity?

So realize that these are pertinent questions that can have an impact on your business. Especially when issues such as corporate governance, data security and compliance are increasingly demanded by companies in audits and regulatory requirements.

All these doubts and regulatory requirements converge around a common point: the integrity of information.

Who will be responsible for resolving problems with information integrity?

When it comes to IT, you can’t think of a single person responsible for the integrity of digital documents.

Technology and innovation must be used to define an efficient control process, with results that guarantee data security.

Improving business processes should be part of any company’s strategic planning, regardless of size or segment.

Therefore, adopting methodologies that can implement efficient and automated workflows for the digital environment is the best way forward.

In addition, associated with methods that map business processes, such as BPM(Business Process Management), where the main business operations are evaluated, problem areas are located and the company’s workflow is adjusted, the authenticity of the information must be prioritized.

In addition, the best way to eliminate information integrity and authenticity problems is to use a digital signature solution.

This way you can guarantee the accuracy of the data. It is still possible to retrieve a digital document in the future and be sure that it has not been altered irregularly.

Digital signature solves problems with the integrity of information in the digital environment

When digitally signing a document, a hash is used. This guarantees the user that the file has not been altered

In addition, other mechanisms are applied to the digital signature to help verify and validate the document. Adding a record of the date and time of the signature, for example, guarantees that the document was signed by a specific person or company at that time.

In addition, the time instant of a reliable service can be obtained so that it has this guarantee.

6 most important benefits of digital signatures

To better understand the use of digital signatures, we can compare them to the process of signing a document in one’s own hand. We even have an article here on our blog that explains this analogy in more detail, but in a nutshell we can say that:

  1. The person sends you a document with certain content and a handwritten signature.
  2. The first property that can be checked is the integrity of the document. You can do this by looking for erasures or changes in the document.
  3. The second property to be checked is subscriber authentication. This verification is done by comparing the signature on the document with a reference signature of the person.

The concept of irretractability can also be used to verify the authenticity of the document. However, our aim is to draw a simple analogy between digital and handwritten signatures.

That’s why digital signatures pursue the same goal as traditional signatures. By digitally signing a document, it is possible – through technological resources – to verify its integrity and authenticity. This also reduces the possibility of problems with information integrity.

Integrity of a digital document

In short, in order to guarantee the integrity of a digital document in terms of its content, it is checked whether the set of data of which it is composed remains in its original content or in the form that was approved.

To do this, the technology used in digital signatures makes use of two technologies: a cryptographic summary function, which calculates all the bytes in the document to generate a value, determined as a cryptographic summary, and private key cryptography.

Therefore, this integrity code will always be used when it is necessary to verify the integrity of this electronic document. This makes it possible to check whether the document has any differences from the original and encryption guarantees the authenticity of this value.

Authenticity of a digital signature

If the content is guaranteed to be valid in the version presented, the authenticity of the signature used must be legitimized. Unlike the traditional way, we will once again use technology to guarantee what has been signed.

To do this, encryption keys are usually used to verify the authenticity of the signature, thus eliminating the possibility of any problems with the integrity of the information.

It is also worth highlighting the importance of digital signatures in authentication processes. Implementing digital technologies associated with information security policies is the first step towards reducing the risk of incidents, guaranteeing confidentiality and avoiding problems with the integrity of information about clients, employees, suppliers and the company itself.

Finally, the use of the digital environment is a reality, especially at the moment – an intense period of digital transformation with an impact on companies and customers.

To find out more about digital signatures and keep up to date with Eval’s latest news and technologies, subscribe to our newsletter and keep following us on our Linkedin profile.

About Eval

EVAL has been developing projects in the financial, health, education, and industry segments for over 18 years. Since 2004, we have offered solutions for Authentication, Electronic and Digital Signature, and Data Protection. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.

With value recognized by the market, EVAL’s solutions and services meet the highest regulatory standards of public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.