Interoperability and Security: Design and Development of a Clinical Documents Repository Digitally Signed using CDA standard. Fernán González Bernaldo de Quirós, Adrián Gómez, Fernando Campos, Jorge Severino, Fernando Plazzotta, Daniel R. Luna Medical Informatics Department, Hospital Italiano of Buenos Aires, Argentina. Abstract The amount of institutions with hospital information systems has increased. With the different technologies and standards available, it is possible to satisfy many information exchange needs, considering that in shared settings, sensible documentation is required of a special treatment. HL7’s CDA is a marked-up document standard, which specifies the structure and the semantics of a clinical document. Digital Signature is a tool that guarantees the authorship and integrity of electronic documents. The Hospital Italiano of Buenos Aires, has developed and implemented a CDA documents repository along with the creation of its own PKI infrastructure, storing the private and public keys and the digital certificate, in a E- Token. Obtaining then a trustworthy and unique registry of the medical acts, making possible the access to documents in a format that allows full legibility, also making possible the process and later inclusion of this information in other systems or applications, guaranteeing its authorship and integrity. These documents can be visualized in any web browser. Keywords: Medical Records Systems, Computerized; Computer Security; Standards; Electronic Documents; Digital Signature. Introduction The growth of hospital information systems, the information exchange needs and the proliferation of technologies implemented on the Internet, allowed that medical documents can be shared and exchanged between organizations, hospitals and healthcare providers [1]. This made possible the development of protocols and methods to assure medical information exchange in standard format, increasing the possibilities of achieving semantic and syntactic interoperability. One of the main standards families in health information systems setting is Health Level Seven (HL7), an organization accredited in the American National Standards Institute (ANSI) whose mission is the development of communication protocols and medical information exchange [2]. CDA stands for Clinical Documents Architecture and is markup standard, which specifies the structure and the semantics of a clinical document. The present version is 2.0 and is part of version 3 of HL7 standard and describes its semantic content in the Reference Information Model (RIM) [3]. On the other hand, paper documents have traditionally guaranteed its authorship and integrity by handwritten signature. That way it's certified that he is the single person in charge of what is written in the document. Furthermore, the signature is written at the end of the document to prove that what is authenticated has not been modified, signing at a later stage each modification or later writing made in the document. Medical setting works by this same modality, when the physician records in paper he/she signs at the end of the chart. Each later registry must be signed, and this single handwritten signature indicates the authorship and responsibility of any modification made from the previous signature. Digitalization of documents and transactions have contributed with great comfort to present life, improving the processes and keeping distances from preventing the accomplishment of proceedings and operations. Nevertheless, this lead to the impossibility of physically signing these documents, like was traditionally made. The use of simple electronic signatures, like “username and password”, does not fulfill all the requirements needed to replace the hand written signature in all the possible uses. Digital signature is a technological tool that guarantees the authorship and integrity of digital documents, giving them the same validity of those signed in paper. Using mathematical processes it relates the signed document with information from the signatory person, allowing other parts to recognize the signer identity, assuring that the contents have not been modified. In the present work we will describe the design, development and implementation process of a digitally signed clinical documents repository, created from an electronic health record, using CDA standard and the asymmetric key infrastructure (PKI - Public Key Infrastructure). Medinfo 2007