OFFICIAL
Data Integrity Group
Agenda Item 8: Digital signature error monitoring
The My Health Record System Management team within the Agency is in the process of analysing the
information captured and notifying clinical information system vendors of the issue so it can be resolved.
This is just one example of what is possible to achieve proactive data quality surveillance of the production
data.
BACKGROUND
On 8 March 2016, Microsoft released a security patch which caused an unintended impact to the My Health
Record system. This update exposed an issue in the way many clinical information systems created digital
signatures preventing the clinical information system from uploading clinical documents to the My Health
Record system. The issue can also affect the ability of clinical information systems to display clinical
documents.
Vendors were then advised of the issue and how to resolve it, however many healthcare providers are still
using clinical information systems with the issue rather than the corrected versions created by vendors.
All clinical documents in the My Health Record system are created with a digital signature for security
purposes. This signature generally contains an identifier starting with a randomly generated hexadecimal
character which is an alphanumeric character that is either numeric or one of the letters A to F. That means
the signature identifier commenced with a numeric character 10/16 (62.5%) of the time and commenced
with a letter 6/16 (37.5%) of the time. Under international standards, a digital signature identifier is not
allowed to start with a numeric character. A digital signature which starts with a numeric character had no
impact on the My Health Record System until Microsoft issued the security patch which resulted in these
signatures causing a Windows operating system error.
The detectability of this error depended on the clinical information system and the implementation of error
reporting. Some clinical information systems did not display an obvious error message. Therefore, some
healthcare provider end-users may still be using clinical information software with this issue and not be
aware. Since this issue first manifested on 8 March 2016, many but not all clinical information systems were
modified to avoid creating a digital signature identifier which starts with a numeric character.
The new My Health Record monitoring facility records the digital signature identifier which can be used to
identify any clinical information systems only uploading documents starting with a letter, hence identifying
where those starting with a numeric character are failing.
FINANCIAL IMPLICATION
No financial impact identified
LEVEL OF RISK
This new monitoring capability is contributing to the risk mitigation for My Health Record document upload
failures.
PRIORITY AREA OR STRATEGIC INITIATIVE
My Health Record, Interoperability and Data Quality
s.22
Page 2 of 3
Meeting date: 18 December 2018
OFFICIAL
OFFICIAL
Data Integrity Group
Agenda Item 8: Digital signature error monitoring
s.22
Meeting date: 18 December 2018
Page 3 of 3
OFFICIAL
Briefing Paper: New My Health Record logging facility
Record system. The issue can also affect the ability of clinical information systems to display clinical
documents.
Vendors were then advised of the issue and how to resolve it, however many healthcare providers are still
using clinical information systems with the issue rather than the corrected versions created by vendors.
All clinical documents in the My Health Record system are created with a digital signature for security
purposes. This signature generally contains an identifier starting with a randomly generated hexadecimal
character which is an alphanumeric character that is either numeric or one of the letters A to F. That means
the signature identifier commenced with a numeric character 10/16 (62.5%) of the time and commenced
with a letter 6/16 (37.5%) of the time. Under international standards1, a digital signature identifier is not
allowed to start with a numeric character. A digital signature which starts with a numeric character had no
impact on the My Health Record System until Microsoft issued the security patch which resulted in these
signatures causing a Windows operating system error.
The detectability of this error depended on the clinical information system and the implementation of error
reporting. Some clinical information systems did not display an obvious error message. Therefore, some
healthcare provider end-users may still be using clinical information software with this issue and not be
aware. Since this issue first manifested on 8 March 2016, many but not all clinical information systems were
modified to avoid creating a digital signature identifier which starts with a numeric character.
The new My Health Record logging facility records the digital signature identifier which can be used to
identify any clinical information systems only uploading documents starting with an alpha character, hence
identifying where those starting with a numeric character are failing.
1 XML Signature Syntax and Processing
2 of 2
Briefing Paper: New My Health Record logging facility
Record system. The issue can also affect the ability of clinical information systems to display clinical
documents.
Vendors were then advised of the issue and how to resolve it, however many healthcare providers are still
using clinical information systems with the issue rather than the corrected versions created by vendors.
All clinical documents in the My Health Record system are created with a digital signature for security
purposes. This signature generally contains an identifier starting with a randomly generated alphanumeric
character. Under international standards
1, a digital signature identifier is not allowed to start with a
numeric character. A digital signature which starts with a numeric character had no impact on the My
Health Record System until Microsoft issued the security patch which resulted these signatures causing a
Windows operating system error.
The detectability of this error depended on the clinical information system and the implementation of error
reporting. Some clinical information systems did not display an obvious error message. Therefore, some
healthcare provider end-users may still be using clinical information software with this issue and not be
aware. Since this issue first manifested on 8 March 2016, many but not all clinical information systems were
modified to avoid creating a digital signature identifier which starts with a numeric character.
The new My Health Record logging facility records the digital signature identifier which can be used to
identify any clinical information systems only uploading documents starting with an alpha character, hence
identifying where those starting with a numeric character are failing.
1 XML Signature Syntax and Processing
2 of 2
UNCLASSIFIED
Aus tra lian Digital Health Agency
Bri efing Paper: Cl inical document upload failures
3. Create a
digital signature
4. Upload a clinical document
5. Re-upload a clinical document (if the upload failed)
s.47C(1)(a), s.47E(d)
Manage consent
The My Health Record consent model is based on
standing consent in order to maximise the flow of clinical
information from clinical information systems to the My Health Record system. A consumer and their
healthcare provider are allowed to decide to not upload clinical documents despite standing consent.
s.47C(1)(a), s.47E(d)
s.47C(1)(a), s.47E(d)
s.47C(1)(a), s.47E(d)
s.47C(1)(a), s.47E(d)
s.22
2 of 7
UNCLASSIFIED
UNCLASSIFIED
Aus tra lian Digital Health Agency
Bri efing Paper: Cl inical document upload failures
s.22, s.47C(1)(a), s.47E(d)
s.22, s.47C(1)(a), s.47E(d)
s.22, s.47C(1)(a), s.47E(d)
s.22, s.47C(1)(a), s.47E(d)
s.47C(1)(a), s.47E(d), s.22
3 of 7
UNCLASSIFIED
UNCLASSIFIED
Aus tra lian Digital Health Agency
Bri efing Paper: Cl inical document upload failures
s.47C(1)(a), s.47E(d)
s.47C(1)(a), s.47E(d)
Create a digital signature
Malformed reference element issue: When a clinical document is created, the next step is to create the
digital signature using software libraries provided by the computer operating system. In 2016, it was found
that almost all clinical information systems were creating the digital signature incorrectly, resulting in a part
of the digital signature being malformed. This had no impact until Microsoft issued a Windows security
patch on the 8 March 2016. The patch resulted in the Windows operating system reporting an error when
the software library was not used correctly. s.47C(1)(a), s.47E(d)
s.47C(1)(a), s.47E(d)
4 of 7
UNCLASSIFIED
UNCLASSIFIED
Aus tra lian Digital Health Agency
Bri efing Paper: Cl inical document upload failures
s.47C(1)(a), s.47E(d), s.22
s.47C(1)(a), s.47E(d), s.22
s.47C(1)(a), s.47E(d)
s.22
5 of 7
UNCLASSIFIED
UNCLASSIFIED
Aus tra lian Digital Health Agency
Bri efing Paper: Cl inical document upload failures
s.47C(1)(a), s.47E(d)
s.47C(1)(a), s.47E(d)
s.47C(1)(a), s.47E(d)
s.47E(d)
6 of 7
UNCLASSIFIED
UNCLASSIFIED
Aus tra lian Digital Health Agency
Bri efing Paper: Cl inical document upload failures
s.47E(d)
A
digital certificate, also known as a public key certificate, is an electronic document used
establish trust between two software systems such as a clinical information system and the HI
Service, or a clinical information system and the My Health Record system.
A
digital signature is an XML file containing a digital certificate and information about the date
when a clinical document was digitally signed.
HIPS is a product provided by the Agency for use by hospitals, and pathology and diagnostic
imaging laboratories, to help them modify their clinical and laboratory information systems to
access digital health infrastructure, including the HI Service and My Health Record system.
Persistence is the state where a clinical document has been accepted into the My Health Record
system, i.e. the clinical document was not rejected.
Standing consent means that, because a consumer has a My Health Record, clinical documents
for that consumer may be uploaded to the My Health Record system without needing any further
agreement from the consumer. A consumer is allowed to explicitly withdraw consent.
A My Health Record
template package is a collection of instructions applied by the My Health
Record system to perform a partial check of the conformance of a clinical document. Anything
reported by a template package is treated as an error with the clinical document.
s.47E(d), s.47C(1)(a)
s.47E(d), s.47C(1)(a)
7 of 7
UNCLASSIFIED