AGENCY:

Nuclear Regulatory Commission.

ACTION:

Request for comment.

SUMMARY:

On February 17, 2009, President Obama signed the American Recovery and Reinvestment Act, and on March 23, 2010, he signed the Patient Protection and Affordable Care Act. Both statutes require a transition to the use of electronic medical records by 2014. The U.S. Nuclear Regulatory Commission (NRC) is seeking public comment on specific issues related to the use of electronic signatures on these documents and is seeking to receive feedback from stakeholders on additional concerns that may be raised by this practice.

DATES:

Comments on the notice should be submitted by February 17, 2011. Comments received after this date will be considered, if it is practical to do so, but the NRC is able to assure consideration only for comments received on or before this date.

ADDRESSES:

You may submit comments by any one of the following methods. Please include Docket ID NRC-2010-0330 in the subject line of your comments. Comments submitted in writing or in electronic form will be posted on the NRC Web site and on the Federal rulemaking Web site Regulations.gov. Because your comments will not be edited to remove any identifying or contact information, the NRC cautions you against including any information in your submission that you do not want to be publicly disclosed.

The NRC requests that any party soliciting or aggregating comments received from other persons for submission to the NRC inform those persons that the NRC will not edit their comments to remove any identifying or contact information, and therefore, they should not include any information in their comments that they do not want publicly disclosed.

Federal Rulemaking Web site: Go to http://www.regulations.gov and search for documents filed under Docket ID NRC-2010-0330. Address questions about NRC dockets to Carol Gallagher 301-492-3668; e-mail Carol.Gallagher@nrc.gov.

Mail comments to: Cindy Bladey, Chief, Rules, Announcements and Directives Branch (RADB), Division of Administrative Services, Office of Administration, Mail Stop: TWB-05-B01M, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, or by fax to RADB at 301-492-3446.

You can access publicly available documents related to this notice using the following methods:

NRC's Public Document Room (PDR): The public may examine and have publicly available documents copied for a fee at the NRC's PDR, Room O1 F21, One White Flint North, 11555 Rockville Pike, Rockville, Maryland.

NRC's Agencywide Documents Access and Management System (ADAMS): Publicly available documents created or received at the NRC are available electronically at the NRC's Electronic Reading Room at http://www.nrc.gov/​reading-rm/​adams.html. From this page, the public can gain entry into ADAMS, which provides text and image files of NRC's public documents. If you do not have access to ADAMS or if there are problems in accessing the documents located in ADAMS, contact the NRC's PDR reference staff at 1-800-397-4209, 301-415-4737, or by e-mail to pdr.resource@nrc.gov.

FOR FURTHER INFORMATION CONTACT:

Ashley Cockerham, Office of Federal and State Materials and Environmental Management Programs, telephone 240-888-7129, e-mail, ashley.cockerham@nrc.gov.

SUPPLEMENTARY INFORMATION:

I. Background

In connection with the American Recovery and Reinvestment Act and the Patient Protection and Affordable Care Act, the NRC is soliciting early public input on issues associated with the use of electronic signatures on documents related to the medical use of byproduct material that are not submitted to the NRC but are maintained and inspected at the licensee's facility (i.e., written directives required by 10 Code of Federal Regulations (CFR) 35.40 and records for inspection required by 10 CFR part 35 subpart L). For medical use licensees, 10 CFR 35.5 permits the use of electronic media to produce and store records that are maintained and inspected at the licensee's site. NRC is aware that many medical licensees already develop and store certain documents in electronic form and may use electronic signatures for electronic documents that require signatures by specific individuals.Start Printed Page 64750

NRC believes that electronic signatures should serve the same function as written signatures. They should uniquely identify the individual (the electronic equivalent of biometric information), provide authentication and non-repudiation, and assure data integrity. The individual providing the signature should know he/she is signing the document, and the signature process should be concise enough to assure the individual initiating the process is the same person concluding the process. An inspector must be able to see an electronic audit of the document and electronic signature process to assure the completeness and accuracy of the document. Licensees, certificate holders or other regulated individuals may use digital certificates for digitally signing electronic documents, but NRC will accept other means of obtaining the performance criteria described.

The NRC is conducting enhanced public participatory activities to solicit early and active public input on major issues associated with electronic signatures on written directives. As a first step, the NRC has prepared an issues paper which describes issues related to electronic signatures on written directives required by 10 CFR 35.40. The intent of this paper is to solicit input regarding these issues. The issues paper is contained in Section III of this document. The NRC will use its rulemaking Web site to make the issues paper available to the public and to solicit public comments.

II. Request for Comments and Plans for Public Meetings

The NRC is soliciting comments on the items presented in the issues paper in Section III of this document as well as soliciting input on any additional potential concerns that stakeholders may have with the use of electronic signatures on documents related to the medical use of byproduct material which are maintained at the licensee's facility (e.g., concerns with electronic storage; identification; reliability of this practice). Comments may be submitted as indicated under the ADDRESSES heading in this document. In addition to providing an opportunity for written comments, the NRC is considering holding facilitated public meetings to discuss this issue. If NRC staff determines that public meetings are necessary to allow for additional stakeholder feedback, these meetings will be announced in the Federal Register on a future date. The issues paper in Section III of this document provides background and topics of discussion on the major issues that would be the subject of the potential public meetings. The written public comment period will extend until after the last public meeting is held.

The Commission believes that stakeholders' comments will help to determine the potential impact of these proposed changes and will assist the NRC in developing a risk-informed, preferred option for acceptable forms of electronic signatures for those documents that must be retained for inspection in accordance with current NRC regulations. Staff will consider future actions based on the comments received in response to this document.

III. Issues Paper on the Use of Electronic Signatures for Written Directives

Introduction

Section A of this Issues Paper describes some general considerations regarding the use of electronic signatures at NRC-licensed medical use facilities. Section B of the paper discusses the major issues that need to be addressed before commencing any regulatory activities related to the use of electronic signatures.

A. Background

On February 17, 2009, President Obama signed the American Recovery and Reinvestment Act, and on March 23, 2010, he signed the Patient Protection and Affordable Care Act. Both Acts require a transition to the use of electronic medical records by 2014. Many medical facilities have already started the transition from paper records to electronic systems or are currently using electronic systems exclusively. NRC is seeking comments on acceptable forms of electronic signatures for documents that must be retained for inspection in accordance with current NRC regulations (i.e. 10 CFR 35.40 and 10 CFR part 35 subpart L).

10 CFR 35.5 permits medical use licensees to store required records in electronic media provided the electronic media has the capability for producing legible, accurate, and complete records during the required retention period. Also, records such as letters, drawings, and specifications stored in electronic media must include all pertinent information such as stamps, initials, and signatures. Licensees must maintain adequate safeguards against tampering with and loss of records. The information that is required in each record is described in other sections of the regulations.

Because the system that generates the electronic document must have functions that provide a legible document for the records retention period, the document must be readable in the future, even if the technology used to develop the document becomes outdated. Because the record must be complete for the records retention period, any electronic attachments, figures, drawings, stamps, signatures, etc., that are required to be part of the record must electronically be part of the record and remain part of the record. Because the record must be accurate for the records retention period, there must be a means of verifying the date of finalized electronic attachments, figures, drawings, stamps, signatures, etc., that are required to be part of the electronic record, the date the record itself was finalized, the date the electronic signature was affixed. There must also be a means of identifying the individual who affixed the signature and a method of verifying version control to identify dates of subsequent changes to the final record along with the names of individuals who have made these changes.

Because these electronic documents are internal licensee records that are not submitted to the agency, the criteria for electronic submissions described in NRC's Electronic Submittals Web site at http://www.nrc.gov/​site-help/​e-submittals.html do not apply. The Web site addresses the use of digital certificates for digitally signing electronic submissions pertaining to licensing actions, associated hearings, and other regulatory matters. With regard to electronic signatures on internal licensee records, licensees may chose to use digital certificates and digital signatures to affix electronic signatures to electronic records; however, they are not required to do so.

The NRC understands that there is no single accepted national standard for electronic signatures; however, several principles have been considered by NRC staff. Generally, when signing a paper document, the individual knows he/she is signing it, the physical signature provides biometric information that can be used to identify the person and provide the basis for authentication and non-repudiation. Generally, signing a completed document also functions to confirm the integrity of the document and prevent changes that would compromise “data integrity” in its broadest meaning.

The processes used to generate an electronic document and individual's electronic signature should satisfy the same functions provided by a written signature on a paper document. They should uniquely identify the individual (the electronic equivalent of biometric information), provide authentication and non-repudiation, and assure data Start Printed Page 64751integrity. The individual providing the signature should know that he/she is signing the document, and the signature process should be concise enough to assure that the individual initiating the process is the same person concluding the process. Systems that produce electronic records should have provisions that inform individuals electronically signing the document that they are entering their signatures. This process should be separate from the act of opening the document because most records required by NRC are produced by other individuals and may be produced and revised over an unspecified time.

The signature process should be such that it is uniquely tied to the individual whose signature is required and the period that the signature process is open should be short enough to assure that the individual starting the process is the individual completing the process. If the signature is required to demonstrate review of specific information, then completion of the electronic signature should also block alteration of that information. Subsequent changes to the information should require a new electronic signature and not overwrite previous versions of the signed document. If the document must be dated and signed to meet the regulations, the electronic signature process should also affix the date and time to each electronic signature.

Because these electronic records are kept at the facility and not sent to the NRC they have to be electronically inspected at the facility. Printing an electronic record with an electronic signature would not constitute a complete and accurate record because critical electronic information associated with the electronic record would not be available for inspection.

B. Issues for Discussion

The following is a listing of issues regarding the use of electronic signatures on documents related to the medical use of byproduct material. Each issue is followed by one or more questions about existing practices related to standards, authentication, non-repudiation, data integrity, records inspection, and improvements to software. The questions listed below are not meant to be a complete or final list of issues to be considered but are provided to initiate comments. Stakeholders are requested to comment on and recommend additions, deletions, or modifications to the issues listed below; and propose considerations for implementation of electronic signatures regarding each issue, as appropriate. These issues, and other relevant and substantial issues identified by commenters, will serve as the basis of discussion at the public meetings, if these meetings are scheduled in the future. Public feedback will also be used in developing options for implementation.

Issue No. 1—Standards

Q1.1 What standards for electronic signatures in medical records are in use or under development?

Q1.2 How do these standards address the principles of authentication, non-repudiation, data integrity, and access for inspection, as described in Issues No. 2 through 5, below?

Q1.3 Do these standards consider any additional key principles?

Issue No. 2—Authentication

Q2.1 For software applications currently in use, how does the licensee assure that the signature process is uniquely tied to the individual whose signature is required?

Issue No. 3—Non-Repudiation

Q3.1 For software applications currently in use, what provisions does the licensee use to inform persons electronically signing documents that they are entering their signature?

Issue No. 4—Data Integrity

Q4.1 For software applications currently in use, how does the licensee assure that the document being electronically signed cannot be changed after it is signed?

Q4.2 For software applications currently in use, how does the licensee assure that subsequent changes to the electronically signed document require a new electronic signature and cannot overwrite previous versions of the signed document?

Q4.3 For software applications currently in use, how does the licensee assure that the electronic signature process affixes the date and time to each electronic signature?

Issue No. 5—Records Inspection

Q5.1 For software applications currently in use, how does the licensee assure that electronically signed documents and all revisions to the electronically signed documents are accessible for inspection?

Q5.2 For software applications currently in use, how does the licensee assure that electronically signed documents and all revisions to the electronically signed documents are retained for 3 years?

Issue No. 6—Need for Improvements to Current Commercially-Available Software Applications

Q6.1 Are any improvements needed for current commercially-available software applications to adequately meet existing standards and principles?