[Federal Register Volume 75, Number 202 (Wednesday, October 20, 2010)]
[Notices]
[Pages 64749-64751]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2010-26391]
-----------------------------------------------------------------------
NUCLEAR REGULATORY COMMISSION
[NRC-2010-0330]
Request for Comments on the Use of Electronic Signatures for NRC
Documents Related to the Medical Use of Byproduct Material Maintained
at Licensees' Facilities
AGENCY: Nuclear Regulatory Commission.
ACTION: Request for comment.
-----------------------------------------------------------------------
SUMMARY: On February 17, 2009, President Obama signed the American
Recovery and Reinvestment Act, and on March 23, 2010, he signed the
Patient Protection and Affordable Care Act. Both statutes require a
transition to the use of electronic medical records by 2014. The U.S.
Nuclear Regulatory Commission (NRC) is seeking public comment on
specific issues related to the use of electronic signatures on these
documents and is seeking to receive feedback from stakeholders on
additional concerns that may be raised by this practice.
DATES: Comments on the notice should be submitted by February 17, 2011.
Comments received after this date will be considered, if it is
practical to do so, but the NRC is able to assure consideration only
for comments received on or before this date.
ADDRESSES: You may submit comments by any one of the following methods.
Please include Docket ID NRC-2010-0330 in the subject line of your
comments. Comments submitted in writing or in electronic form will be
posted on the NRC Web site and on the Federal rulemaking Web site
Regulations.gov. Because your comments will not be edited to remove any
identifying or contact information, the NRC cautions you against
including any information in your submission that you do not want to be
publicly disclosed.
The NRC requests that any party soliciting or aggregating comments
received from other persons for submission to the NRC inform those
persons that the NRC will not edit their comments to remove any
identifying or contact information, and therefore, they should not
include any information in their comments that they do not want
publicly disclosed.
Federal Rulemaking Web site: Go to http://www.regulations.gov and
search for documents filed under Docket ID NRC-2010-0330. Address
questions about NRC dockets to Carol Gallagher 301-492-3668; e-mail
[email protected].
Mail comments to: Cindy Bladey, Chief, Rules, Announcements and
Directives Branch (RADB), Division of Administrative Services, Office
of Administration, Mail Stop: TWB-05-B01M, U.S. Nuclear Regulatory
Commission, Washington, DC 20555-0001, or by fax to RADB at 301-492-
3446.
You can access publicly available documents related to this notice
using the following methods:
NRC's Public Document Room (PDR): The public may examine and have
publicly available documents copied for a fee at the NRC's PDR, Room O1
F21, One White Flint North, 11555 Rockville Pike, Rockville, Maryland.
NRC's Agencywide Documents Access and Management System (ADAMS):
Publicly available documents created or received at the NRC are
available electronically at the NRC's Electronic Reading Room at http://www.nrc.gov/reading-rm/adams.html. From this page, the public can gain
entry into ADAMS, which provides text and image files of NRC's public
documents. If you do not have access to ADAMS or if there are problems
in accessing the documents located in ADAMS, contact the NRC's PDR
reference staff at 1-800-397-4209, 301-415-4737, or by e-mail to
[email protected].
FOR FURTHER INFORMATION CONTACT: Ashley Cockerham, Office of Federal
and State Materials and Environmental Management Programs, telephone
240-888-7129, e-mail, [email protected].
SUPPLEMENTARY INFORMATION:
I. Background
In connection with the American Recovery and Reinvestment Act and
the Patient Protection and Affordable Care Act, the NRC is soliciting
early public input on issues associated with the use of electronic
signatures on documents related to the medical use of byproduct
material that are not submitted to the NRC but are maintained and
inspected at the licensee's facility (i.e., written directives required
by 10 Code of Federal Regulations (CFR) 35.40 and records for
inspection required by 10 CFR part 35 subpart L). For medical use
licensees, 10 CFR 35.5 permits the use of electronic media to produce
and store records that are maintained and inspected at the licensee's
site. NRC is aware that many medical licensees already develop and
store certain documents in electronic form and may use electronic
signatures for electronic documents that require signatures by specific
individuals.
[[Page 64750]]
NRC believes that electronic signatures should serve the same
function as written signatures. They should uniquely identify the
individual (the electronic equivalent of biometric information),
provide authentication and non-repudiation, and assure data integrity.
The individual providing the signature should know he/she is signing
the document, and the signature process should be concise enough to
assure the individual initiating the process is the same person
concluding the process. An inspector must be able to see an electronic
audit of the document and electronic signature process to assure the
completeness and accuracy of the document. Licensees, certificate
holders or other regulated individuals may use digital certificates for
digitally signing electronic documents, but NRC will accept other means
of obtaining the performance criteria described.
The NRC is conducting enhanced public participatory activities to
solicit early and active public input on major issues associated with
electronic signatures on written directives. As a first step, the NRC
has prepared an issues paper which describes issues related to
electronic signatures on written directives required by 10 CFR 35.40.
The intent of this paper is to solicit input regarding these issues.
The issues paper is contained in Section III of this document. The NRC
will use its rulemaking Web site to make the issues paper available to
the public and to solicit public comments.
II. Request for Comments and Plans for Public Meetings
The NRC is soliciting comments on the items presented in the issues
paper in Section III of this document as well as soliciting input on
any additional potential concerns that stakeholders may have with the
use of electronic signatures on documents related to the medical use of
byproduct material which are maintained at the licensee's facility
(e.g., concerns with electronic storage; identification; reliability of
this practice). Comments may be submitted as indicated under the
ADDRESSES heading in this document. In addition to providing an
opportunity for written comments, the NRC is considering holding
facilitated public meetings to discuss this issue. If NRC staff
determines that public meetings are necessary to allow for additional
stakeholder feedback, these meetings will be announced in the Federal
Register on a future date. The issues paper in Section III of this
document provides background and topics of discussion on the major
issues that would be the subject of the potential public meetings. The
written public comment period will extend until after the last public
meeting is held.
The Commission believes that stakeholders' comments will help to
determine the potential impact of these proposed changes and will
assist the NRC in developing a risk-informed, preferred option for
acceptable forms of electronic signatures for those documents that must
be retained for inspection in accordance with current NRC regulations.
Staff will consider future actions based on the comments received in
response to this document.
III. Issues Paper on the Use of Electronic Signatures for Written
Directives
Introduction
Section A of this Issues Paper describes some general
considerations regarding the use of electronic signatures at NRC-
licensed medical use facilities. Section B of the paper discusses the
major issues that need to be addressed before commencing any regulatory
activities related to the use of electronic signatures.
A. Background
On February 17, 2009, President Obama signed the American Recovery
and Reinvestment Act, and on March 23, 2010, he signed the Patient
Protection and Affordable Care Act. Both Acts require a transition to
the use of electronic medical records by 2014. Many medical facilities
have already started the transition from paper records to electronic
systems or are currently using electronic systems exclusively. NRC is
seeking comments on acceptable forms of electronic signatures for
documents that must be retained for inspection in accordance with
current NRC regulations (i.e. 10 CFR 35.40 and 10 CFR part 35 subpart
L).
10 CFR 35.5 permits medical use licensees to store required records
in electronic media provided the electronic media has the capability
for producing legible, accurate, and complete records during the
required retention period. Also, records such as letters, drawings, and
specifications stored in electronic media must include all pertinent
information such as stamps, initials, and signatures. Licensees must
maintain adequate safeguards against tampering with and loss of
records. The information that is required in each record is described
in other sections of the regulations.
Because the system that generates the electronic document must have
functions that provide a legible document for the records retention
period, the document must be readable in the future, even if the
technology used to develop the document becomes outdated. Because the
record must be complete for the records retention period, any
electronic attachments, figures, drawings, stamps, signatures, etc.,
that are required to be part of the record must electronically be part
of the record and remain part of the record. Because the record must be
accurate for the records retention period, there must be a means of
verifying the date of finalized electronic attachments, figures,
drawings, stamps, signatures, etc., that are required to be part of the
electronic record, the date the record itself was finalized, the date
the electronic signature was affixed. There must also be a means of
identifying the individual who affixed the signature and a method of
verifying version control to identify dates of subsequent changes to
the final record along with the names of individuals who have made
these changes.
Because these electronic documents are internal licensee records
that are not submitted to the agency, the criteria for electronic
submissions described in NRC's Electronic Submittals Web site at http://www.nrc.gov/site-help/e-submittals.html do not apply. The Web site
addresses the use of digital certificates for digitally signing
electronic submissions pertaining to licensing actions, associated
hearings, and other regulatory matters. With regard to electronic
signatures on internal licensee records, licensees may chose to use
digital certificates and digital signatures to affix electronic
signatures to electronic records; however, they are not required to do
so.
The NRC understands that there is no single accepted national
standard for electronic signatures; however, several principles have
been considered by NRC staff. Generally, when signing a paper document,
the individual knows he/she is signing it, the physical signature
provides biometric information that can be used to identify the person
and provide the basis for authentication and non-repudiation.
Generally, signing a completed document also functions to confirm the
integrity of the document and prevent changes that would compromise
``data integrity'' in its broadest meaning.
The processes used to generate an electronic document and
individual's electronic signature should satisfy the same functions
provided by a written signature on a paper document. They should
uniquely identify the individual (the electronic equivalent of
biometric information), provide authentication and non-repudiation, and
assure data
[[Page 64751]]
integrity. The individual providing the signature should know that he/
she is signing the document, and the signature process should be
concise enough to assure that the individual initiating the process is
the same person concluding the process. Systems that produce electronic
records should have provisions that inform individuals electronically
signing the document that they are entering their signatures. This
process should be separate from the act of opening the document because
most records required by NRC are produced by other individuals and may
be produced and revised over an unspecified time.
The signature process should be such that it is uniquely tied to
the individual whose signature is required and the period that the
signature process is open should be short enough to assure that the
individual starting the process is the individual completing the
process. If the signature is required to demonstrate review of specific
information, then completion of the electronic signature should also
block alteration of that information. Subsequent changes to the
information should require a new electronic signature and not overwrite
previous versions of the signed document. If the document must be dated
and signed to meet the regulations, the electronic signature process
should also affix the date and time to each electronic signature.
Because these electronic records are kept at the facility and not
sent to the NRC they have to be electronically inspected at the
facility. Printing an electronic record with an electronic signature
would not constitute a complete and accurate record because critical
electronic information associated with the electronic record would not
be available for inspection.
B. Issues for Discussion
The following is a listing of issues regarding the use of
electronic signatures on documents related to the medical use of
byproduct material. Each issue is followed by one or more questions
about existing practices related to standards, authentication, non-
repudiation, data integrity, records inspection, and improvements to
software. The questions listed below are not meant to be a complete or
final list of issues to be considered but are provided to initiate
comments. Stakeholders are requested to comment on and recommend
additions, deletions, or modifications to the issues listed below; and
propose considerations for implementation of electronic signatures
regarding each issue, as appropriate. These issues, and other relevant
and substantial issues identified by commenters, will serve as the
basis of discussion at the public meetings, if these meetings are
scheduled in the future. Public feedback will also be used in
developing options for implementation.
Issue No. 1--Standards
Q1.1 What standards for electronic signatures in medical records
are in use or under development?
Q1.2 How do these standards address the principles of
authentication, non-repudiation, data integrity, and access for
inspection, as described in Issues No. 2 through 5, below?
Q1.3 Do these standards consider any additional key principles?
Issue No. 2--Authentication
Q2.1 For software applications currently in use, how does the
licensee assure that the signature process is uniquely tied to the
individual whose signature is required?
Issue No. 3--Non-Repudiation
Q3.1 For software applications currently in use, what provisions
does the licensee use to inform persons electronically signing
documents that they are entering their signature?
Issue No. 4--Data Integrity
Q4.1 For software applications currently in use, how does the
licensee assure that the document being electronically signed cannot be
changed after it is signed?
Q4.2 For software applications currently in use, how does the
licensee assure that subsequent changes to the electronically signed
document require a new electronic signature and cannot overwrite
previous versions of the signed document?
Q4.3 For software applications currently in use, how does the
licensee assure that the electronic signature process affixes the date
and time to each electronic signature?
Issue No. 5--Records Inspection
Q5.1 For software applications currently in use, how does the
licensee assure that electronically signed documents and all revisions
to the electronically signed documents are accessible for inspection?
Q5.2 For software applications currently in use, how does the
licensee assure that electronically signed documents and all revisions
to the electronically signed documents are retained for 3 years?
Issue No. 6--Need for Improvements to Current Commercially-Available
Software Applications
Q6.1 Are any improvements needed for current commercially-available
software applications to adequately meet existing standards and
principles?
Dated at Rockville, Maryland, this 14th day of Oct. 2010.
For the Nuclear Regulatory Commission.
Christian Einberg,
Acting Deputy Director, Licensing and Inspection Support Directorate,
Division of Materials Safety and State Agreements, Office of Federal
and State Materials, and Environmental Management Programs.
[FR Doc. 2010-26391 Filed 10-19-10; 8:45 am]
BILLING CODE 7590-01-P