2.4. Storage of Electronic Datafiles
Electronic data file storage must guarantee:
· The identification and integrity of the necessary information required to reproduce them, making sure that they can be translated into other formats or supports.
· Data Support documents are provided with security measures that will guarantee the integrity, authenticity, confidentiality, quality, protection and document conservation.

2.5. Electronic data files
· The public administration must keep the original electronic data file so that it is possible to check the electronic signature and time stamping.
· Paper copies must include an electronically-created code to check its authenticity against the original.

2.6. Electronic signature
Law 59/2003 (LFE Law) only admits as the equivalent to hand-written signature the authenticated electronic signature. The authenticated electronic signature is only that signature done by recognized certifications, created through secure electronic signature devices.

The LFE admits other electronic signature means which will be adequate to guarantee the proper identification of the participants, as well as the authenticity and integrity of the electronic documents.

When the physicians uses an authenticated electronic signature (that is, when he uses the electronic ID card) the integrity and authenticity of the document are guaranteed.

Not all citizens have at their disposal an authenticated electronic signature. Therefore, they must be offered alternate methods to give their consent. These methods must always comply with the security measures demanded by the LFE. As a possible alternative, we can propose the use of the simple electronic signature, that is, the digitalization of the hand-written signature.

Any device used to create an electronic signature must meet the following criteria:
The data used to create the signature can only be produced once, fact that reasonably guarantees its secrecy.

· There must be reasonable security that the data used to create the electronic signature cannot be deduced from those used to verity the signature or from the signature itself. The signature must be protected against falsification by most up-to-date technology available.
· Signature owner can protect the data used to create the signature from being used by third parties.
· The device used do not changes the data or the document that must be signed, or prevents it from being shown to the signatory person before the signature process.
· Devices must be authorized by a certification procedure to check that it meets with the requirements of the LFE.

Currently, the signature digitalization devices (that is, scanners) do not comply with the requirements of the LFE. Therefore, any signature digitalization devices will have to meet the aforementioned requirements.

2.7. On authenticated Digitalization
Authenticated digitalization it is governed by order EHA/962/2007 of the Ministery of Economy and Finance. Therefore, it is not applicable to the field of health care.
Order EHA/962/2007 sets the principles that a digitized document must meet:
· The digitalization process must produce an accurate and complete image file for every document. These image files must be validated by an authenticated electronic signature.
· The institution digitalizing the document must follow all required controls and procedures in order to guarantee the accuracy of the Authenticated digitalization process.
· The final result of the digitalization process will be organized into a document database. For every digital document there will be preserved a registry of all fields, including one which contains a binary image file of the document or a link to the file containing it. In both bases it must include electronic signature.

The digitalizing institution must be done using software certified to do so. The software certification terms have been designed for online invoicing; therefore cannot be used in our field. However, we can apply the same requisites that must be met by the software to produce valid electronic documents from the original paper copies. The institution must guarantee the integrity of data and images at the end of every medical treatment received by the patient (as it is our case).

3. Solution Proposal
The Informed Consent (IC) process is currently carried out through the physician-patient act, where the patient is informed of the requirements of Law 41/2002 (LAP).

The physician will use one informed consent template form. The form will be automatically filled with the patients data extracted from the center database.

The physician will add specific contents if needed, ticking the consent options required for every case.

The physician will electronically sign the document. He will guarantee that the document remains closed and that it cannot be modified after the patient receives its copy. They can provide patients with a URL address so that they can access the original electronic document.

Afterwards, a paper copy for the patient will be printed. It will have an electronic ID so that it can be identified in the future. It will include a note indicating that it is the copy of an electronic document.

During the same act, of afterwards, the patient will be offered the possibility of accepting or rejecting giving consent.
The electronic document will be signed by three persons:
· By the responsible physician. He will use an authenticated electronic signature (digital ID card, for instance)
· By the patient
· He can sign with its digital ID card
· He can use another recognized digital signature or advanced digital signature (that is, the FNMT signature)
· He can have its signature digitized
· Handwritten signature of the paper copy.
· The third signature will consists of time stamping
The electronic document will be stored in the electronic IC repository.
If the patient opts for the handwritten signature on paper, we will deliver one copy to the patient and will send the other to the archive. The archive will proceed to digitally authenticate the document. The copy of the electronic document will be obtained under the same security and integrity conditions as the electronic document created during the visit itself.

To create the document above two signatures will be needed:
· Electronic signature of the public servant authorized to carry out these functions. An institutional signature will be valid.
· Time stamping.
After digitalization of the paper document, it will be sent to the electronic IC repository. The original will be destroyed through the proper means.

4. Referrals and regulatory framework
· Basic Law 41/2002, of November 14, regulating the patient’s authonomy, rights and duties in regards to information and medical documentation (LAP).
· Law 14/2007 of 22 June, of online Access to public services by the citizenship (LIB).
· Law 11/2007, of 22 June, of online Access to public services by the citizenship (LAECS).
· Law 5/2003, of 19 December, on digital signature (LFE).
· Organic Law of personal data protection (LOPD)
· Royal Decree 1720/2007 on security measures (RDLOPD).
· ORDEN EHA/962/2007 of April 10, developing certain dispositions in regards to online invoicing and online invoice storage contained in the Royal Decree 1496/2007, of November 28, which gives approval to the rules regulating invoicing terms (OEHA).
· Directive 1999/93/CE of the European Parliament and of the European Council of December 13, 1999, which sets a common framework for electronic signature.