Darshan Jain wrote: > Can OpenPGP digital signature be used to comply to FDA's 21 CFR Part 11 > , or does it mandatorally require X.509 or PKI based signatures > > http://en.wikipedia.org/wiki/Title_21_CFR_Part_11
You check the DHHS HIPAA page, http://www.hhs.gov/ocr/hipaa/ ? Might be a bit more authoritative that Wikipedia. Best answer, maybe. Depends on the circumstances (HIPPA/HIPAA[0] provide different sets of protections. Encryption/Digital signatures may or may not be applicable.) OpenPGP can be used for HIPAA compliance - I've implemented it for several medical practices. Your interests would be best served by a) hiring the services of a security consultant knowledgeable in the dealings of HIPAA specifically as it relates to the FDA; b) consulting an attorney knowledgeable in technology, c) both of the above. [0] way back in the dark ages of the mid-90s, before HIPAA: the Health Insurance Portability & Accountability Act, there was HIPPA: Health Information Privacy Protection Act. Google "health information privacy protection act" in quotes to get references to HIPPA, without quotes you'll get HIPAA. EPIC has a good Bibliography[1] on the Confidentiality of Health Information. [1] http://www.epic.org/privacy/medical/gellman.html -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:[email protected]?subject=help Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels"
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
