ISO 17090-4:2026

This document supports interchangeability of digital signatures and the prevention of incorrect or illegal digital signatures by providing minimum requirements and formats for generating and verifying digital signatures and related certificates.
This document describes the common technical, operational, and policy requirements to enable digital certificates to be used in protecting the exchange of healthcare information within a single domain, between domains, and across jurisdictional boundaries. The purpose of this document is to create a platform for global interoperability. It specifically supports digital certificate enabled communication across borders but can also provide guidance for the national or regional deployment of digital certificates in healthcare.
This document defines the provable compliance with a public key infrastructure (PKI) policy necessary in the domain of healthcare. It specifies a method of adopting long-term signature formats to ensure integrity and non-repudiation in long-term electronic preservation of healthcare information.
This document provides healthcare-specific PKI (HPKI) profiles of digital signature based on the ISO/ETSI standard profiles specified in CAdES (CMS Advanced Electronic Signature)[1], XAdES (XML Advanced Electronic Signature), PAdES (PDF Advanced Electronic Signature)[2] and the ETSI standard specified in JAdES (JSON Advanced Electronic Signature)[13].