Government-Grade Digital Signatures for Clinic e-Prescriptions

The Challenge

A Hong Kong healthtech company was building an e-prescription management platform for private clinics. Their core requirement was legal-grade digital signatures that could:

• Prove the prescribing doctor's identity using a government-verified credential
• Produce a signed PDF that could be verified as unaltered at any downstream point (e.g. pharmacy dispensing)
• Enable patient verification at the pharmacy without requiring a physical ID check
• Be audit-ready for Hospital Authority review and potential future rollout across HA facilities

Existing document signing tools on the market used proprietary certificate authorities and could not satisfy the Hospital Authority's standards for evidentiary integrity. The client needed signatures anchored to an official government-issued identity — not a commercial PKI.

The Solution

Fill Easy integrated three iAM Smart flows via its GovVerify API layer:

• 1

  Doctor Authentication

  When opening a prescription session, the doctor authenticates via iAM Smart. Their verified identity — including HKID number and name from the government record — is attached to the document header. No username/password login required.

• 2

  iAM Smart Digital Signature on Prescription PDF

  Upon finalising the prescription, the doctor signs using iAM Smart's digital signing function. The resulting PDF carries a certificate issued by HK Post e-Cert CA, embedding the doctor's identity, signature timestamp, and a tamper-detection hash. If the document is altered after signing, Adobe Acrobat and other PDF readers will flag it as invalid.

• 3

  Patient Verification at Pharmacy

  When the patient presents at the pharmacy, the pharmacist triggers an iAM Smart authentication request. The patient scans the QR code with their iAM Smart app, confirming their identity matches the name on the prescription — without any physical ID card handling.

How the Signature Integrity Works

Each signed document includes:

• —Certificate chain: HK Post e-Cert Trial CA 2 (issued by Hongkong Post)
• —Signer identity: linked to the iAM Smart account holder's government-verified record
• —Timestamp: embedded at signing time, verifiable independently
• —Tamper detection: any modification to the document body invalidates the signature and triggers a visible alert in standard PDF readers

Documents with an intact signature display a “Signed and all signatures are valid” banner. Documents that have been altered display an explicit “At least one signature is invalid” warning — giving pharmacists and auditors immediate visibility of any tampering.

Outcomes

• —Trial outcomes formally recognised by the Hospital Authority, with future doctors claims processes earmarked to utilise the same system
• —Prescriptions are now fully auditable end-to-end — from doctor identity at issuance to patient identity at dispensing
• —Zero reliance on proprietary certificate authorities; all trust anchored to HK Government PKI infrastructure
• —The same technology stack is directly reusable for insurance policy signing, issuance workflows, and document verification — demonstrating cross-sector applicability

Solutions Used