What you need in this case is a "Digital Signature Infrastructure", or AKA "PKI", etc etc.
To be fully compliant with proper digital signature usage you really need policies in place to manage the signatures in question. The general process goes like this (this is a process I've gone through before):
* Create a CA (Certificate Authority)
* Make everyone trust you as a CA / install your CA certificate as trusted
* Assign Digital Certificates to users
* Train users on the use of their certificates
* Manage certificates (renewals, revokations, etc)
Typically the hardest parts of digital signatures are Training users and managing certificates.
I've found that typically people won't use it unless they are absolutely required to use it, and the whole company/organization is behind this setup, and EVERYONE uses it when they're supposed to.
From a technical perspective, it's easy to setup, but the interfaces and management can be a real pain.
I'd recommend you actually play with it yourself, create your own CA, make a certificate for yourself (preferably two or more), and sign emails or documents using this cert, and see what sort of things you can expect from users.
To answer your question though, I'm not sure how you would digitally sign a "document" that is on a website without first downloading it locally, which may contravene the policies in place, especially if you're in a health care environment.
[edited by: MattyMoose at 10:47 pm (utc) on Aug. 15, 2006]