E-Signature

DocuSign falls into the category of a business associate when healthcare providers use its services for protected health information (PHI). DocuSign offers AES 256-bit encryption for data in transit and at rest. This encrypted information is held on the DocuSign servers, and the company doesn’t have access to the information.DocuSign is fully compliant with the security and privacy requirements of HIPAA. DocuSign also meets Health and Human Services (HHS) standards for digital signatures.This service enables HIPAA compliance through its digital tracking system. Each e-signature has a tamper-proof audit trail that’s fully traceable. DocuSign data centers are SOC2 audited and ISO 27001-certified.Customers can trust the authenticity of e-signatures through signature verification. When signing a document, the service captures unalterable information, including names, email addresses, timestamps, signing location, public IP addresses, and document completion status.While DocuSign offers essential encryption, auditing, and security standards, it’s the responsibility of each customer to ensure that they share and access PHI in a HIPAA-compliant manner.If your healthcare organization is using DocuSign for PHI, then you are only HIPAA compliant after obtaining a signed BAA. Customers need an enterprise account to access the necessary security features and get a BAA. Once you have a BAA in place, you can use DocuSign for HIPAA-compliant e-signatures.