E-Signature

DocuSign falls into the category of a business associate when healthcare providers use its services for protected health information (PHI). DocuSign offers AES 256-bit encryption for data in transit and at rest. This encrypted information is held on the DocuSign servers, and the company doesn’t have access to the information.DocuSign is fully compliant with the security and privacy requirements of HIPAA. DocuSign also meets Health and Human Services (HHS) standards for digital signatures.This service enables HIPAA compliance through its digital tracking system. Each e-signature has a tamper-proof audit trail that’s fully traceable. DocuSign data centers are SOC2 audited and ISO 27001-certified.Customers can trust the authenticity of e-signatures through signature verification. When signing a document, the service captures unalterable information, including names, email addresses, timestamps, signing location, public IP addresses, and document completion status.While DocuSign offers essential encryption, auditing, and security standards, it’s the responsibility of each customer to ensure that they share and access PHI in a HIPAA-compliant manner.If your healthcare organization is using DocuSign for PHI, then you are only HIPAA compliant after obtaining a signed BAA. Customers need an enterprise account to access the necessary security features and get a BAA. Once you have a BAA in place, you can use DocuSign for HIPAA-compliant e-signatures.

When using e-signatures for protected health information (PHI), you must institute security and privacy protections for electronic transmission and storage of data to meet HIPAA requirements. Adobe Sign offers configuration options that comply with HIPAA standards and allow organizations to meet industry-specific compliance requirements for e-signatures. Each client must configure features such as account time-out, password length, and accessibility settings.Adobe Sign is HIPAA-ready, including all necessary security features to protect PHI from falling into the wrong hands. Covered entities can use authentication to manage user identities, certify each document’s integrity, maintain audit trails, and track document delivery. This tool is helpful for healthcare providers because the e-signature features can be integrated with other HIPAA-compliant software services.Adobe Sign offers a business associate agreement (BAA) for customers on an Enterprise plan. If you don’t already have an Enterprise plan, you’ll need to upgrade before requesting a BAA.

HelloSign provides HIPAA-compliant solutions for covered entities, ensuring security and privacy for all documents that contain protected health information (PHI). The service uses Transport Layer Security (TLS) encryption for all communications in transit and AES 256-bit encryption for stored files.Enterprise-level security controls include two levels of encryption for each document: a unique document encryption key (DEK) for each file and a master key that protects the DEK, which is regularly rotated for additional security. This configuration offers an extra layer of security in the event that someone bypasses physical security measures to access a hard drive.HelloSign also offers audit reports that track activity and changes made to each document, giving covered entities the ability to view the audit trail as needed. HelloSign conducts regular user access reviews and provides extensive training for employees on HIPAA’s Security and Privacy Rules.Customers must have a HelloSign Enterprise account to access features that comply with HIPAA and Service Organization Control (SOC) 2. HelloSign is willing to sign a business associate agreement (BAA) for customers with an Enterprise account — a key HIPAA requirement.