Yes, DocuSign has defined itself as HIPAA compliant. DocuSign states that its security and privacy features are in full compliance with HIPAA standards. DocuSign will also sign a business associate agreement (BAA).
DocuSign is fully compliant with the security and privacy requirements of HIPAA. DocuSign also meets Health and Human Services (HHS) standards for digital signatures.
This service enables HIPAA compliance through its digital tracking system. Each e-signature has a tamper-proof audit trail that’s fully traceable. DocuSign data centers are SOC2 audited and ISO 27001-certified.
Customers can trust the authenticity of e-signatures through signature verification. When signing a document, the service captures unalterable information, including names, email addresses, timestamps, signing location, public IP addresses, and document completion status.
While DocuSign offers essential encryption, auditing, and security standards, it’s the responsibility of each customer to ensure that they share and access PHI in a HIPAA-compliant manner.
If your healthcare organization is using DocuSign for PHI, then you are only HIPAA compliant after obtaining a signed BAA. Customers need an enterprise account to access the necessary security features and get a BAA. Once you have a BAA in place, you can use DocuSign for HIPAA-compliant e-signatures.