Is DocuSign HIPAA Compliant

The ability to digitally sign legally binding documents has streamlined how business is done. HIPAA laws do not specifically address signing documents, but many forms and records used in healthcare do require a physical or electronic signature. Those forms often contain protected health information, which HIPAA does address.

One of the best-known companies in this arena is DocuSign. Millions of people use it to sign documents of all kinds. But is DocuSign HIPAA Compliant?

What Makes a Software Tool HIPAA Compliant?

When it comes to software, there are specific indications of the tool’s HIPAA compliance. Software HIPAA compliance really boils down to two things. Does the software have safeguards to keep patient data private and secure? Does the software provider sign business associate agreements?

When the answer to both of these questions is “yes,” the tool is likely HIPAA compliant. If the answer to either is “no,” the software tool is not HIPAA compliant.

What Are HIPAA Safeguards?

HIPAA safeguards are measures that a healthcare organization puts into place to protect the confidentiality, integrity, and availability of protected health information (PHI). HIPAA categorizes safeguards into three groups – administrative, physical, and technical. 

Administrative safeguards are written policies and procedures that dictate PHI’s proper uses and disclosures.

Physical safeguards, such as locks and alarm systems, protect an organization’s physical location.

Technical safeguards are measures that protect electronic PHI (ePHI).

While administrative and physical safeguards are essential, technical safeguards are generally the determining factor of a software provider’s HIPAA compliance. Technical safeguards should include encryption, user authentication, access controls, and audit controls.

Make Sure You’re HIPAA Compliant

Using a HIPAA compliant esignature service is just one piece of compliance.

We can help with the full picture!