As technology evolves, companies try new products in an effort to improve their business operations. One such technology that has been rapidly adopted is e-signature tools. But, did you know as a healthcare organization that these tools need to meet specific HIPAA standards?
HelloSign is a popular e-signature product, but is HelloSign HIPAA compliant? How can you tell if a software tool is HIPAA compliant?
What Makes a Software Tool HIPAA Compliant?
When it comes to software HIPAA compliance, there are certain indications of the tool’s compliance. Software HIPAA compliance really boils down to two things. Does the tool have safeguards to keep patient data private and secure? Does the software provider sign business associate agreements?
When the answer to both of these questions is “yes,” the tool is likely HIPAA compliant. If the answer to either is “no,” the tool is not HIPAA compliant.
What Are HIPAA Safeguards?
HIPAA safeguards are measures that a healthcare organization puts into place to protect the confidentiality, integrity, and availability of protected health information (PHI). HIPAA categorizes safeguards into three groups – administrative, physical, and technical.
Administrative safeguards are written policies and procedures that dictate the proper uses and disclosures of PHI.
Physical safeguards are measures that protect an organization’s physical location, such as locks and alarm systems.
Technical safeguards are measures that protect electronic PHI (ePHI).
While administrative and physical safeguards are important, technical safeguards are generally the determining factor of a software provider’s HIPAA compliance. Technical safeguards that you should keep an eye out for include encryption, user authentication, access controls, and audit controls.
Why is a Business Associate Agreement Important?
Business associate agreements are a key determinant of HIPAA compliance. Even the most secure software platform is NOT HIPAA compliant is they will not sign a business associate agreement (BAA).
Why?
A BAA is a legal agreement that requires each signing party to be HIPAA compliant, and be responsible for maintaining compliance. As such, a BAA limits the liability for both singing parties in the event of a breach or OCR audit, as only the negligent party would be held culpable.
Is HelloSign HIPAA Compliant?
So, does HelloSign meet HIPAA standards? Is HelloSign HIPAA compliant? Yes, HelloSign is HIPAA compliant for users with an annual Standard or Premium plan. According to HelloSign’s website, they meet HIPAA security standards and are willing to sign a BAA.
However, users must have a signed BAA with HelloSign and MUST configure the platform accordingly prior to use. Please click here for information on HelloSign HIPAA compliant configurations.
