Use HIPAA Electronic Signature
How to apply HIPPA compliant e-signatures to documents
According to the Health Insurance Portability and Accountability Act, any organization that deals with medical information and patient data as well as operates in the delivery of treatment services must ensure the protection of that health information by establishing specific security measures.
signNow protects clients' confidentiality and security by complying with HIPAA. Thus, users can be sure that all medical documents edited, transmitted, completed and signed using signNow are protected from unauthorized access.
Medical records belong to the category of most sensitive and top confidential information.
Thus, any hospital, drug store or lab choosing a new software would downgrade user friendliness and cost in the list of its priorities since HIPAA compliance would always be top priority for them.
Understanding rules and procedures under HIPAA would not require advanced technical knowledge as all its provisions are concentrated around authorized access to data. Rules here are strict but simple.
Let's start with two basic notions of HIPAA compliance - PHI and BAA.
PHI stands for protected health information (the object of HIPAA protection). It includes standard demographic info, details on medical insurance, medical data concerning diseases and their treatment, lab results etc.
BAA stands for business associate agreements (to be signed by the subjects of HIPAA protection). In relation to a hospital/pharmacy/lab, the examples of business associates include lawyers, accountants, auditors, software providers, cloud storage services etc. Once BAA is signed, all of them are expected to be HIPAA compliant as well.
Finally, HIPAA itself stands for Health Insurance Portability and Accountability Act (1996).
What does it mean 'being HIPAA compliant'?
HIPAA compliance can be divided into three broad categories - physical compliance, administrative compliance and digital compliance, all being equally important.
Physical side of HIPAA compliance usually concerns common-sense rules of security, like locking the laptop with medical records at the reception desk, limiting direct access to printers, fax and other data-bearing equipment.
Administrative compliance includes, first and foremost, training for all staff members and their subsequent compliant behavior in the office.
Digital compliance under HIPAA starts once the BAA is signed (between the software provider and the medical organization). Digital HIPAA compliance adds an extra layer of encryption to all the documents processed and stored online.
Without going deep into technical specification of the encryption methods used, protection under HIPAA guarantees that all documents processed and stored online are accessible to two sides of the e-signing process only, no third parties (third parties in this case also include employees of the software company as well, and yes, even their support agents).
How does HIPAA compliance work in signNow's case specifically?
Once a medical organization decides to go for HIPAA compliance, its representative should contact signNow support as HIPAA compliance settings are switched on manually.
On the practical side of what the user will really notice as changed (since you can't really see changes in the encryption method) is that once HIPAA is on, emailing the e-signed documents to signers will be switched off. This additional measure guarantees extra security in cases when access to email account can be compromised or when the same email is used by several signers (which happens in many families).
It is important to remember that signNow cannot access protected health information, but may store this information on its servers and send it using certified encryption protocols (AES-256 bit encryption).
One of the most important elements of digital compliance under HIPAA is audit trail (also known as activity log). In simple, no-code terms, it means that each document must have a digital register of all actions taken to this document, including date/time of access, editing changes, signing status, downloads, copies made etc.
What happens in cases of non-compliance?
Once the parties have signed their BAA, failure to comply with HIPAA regulations may lead to civil or criminal penalty.
Penalty would depend on a particular state (due to differences in local laws) and also a particular case (what sort of data was compromised and in what volume). Civil penalty is usually monetary, and may vary from several hundred dollars to several millions. Criminal penalty in serious cases would be imprisonment for 10 or more years.
My organization would like to be HIPAA-compliant. Where do we start?
The first steps could be as follows:
- Determine what sort of PHI do you use and store; for how long do you keep this data;
- Make the full list of all vendors (business associates according to HIPAA terminology) that have access to PHI on your side; reach out to all of them to check whether they are HIPAA-compliant already;
- Detect all potential human and technical threats to PHI in your organization; schedule trainings for all staff members on what needs to be changed; schedule technical changes to be implemented by the IT department;
- Decided on who will be responsible for HIPAA compliance in your organization (the position is usually called HIPAA compliance officer or manager). This person will be responsible for future risk assessments (which need to be carried out on a regular basis) and organization trainings in groups.
- Sign BAA with every single contractor that has access to PHI of your organization or might have it later.
Protect your documents with multi-level security using the use hipaa electronic signature feature
While cybercriminals are looking for ways to steal someone's personal data, signNow protects your sensitive info and records according to all global security standards: HIPAA, GDPR and CCPA etc. Send, fill out and store contracts and agreements, and so on, knowing that our service provides an extra layer of protection. Take a new approach to how you work on PDFs online.
Utilize the use hipaa electronic signature tool and other features to adjust safety measures according to your organization's requirements. Limit access to records and easily monitor all changes in workflows. To take advantage of a secure and reliable solution, check out the guide below.
How to encrypt your documents and use hipaa electronic signature in signNow
- Log in to your signNow account or create a new one starting a free trial.
- Upload a PDF by clicking Upload Documents and selecting a file from your device.
- Edit the form by adding fillable fields for any information that you or your recipients need to insert.
- Write your personal data and insert your photo if required.
- When you are ready, click Invite to Sign and specify the recipient's email address.
- Configure a Signing Order if you have more than one recipients.
- Set up additional authentication via a password, SMS or call.
- After the PDF is signed, you can check the Document History to determine the signer's email and IP address.
- Download the record or keep it in signNow’s secure cloud storage.
Despite additional protection layers and the use hipaa electronic signature feature, signNow is still really easy-to-use and provides users with a smooth and comprehensive eSignature workflow. In a few minutes, you can find the file you need, edit it, and send it to a bunch of people hassle-free. Stay in the loop and monitor the status of form or contract. The service can expand your smartphone's capabilities with its mobile application, suitable for both iOS and Android. Moreover, it’s just as safe to run your business using the app as it is on our website. Check out all the benefits of our eSignature solution now.