Anyone who’s worked at a hospital or doctor’s office knows how important it is to be HIPAA compliant. My husband is a nurse, and he’s had HIPAA compliance drilled into him from day one. Because HIPAA is such an important issue for the healthcare industry, it’s essential to know whether your electronic signature vendor is HIPAA compliant.
First off, you’ll be happy to know that SIGNiX’s digital signature technology is HIPAA compliant (and also 21 CFR Part 11 compliant for those of you in the pharmaceutical industry).
But not all electronic signature vendors fit the bill. Industry experts recommend that health care providers use a specific type of electronic signature: digital signatures. (Not sure what the difference is? Check out this article to find out).
Digital signatures give you the best in document security, including:
- Message integrity: Digital signatures use technologies that make it virtually impossible for a document to be altered without detection once the digital signature has been applied. At SIGNiX, we use standard digital hashing, encryption and public key infrastructure to keep your documents secure.
- Non-repudiation: Digital signatures give you significantly more legal evidence in a detailed audit trail of every action taken on a document. Every time a document is changed, the document automatically alerts you of the changes. The audit trail also records the signer's identity, the validity of the digital certificate, the validity of the signing process, the authenticity of the document and the accurate time of signing.
- User authentication: With proper signer authentication, digital signature services can prove the identity of the signer and provide independent authentication of the document. Companies who use SIGNiX’s digital signatures can customize their authentication based on their security needs.
But not all electronic signature vendors are secure enough to be considered HIPAA compliant. Many vendors fail to use identity authentication technologies to verify who is signing a document. Others fail to lock down the document against changes, or lack the required security controls to protect patient confidentiality.
And most frightening of all? Many electronic signature vendors require that they store a copy of your documents on their servers even if you download a copy for yourself.
Let me ask you a question: How many copies of your patients’ personally identifiable health information do you want stored on a third-party vendor’s cloud? I hope the answer to that question is, “None!”
SIGNiX is the only vendor on the market that embeds the legal evidence you’d need to prove a signature happened into the document. That means we don’t have to store your documents on our servers, and that's a huge relief to healthcare companies looking to be HIPAA compliant.
With that said, it’s important to keep in mind that compliance isn’t just about which vendor you choose. It’s also about the policies you establish for how your employees will interact with the electronic signature software. If you don’t address these issues internally, even the most secure digital signature service won’t give you a fully compliant solution. You should consult with your compliance expert to create an electronic signature policy for your company before implementing any electronic signature service.