Are SIGNiX's E-Signatures HIPAA Compliant?
Anyone who has worked at a medical facility knows how important it is to be HIPAA compliant. People often ask us, “Are electronic signatures HIPAA compliant?” The answer is yes!
SIGNiX’s e-signatures are HIPAA compliant (in fact, we have several large clients in the healthcare industry). Our technology can be used in situations where signatures are required by patients, due to the capabilities of our product to identify a signer and create a tamper-evident signing process that is secure and confidential.
We're committed to helping our customers meet compliance requirements across all industries, and we have already seen healthcare and pharmaceutical companies successfully adopt SIGNiX in a HIPAA-compliant manner.
Industry experts recommend that health care providers use a specific type of electronic signature: digital signatures. (Not sure what the difference is? Check out this article for more information).
Digital signatures provide the best in document security, including:
- Message integrity: Our products incorporate technologies that make it very difficult for a document to be altered without detection once the digital signature has been applied. We use standard digital hashing, encryption and public key infrastructure to keep your documents secure.
- Non-repudiation: We maintain a detailed audit trail of every action taken on a document. Every time a document is changed, the document automatically detects it and alerts you to the changes. We also record the signer's identity, the validity of the digital certificate, the validity of the signing process, the authenticity of the document and the accurate time of signing.
- User authentication: We can prove the identity of the signer and provide independent authentication of the document. Companies who use our digital signatures can customize their authentication based on their security needs.
But not all electronic signatures are secure enough to be considered HIPAA compliant. Many vendors fail to use signer authentication technologies to verify who is signing a document. Others fail to lock down the document against changes, or lack the required security controls to protect patient confidentiality.
Finally, it's critical to note that electronic signatures alone do not make a firm HIPAA-compliant. HIPAA considers many elements of security, confidentiality and patient care. E-signatures are just one small part of a much larger compliance effort.