HIPAA Compliant Electronic Signature Software
Managing documents and signatures electronically is becoming increasingly popular, especially within the health industry. It’s common to use electronic signature software solutions to manage these documents, but health professionals need these solutions to be HIPAA compliant in order to protect patient information. To help you in your search for HIPAA compliant solutions, we’ve created a short-list of the best HIPAA compliant electronic signature software.
Table of Contents
- What is HIPAA Compliance
- How Much Does HIPAA Compliant Electronic Signature Software Cost?
- Best HIPAA Compliant Electronic Signature Software
What is HIPAA Compliance?
According to the Compliancy Group, HIPAA compliance means that an organization satisfies the regulatory standards outlined in the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The general purpose of this act is to protect patient information. HIPAA compliance is regulated by the Department of Health and Human Services and enforced by the Office for Civil Rights (OCR).
HIPAA classifies software providers as Business Associates because they often encounter protected health information (PHI) in their course of work. To become HIPAA compliant, software vendors take numerous measures including:
- Not permanently storing PHI, Protected Health Information
- Operating according to the Privacy and Security Rules
- Conducting risk analysis and management
- Having disaster preparation plans in place
- Partaking in ongoing training for all required staff
- Having a Privacy and Security officer
- Signing Business Associates Agreement
How Much Does HIPAA Compliant Electronic Signature Software Cost?
Most individuals and small businesses can purchase HIPAA compliant electronic signature software for $20 to $60 per month. Larger organizations will most likely need to request a custom quote from the software vendors.
Most electronic signature solutions offer HIPAA compliance along with their plans at no charge. This includes solutions like PandaDoc, which offers HIPAA compliance for each of its plans.
Some however, only offer a BAA, a Business Associate Agreement, with certain plans. For example, DocuSign, PandaDoc and signNow only offer a BAA with their enterprise plans.
PandaDoc's cheapest plan with a BAA starts at $588 per year.
signNow requires you to purchase the Airslate Business Cloud plan to receive a BAA. This plan is listed on their website for $50 per month. However, customers have reported that signNow actually charges $1,800 per year for a HIPAA compliant plan.
Free HIPAA Compliant Electronic Signature Software
It is possible to use free HIPAA compliant electronic signature software. However, PandaDoc is the only electronic signature solution from our list that offers full high-quality free HIPAA compliance. What this means is that every PandaDoc plan is HIPAA compliant, including its free plan, at no extra cost.
Best HIPAA Compliant Electronic Signature Software
We’ve researched the market to find the best solutions that offer HIPAA compliance. The tools listed below are used by a wide range of healthcare professionals and organizations including providers, medical device manufacturers, and pharmaceutical companies. Read our solution overviews to find the tool that works best for you and your organization.
1: DocuSign
DocuSign is an e-signature platform that supports the document management of those in the healthcare industry – providers, health plans, medical device manufacturers, and biopharmaceutical companies. DocuSign offers key features that help users stay HIPAA-compliant when handling their documents and esignatures, which include:
| Feature | Description |
|---|---|
| User Authentication | This verifies a signer’s identity when e-signing. DocuSign uses a public key infrastructure to authenticate users. |
| Message Integrity | This helps prove that the document has not been altered after it has been signed. |
| Non-Repudiation | This makes sure that the signer cannot deny signing the document. |
Is DocuSign HIPAA compliant? Yes
It should be known that DocuSign only offers full HIPAA compliance for Enterprise users or those who have commercial accounts. Commercial accounts have a minimum of five users and 500 envelopes.
2: PandaDoc
PandaDoc is a HIPAA compliant electronic signature tool for health documents, forms and e-signatures. PandaDoc offers certain features that help keep health professionals data safe and secure. These features include:
| Feature | Description |
|---|---|
| Document Encryption | PandaDoc lets you password protect your documents. |
| User-level Permissions | This feature lets you set specific permissions for individuals or departments in your medical office. |
| Audit Log | PandaDoc lets you download a record of user activity from within your account from the last 30 days. |
| Dedicated Monitoring & Alerts | PandaDoc monitors its application 24/7/365 and has a DevOps team that is alerted every time there is a security breach. |
| Secure Architecture | PandaDoc’s web app architecture is multi-tiered as front-end, mid-tier, and database. Each layer has independence from one another, which helps guarantee maximum security. |
Is PandaDoc HIPAA compliant? Yes
3: signNow
signNow is an electronic signature tool that helps individuals and organizations meet HIPAA compliance for health industry practices – health plans, medical equipment manufacturers, pharmaceutical companies, and providers. When HIPAA compliance is activated, signNow will take extra security measures to make sure no unauthorized access is possible.
One example of this is, signNow will turn off the ability to email documents to signers in case access to an email account is compromised. signNow also offers an audit trail, which takes note of every action taken on a document including date/time of access, edits, signing status, and downloads. It should be noted though that signNow only offers full HIPAA compliance for airSlate Business Cloud customers.
Is signNow HIPAA compliant? Yes
4: HelloSign
HelloSign offers HIPAA compliance that ensures customers’ health industry operations are met with strict security standards and that health information is kept private and secure. HelloSign offers enterprise level security controls, which include periodic user access reviews or providing HIPAA Security and Privacy training to employees. HelloSign has also obtained SOC 2 Type 1 attestation for secure document storage.
Is HelloSign HIPAA compliant? Yes
5: Formstack Sign
Formstack Sign offers HIPAA compliance, which protects patient confidentiality and documents that are managed in the Formstack platform from unauthorized access. Formstack Sign offers security features that help customers manage and secure patient data. These include:
| Feature | Description |
|---|---|
| Data Encryption | Formstack Sign helps protect data by encrypting information during and after transit. |
| User-level Permissions | Formstack Sign lets you set permissions for individual users or groups. |
| Audit Logging | This feature tracks when staff members log in and out of your system. Formstack Sign will also automatically log out inactive users. |
| Security Maintenance | Formstack Sign has a response team to help customers manage their accounts especially if they are being targeted. |
| Business Associate Agreements | Formstack Sign provides a standard BAA for all accounts and will evaluate BAA requests depending on the case. |