Question: During a recent risk assessment at our practice, we found that the e-signatures we use and have our patients use were accessible by someone outside of our organization. There were not breaches because this was an audit simulation, but do you have any advice for how we can best protect this information going forward? Iowa Subscriber Answer: There are a few things your organization can do to ensure that your patients’ e-signatures are more secure. Even though it’s not a requirement under the HIPAA Security Rule, you may want to use software and form generators that employ encryption to protect your documents and e-signatures. Additionally, if a risk assessment determines that encryption is a “reasonable and appropriate safeguard” for your organization, you should probably follow through and implement it to avoid a violation down the line. Password protection and multifactor authentication (MFA) can also help to protect electronic protected health information (ePHI). Platforms like DocuSign and PandaDoc offer a variety of templates, storage options, and legal resources to help providers with patients’ e-signatures.