Question: We recently performed a risk assessment in our practice and found that the e-signatures that we use and that we have our patients use were accessible by someone outside of our organization. There were not breaches because this was an audit simulation, but what can we do to protect this information going forward? Ohio Subscriber Answer: There are a few things that your organization can do to ensure that your patients’ e-signatures are more secure.
Even though it’s not a requirement under the HIPAA Security Rule, you may want to use software and form generators that employ encryption to protect your documents and e-signatures. Additionally, if a risk assessment determines that encryption is a “reasonable and appropriate safeguard” for your organization, you should probably follow through and implement it to avoid a violation down the line. Password protection and multifactor authentication (MFA) can also help to protect electronic protected health information (ePHI). Platforms like DocuSign and PandaDoc offer a variety of templates, storage options, and legal resources to help providers with patients’ e-signatures.