Practice Management Alert

Reader Questions:

Employ Protections for Patient Signatures

Question: In our recent risk evaluation, we discovered that the electronic signatures we and our patients use could potentially be accessed by an external party. Fortunately, this was just an audit simulation and no actual breaches occurred. However, we are seeking advice on how to better safeguard this information in the future. Can you help?

Massachusetts Subscriber

Answer: There are a few things that your organization can do to ensure that your patient’s e-signatures are more secure.

Even though it’s not a requirement under the HIPAA Security Rule, you may want to use software and form generators that employ encryption to protect your documents and e-signatures. Additionally, if a risk assessment determines that encryption is a reasonable and appropriate safeguard for your organization, you should probably follow through and implement it to avoid a violation down the line.

Password protection and multifactor authentication (MFA) can also help to protect electronic protected health information (ePHI). Platforms like DocuSign and PandaDoc offer a variety of templates, storage options, and legal resources to help providers with patients’ e-signatures.