SignCenter Regulatory Compliance

 

Electronic Signatures in Global and National Commerce Act (ESIGN - 2000 - federal law)
Uniform Electronic Transaction Act (adopted by 47 states)

Overview:

There are two principle references to be considered when determining the validity of any electronic signature solution.  These are: the Federal “Electronic Signatures in Global and National Commerce Act”, better known as the ESIGN act and the Uniform Electronic Transaction Act  (UETA) of the Uniform Law Commission. The ESIGN act applies to all transaction that fall within the definition of interstate commerce. The UETA has been adopted by 47 of the 50 states and the District of Columbia (New York, Illinois and Washington have adopted different but very similar statutes).  All of the statutes seek to give guidance on how an electronic signature solution can comply with the law to make signatures acceptable in transactions, but none dictate the use of specific technology.

Requirements:

These are the guiding principles that a solution must adhere to in order to meet the statutory tests:

Intent

Requirement: Showing intent on behalf of the signatories to sign.  As a subset of this principle, the solution must be able to provide authentication of the signature.  In other words demonstrate that it is the signature of the individual it professes to be.

How SignCenter addresses this requirement:

  • Each time a signer adds their signature to a document in SignCenter, they are informed that “By drawing or entering your name you indicate your intent to electronically sign this document.” In order to finalize the document, the person finalizing must click to show confirmation “that you, and all signing parties that have signed the document, are indicating intent to electronically sign and finalize this document.”
  • For documents signed in-person, authentication occurs outside of SignCenter, as it would with any in-person transaction. In this case the verified user controlling the signing event authenticates with their username and password and by completing the document, confirms that they and all signers intended to sign.
  • For documents sent through email, a unique cryptographically secure link is sent to the users email box. By accessing the link the user demonstrates that they have access to the email address inbox to which the document was sent.

 

Consent to do business electronically

Requirement: Showing of consent to do business electronically.  

How SignCenter addresses this requirement:

  • In order to finalize a document in SignCenter, the person finalizing must click to show confirmation “that you, and all signing parties that have signed the document, are indicating intent to electronically sign and finalize this document.”

 

Permanent Record

Requirement: The signature must be associated with the record.  The solution must create a permanent non-alterable association between the signature, whatever form it takes, and the record (contract, consent, etc.) that it is meant to approve.

How SignCenter addresses this requirement:

  • SignCenter stores the final document in a secure hosted database. Once a document is signed and stored it provides no method to change the document.

 

Retention

Requirement: Retention of the record in a format that is capable of accurate reproduction for all parties entitled to retain the contract or record.

How SignCenter addresses this requirement:

  • The record is stored in industry standard PDF and can be provided to all parties.

 

HIPAA

Requirement: According to the U.S. Department of Health and Human Services, “[...] The Privacy Rule generally allows for electronic documents, including business associate contracts, to qualify as written documents for purposes of meeting the Rule’s requirements. However, currently, no standards exist under HIPAA for electronic signatures. In the absence of specific standards, covered entities must ensure any electronic signature used will result in a legally binding contract under applicable State or other law.”

More generally, all Healthcare related transactions are subject to the requirements of HIPAA and a signature solution should be examined from that perspective.

How SignCenter addresses this requirement:

  • The ways that SignCenter addresses Federal requirements for electronic signature are listed above. To ensure that all HIPAA protected data is protected, Medforce has extensive security and privacy controls in place. For a full description of these please refer to the Medforce Cloud Architecture and Security document. Medforce will sign a business associate agreement with all clients that have patient data. Most electronic signature companies charge additional fees to sign a BAA and get HIPAA compliance, SignCenter is built specifically for healthcare and provides HIPAA compliance for all accounts.

 

Click to Learn more about SignCenter

Complete the form below and a Solution Consultant will contact you to discuss your electronic signature capture needs

Top