6 Questions to Ask Before Adopting E-Signatures for Healthcare
The federal government’s meaningful use regulations are far from the only urgent call for paperless processes in the healthcare industry. In fact, for every $1 a hospital spends on printing, it takes another $9 to maintain what was printed, according to Becker’s Hospital Review. From an operational and economic perspective, streamlining paper-based workflows into electronic workflows not only makes sense—it’s becoming imperative to organizational success. E-signatures are the last leg of the electronic journey, and for that reason, they’re among the most important components of healthcare digitization—which is why it is essential that healthcare organizations probe deeply into e-signature technology before implementing it. Even subtle differences in architecture or design could affect an e- signature’s effectiveness, compliance or longevity.
In choosing e-signature technology, ask the following:
1.) Does the service support HIPAA compliance? Only healthcare entities can be HIPAA compliant. But the technologies that they deploy can either support HIPAA compliance or undermine it.
When it comes to e-signatures, HIPAA leaves it up to providers to determine what will and will not support overall compliance. According to the HIPAA Privacy Rule, “…currently, no standards exist under HIPAA for electronic signatures. Thus, in the absence of specific standards, covered entities should ensure any electronic signature used will result in a legally binding contract under applicable State or other law.”
Apart from basic legal consideration, it’s clear that HIPAA values PHI protection, which requires organizations to deploy the highest levels of digital security. E-signatures can support HIPAA compliance by maintaining message integrity, ensuring non-repudiation, deploying robust user authentication and data encryption.
2.) Will you submit documents to the FDA? If your organization plans to submit any electronically signed document to the U.S. Food and Drug Administration, e-signatures must meet FDA 21 CFR Part 11 regulations, which ensure that e-signatures have at least the same controls as their paper-based counterparts. 21 CFR Part 11 specifically calls for a type of electronic signature called a digital signature (or Independent E-Signature™), and further mandates a detailed audit trail, protection against document tampering, verification for each individual signature and multi-factor identity authentication. These regulations are also required if you use e-signatures to issue a prescription for a controlled substance.
3.) What technology standards are important to your organization? There are many different types of standards that exist for digital signatures and document security in the public domain, including ISO 32000-1 (a standard for PDF), as well as RSA (a standard for encryption) and SHA (a secure hash standard). Determine what standards are important to your organization and make sure that your e-signature technology utilizes those standards to the fullest, minimizing exposure to proprietary, and thus less future-proof, methods.
4.) What information do you want, and how do you want to get it? You will certainly want confirmation that a document is signed—but how do you want that information? Some services leave you with a document with images pasted in, but no other evidence or protection, while other services host e-signature validity information on their servers, not in the signed document, meaning you depend on a hyperlink to access proof of the signature’s authenticity. Yet other e-signature companies, specifically those that deploy digital signatures, permanently embed the legal evidence of a signature into the signed document, so you’re always able to view it with any PDF reader—independent of the e-signature vendor.
Further, consider the back-end information you want on file for your e-signature transactions. Many services will provide an audit trail of some sort, but how much information do you wish to record? Complete audit trails include information about every step of an e-signature transaction, including information about the transaction creation, identity authentication information, application of digital certificates, document viewing and more, but not all e-signature services will provide that level of detail.
5.) Can the e-signature be integrated into other types of technology? Do you wish to use an off-the-shelf e-signature software program or have the software integrated into the software platforms you use? If the latter, discuss what integration options and capabilities exist and how robust and seamless those integrations are.
6.) Will staff and patients find it user-friendly? All of the above considerations are meaningless if the technology is too clunky for user adoption. The best way to ensure e-signatures will work practically for your organization is to launch a pilot program that tests the use of e-signatures on one or two specific document types. After you’re able to gauge effectiveness, you can scale the program to meet a wider need.
John Harris is the Chief Technology Officer at SIGNiX, an Independent E-Signature™ solutions provider that makes signing documents online safe, secure and legal for any business. SIGNiX offers an independently verifiable cloud-based digital signature solution, which combines workflow convenience with superior security. Learn more about what makes SIGNiX different at www.signix.com.