Can I use DocuSign and be HIPAA compliant?

Featured image

Share this article

Can I Use Docusign and be HIPAA Compliant? - Paubox

We often get asked by customers and prospects about DocuSign and their ability to use it in a HIPAA compliant manner.

We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud-based services in this sector.

In previous posts, we’ve covered the following cloud solutions and their capabilities for HIPAA compliance:

Today, we will determine if DocuSign offers HIPAA compliant service or not.

SEE ALSO: HIPAA Breaches and Cloud Providers

About DocuSign

DocuSign is a San Francisco-based company that provides electronic signature technology and digital transaction management services for facilitating electronic exchanges of contracts and signed documents.

DocuSign and the Business Associate Agreement

We’ve previously talked about how a Business Associate Agreement (BAA) is a written contract between a Covered Entity and a Business Associate. It is required by law for HIPAA compliance.

We checked DocuSign’s site and found a PDF doc called DocuSign for HIPAA Compliance.

In it, DocuSign states:

Although DocuSign does not have access to any PHI, it may hold PHI in encrypted form on its servers, and as such is a Business Associate (BA) and has entered into agreements with numerous HIPAA covered entities.

It also includes this section:

Has DocuSign signed HIPAA Business Associate Agreements (BAAs) with customers to date?

  • Yes, DocuSign has signed BAAs with healthcare and life sciences customers.
  • To the extent DocuSign receives or possesses access to Protected Health Information, DocuSign complies in full with the privacy and security requirements of HIPAA applicable to DocuSign as a Business Associate of our customer.
  • DocuSign has BAAs in place with customers who have Enterprise accounts and want to be HIPAA compliant. A signed BAA should be in place between DocuSign and the customer prior to transmitting any Protected Health Information (PHI) through DocuSign.

 

Does DocuSign Offer HIPAA Compliant Service?

The Business Associate Agreement is a key component to HIPAA compliance between a Covered Entity and a Business Associate.

Since DocuSign offers a BAA, we conclude that DocuSign is a HIPAA compliant service.

It’s important to note however, you must sign a BAA with DocuSign to be HIPAA compliant.

Conclusion

DocuSign meets HIPAA Compliance standards. Make sure you sign a BAA with DocuSign.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Hoala Greevy

Founder of Paubox. Kayak fishing when I can. Native Hawaiian CEO.

Read more by Hoala Greevy

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022