 |
|
 |
 |
 |
|
 |
HIPAAdvisory > HIPAAction > HIPAAdvisor |  |
 |
 |
 |
|||||||||||||||||||||||
|
HIPAAdvisor: Q & A with Steve FoxElectronic SignaturesQUESTION #2: Our state doesn't permit electronic signatures for medical records. Will HIPAA require us to use such signatures anyway? ANSWER: First, HIPAA doesn't REQUIRE use of electronic signatures for any of the proposed standard transactions. However, if an electronic signature is used, it must be a cryptographically based digital signature which, at a minimum, complies with these specific features:
Though not required, the electronic signature system may also include:
Like the security standards, the electronic signature standard is technology neutral - it doesn't require specific technology. However, the only standard which currently meets the nonrepudiation test is a digital signature which uses a combination of encryption technology and the Public Key/Private Key methodology. Read past HIPAA Legal Q/A articles. Steve Fox, Esq., is a partner in the Washington, D.C. office of Pepper Hamilton LLP. Pepper Hamilton LLP is a multi-practice law firm with more than 400 lawyers in ten offices. A specialist in healthcare, Steve is a frequent writer and speaker on healthcare information management and technology issues. www.pepperlaw.com/ This article was co-authored by Rachel H. Wilson, Esq., an associate at Pepper Hamilton. Disclaimer: Steve's responses offer information that is general in nature and should not be relied upon as legal advice. Only your attorney is qualified to evaluate your specific situation and provide you with customized advice. Have a question you'd like Steve to discuss in HIPAAlert? Send it to and he'll be glad to consider using it in a future column, with or without attribution.
|
 |
 |
