25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Is DocuSign HIPAA Compliant?

Posted By on Dec 13, 2023

DocuSign is HIPAA compliant provided organizations subscribe to a plan that supports HIPAA compliance and provided the capabilities of the electronic signature software are configured to comply with the HIPAA Security Rule. Healthcare organizations and providers will also need to configure access controls to comply with CMS’ Medicare Electronic Signature Requirements.

What is DocuSign?

DocuSign is a San Francisco-based provider of electronic signature technology and transaction management services. Via DocuSign, organizations can accelerate patient intake, medical consents, and HIPAA authorizations. Organizations can also send documents to patients, contracts to suppliers, and agreements to business associates for remote signing.

However, if the service is used in connection with any electronic protected health information, DocuSign would be classed as a business associate. HIPAA requires all business associates to enter into a HIPAA-compliant business associate agreement with covered entities prior to being provided with or given access to ePHI.

Is DocuSign HIPAA Compliant?

Rather than being HIPAA compliant, DocuSign supports HIPAA compliance if an organization subscribes to a “customized” plan that includes the capabilities to comply with the Security Rule and a Business Associate Agreement (the Business Associate Agreement is not an option in any off-the-shelf DocuSign business plans).

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

To configure the capabilities to make DocuSign HIPAA compliant, organizations can take advantage of the DocuSign University which includes “how to” webinars, best practice guides, and sample templates. The site also has a vibrant community forum with technical experts and experienced customers willing to help answer users’ questions.

The final stage of making DocuSign HIPAA compliant is to train members of the workforce on how to use DocuSign and any third party integrations used with the software in compliance with HIPAA. This not only means training users on how to use the software themselves, but also teaching them on how to train patients, suppliers, and business associates from whom digital signatures are requested.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist