Does DocuSign enable HIPAA compliance?

DocuSign appears to fall into the category of a business associate when healthcare providers use its services for protected health information (PHI). DocuSign offers AES 256-bit encryption for data in transit and at rest. This encrypted information is stored on DocuSign’s servers, and the company states that it doesn’t have access to the information.

DocuSign seems to meet Health and Human Services (HHS) standards for digital signatures.

This service enables HIPAA features through its digital tracking system. Each e-signature has an audit trail that’s fully traceable. DocuSign data centers are SOC 2 audited and ISO 27001 certified.

When signing a document, the service captures names, email addresses, time stamps, signing location, public IP addresses, and document completion status.

While DocuSign offers essential encryption, auditing, and security standards, it’s the responsibility of each customer to ensure that they share and access PHI in a manner that follows HIPAA regulations.