Is DocuSign HIPAA Compliant?

docusign HIPAA

Can healthcare organizations use DocuSign in association with electronic protected health information (ePHI) without breaking HIPAA Rules? Does DocuSign support HIPAA compliance?

DocuSign is a provider of electronic signature technology and transaction management services. Companies use DocuSign to obtain signatures on documents such as contracts to confirm they have been read, understood, and terms and conditions have been accepted.

eSignature services are useful in the healthcare industry as they can reduce the time taken on administrative tasks. Healthcare providers can use eSignature services on documents such as service level agreements, business associate agreements, patient consent forms, and credentialing forms. Many business associates sign their BAAs using electronic signatures.

However, before any eSignature service can be used on documents containing protected health information, it is necessary for to enter into a business associate agreement with the service provider, as they are classed as business associates under HIPAA.

Can DocuSign Be Considered HIPAA Compliant?

For DocuSign to be HIPAA compliant, the company must be willing to enter into a BAA with a HIPAA-covered entity. It is stated on the DocuSign website that the company is prepared to sign a BAA and already has done so with healthcare providers and life science clients.

DocuSign additionally confirms that the company never accesses ePHI and all documents that go through its service are secured. DocuSign says it satisfies its responsibilities with respect to ePHI and that it fully complies with HIPAA privacy and security requirements and meets HHS requirements for digital signatures.


Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

Before using the service with any ePHI, a signed BAA must be obtained and as long as covered entities obtain a signed BAA, DocuSign is a HIPAA compliant eSignature service. In order to qualify for a BAA, users must sign up for an Enterprise account with DocuSign.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: