You might have heard from colleagues that DocuSign is a good option for getting your practice forms signed. But is it actually HIPAA compliant and a good option for a small to medium-sized practice?
Let’s find out…
DocuSign can be HIPAA-compliant and legally binding. However…
You won’t find any specific requirements regarding e-signatures in HIPAA. They actually existed in an early draft of the law. But they were taken out in favor of allowing healthcare professionals to comply with federal and state laws.
The HIPAA-compliance of an e-signature service isn’t so much about the e-signatures themselves. It’s about what the e-signature service does to protect the health information that might be in the signed documents.
HIPAA requires the protection of that information at all times, regardless of who’s handling it.
The HIPAA-compliance of an e-signature service depends on its agreement to keep your clients’ information safe.
This agreement is called a business associate agreement (BAA).
What’s a BAA?
A BAA is a signed document between you and a service provider who could encounter your clients’ protected health information (PHI). In signing the BAA, the service provider takes on the responsibility to keep your clients’ information safe and explains how it will do so. It also outlines the steps they will take in the case of a data breach.
HIPAA requires that you get a BAA from every business that could have access to your clients’ information.
Read more about BAAs in our blog post Do you need a Business Associate Agreement?
DocuSign will give you a BAA, but only with their enterprise account, which they call their “Enhanced Plan.”
Does that sound expensive?
But don’t worry. There’s a better, much more affordable way to get your signatures. We’ll explain after we explore the possibilities of DocuSign.
Also, keep in mind that, while not strictly a HIPAA requirement, HIPAA expects e-signatures to comply with federal or state laws. Complying with laws such as ESIGN or UETA ensures that the signatures will be recognized by a court of law.
As stated on the Department of Health and Human Services website…
“...no standards exist under HIPAA for electronic signatures. In the absence of specific standards, covered entities must ensure any electronic signature used will result in a legally binding contract under applicable State or other law.”
These laws require certain things, such as being able to verify the signer’s identity.
Here’s a summary of the requirements for an e-signature to be considered legally binding:
All DocuSign signatures meet these requirements, regardless of the plan you choose.
However, legally binding isn’t good enough if you’re a healthcare practice.
You also need that BAA and, unfortunately, with DocuSign that comes with a significant price tag.
DocuSign enterprise pricing is a mystery
If you want to know how big of a price tag, you’ll have to get on a call with a DocuSign specialist.
That’s a significant downside to signing up with DocuSign. They’re extremely tightlipped about the pricing of their specialized plans.
You can’t find a price or even a price range on the DocuSign website. And they won’t give you the prices if you ask in a chat or email.
Keep in mind, it doesn’t have to be that way. There are other services, such as Hushmail for Healthcare, that include their pricing on their website.
Sometimes it’s nice to have this information upfront before you get on a call with a salesperson.
DocuSign requires a conversation with a specialist if you want to get the price for their Enhanced Plan. The only plan with a BAA.
However, looking at the pricing for the other plans can help you make an educated guess. The Business Pro plan does not come with a BAA, yet it costs $65/month.
Most likely, the Enhanced Plan will cost more.
How much more?
We found a few places online reporting an annual price tag in the thousands. For example, this 2022 article by RevPilots states that “an enterprise plan can cost around $2,000-$3,000 per year.”
And here’s a conversation on Reddit stating the same numbers.
The benefits of DocuSign
If you’re still thinking about going with DocuSign for your e-signatures, in spite of the cost, here are the positives to consider.
The biggest advantage is that you can apply a DocuSign e-signature field to any form you have, regardless of the format.
It might not look pretty, but you can drag the fields onto the form quickly, and it will give you the end result you need. A legally signed, HIPAA-compliant practice form.
As long as you have the Enhanced Plan with a BAA.
If you have paper forms, you can scan them, add signature fields, and send them to your clients through DocuSign. Of course, you’ll need a scanner for this.
You can also sync DocuSign up with your electronic health record (EHR) if you use one, as long as it’s certified.
The downside to DocuSign
Now, on to the downsides.
As we already discussed, pricing is expensive. Just the Business Pro plan is $65/month per user, which is $780 a year for your e-signatures.
If you pay annually, it’s a little better at $45/month per user, or $540 a year.
However, those plans don’t come with a BAA, so you can expect to pay a lot more to be HIPAA compliant. Some say in the thousands.
Not for healthcare
The other downside is that DocuSign was created for a wide range of customers in a variety of professions. The company isn’t thinking about the very particular needs of small to medium-sized healthcare practices.
This means you won’t find any of the little things that could make your life easier. For example, they only offer a few healthcare templates for your practice forms. And they're awkward to edit, requiring you to download files to make your changes. Then you have to upload them back to Docusign to use the form. It would be much easier if you could make the edits in one place.
You also don't have the ability to incorporate body charts into your forms so clients can pinpoint areas of discomfort.
Poor formatting options
When you add fields to your forms, you’ll find that DocuSign’s formatting isn’t intuitive. It takes a little work to get all of the fields to look uniform. And don’t forget, you’re working with forms you already have. They weren’t designed to accommodate fields from an outside service. If you’re not careful, you could end up with some pretty strange-looking forms.
When you’ve never shopped for an e-signature service before, it might be difficult to judge the pricing. Is $2000 or $3000 a year a good price if you get a BAA?
And what can you really expect your forms to look like when you use a service that specializes in e-signatures?
These are good questions to ask. DocuSign has been around for a long time and is one of the first services to come up when you search. It might be tempting to assume that they’re the best because they’re popular.
And that might be the case if you didn’t need to be HIPAA compliant.
But don’t forget, you need a BAA.
With that in mind, let’s look at how DocuSign compares with another HIPAA-compliant e-signature service – Hushmail for Healthcare. We’ve put together two short clips. One shows how DocuSign allows you to add fields to forms you already have. The other clip shows how Hushmail allows you to create forms from scratch.
Adding fields with DocuSign:
Creating forms with Hushmail for Healthcare:
Then we compare the resulting forms:
What’s the Hushmail for Healthcare price tag? We’ll tell you exactly what it costs - no need for a sales call.
An annual plan starts at $219/year for unlimited signatures. You can find all the details about pricing on our website. And you get a lot more than just signatures. We’ll go into all the details in the next section.
||Hushmail for healthcare
|Number of transactions
||Call for information
||Limitless e-signatures included in a subscription
||Varies but the reported range is from $2,000 to $3,000 per year. Call for more information
||Starts at $219/year1 for limitless e-signatures.
1 For an annual plan.
There’s a better option: try Hushmail for Healthcare with e-signatures
One of the first things you’ll notice about Hushmail for Healthcare is that “healthcare” is right there in the name. That means we’re always thinking about what you need for your practice.
That also means we make sure the healthcare features you require, like a BAA, are included and affordable.
E-signatures, forms, and email under one BAA
As a healthcare practitioner, you want to provide care to your clients. You don’t want to spend your time making different HIPAA-compliant services work together.
Hushmail for Healthcare combines three important services under one BAA. Email, web forms, and e-signatures work seamlessly together, resulting in a more professional look and experience.
Purpose-built for healthcare
Hushmail for Healthcare was developed specifically for small to medium-sized healthcare practices. This includes mental health, chiropractic, optometry, dentistry, and physical therapy, amongst others.
We’ve included features that will make things easier for you. Such as…
You won’t find these benefits with any other e-signature company.
Personalized customer service
You can always call us with questions related to Hushmail and healthcare. Concerned about the Good Faith Estimates you need your clients to sign? Wondering about the best way to use body charts on your chiropractic forms? Our specialists are trained to know what you’re talking about.
Conclusion: So is DocuSign HIPAA compliant?
You can make DocuSign HIPAA compliant if you want to pay the price for an Enhanced Plan and a BAA.
However, even if you decide to pay thousands a year for the Enhanced Plan, the form builder only allows you to drop fields into forms that already exist. It doesn’t provide you with extra features that would be useful in healthcare.
A much easier and more affordable solution is Hushmail for Healthcare that provides multiple services under one BAA. Our process to sign up for HIPAA-compliant email, web forms, and e-signatures is so easy you can get started today.