Blog

E-signatures: Take Them Or Leave Them?

Find this useful? Please Share it!Facebooktwittergoogle_pluslinkedinmailFacebooktwittergoogle_pluslinkedinmail

E-signatures and Release Of Information Policy | MRA

Know Your Facility’s Release of Information Policy

In today’s technology-driven healthcare environment, e-signatures are common, yet they also raise many questions in the world of release of information (ROI). How can ROI specialists verify a patient’s identity when patients sign electronically through a portal, for example? What about when patients sign on an electronic pad/device? Signatures oftentimes look nothing like what appears on an identification card. Another question arises when a third party (e.g., an attorney, insurance company, or other type of requestor) attempts to use an authorization that a patient signs electronically. How do you know whether this authorization is even valid or whether it was the patient’s intent to release his or her information for this specific purpose? What’s the best way to handle these and other scenarios?

Electronic Signatures And HIPAA

According to HIPAA, a covered entity must obtain an individual’s written authorization for any use or disclosure of protected health information (PHI) that is not for treatment, payment, or health care operations. HIPAA does not require a “pen and ink” type of signature as an authorization. However, covered entities must identify a process for verifying the identity of the individual signing the authorization.

Unfortunately, establishing such a process for e-signatures is easier said than done. When patients present in-person for a copy of their records, it’s relatively easy to verify their signature and identity using their license. However, e-signatures make this verification nearly impossible in some instances.

Release Of Information Specialists Need To Be Mindful

The bottom line is that ROI specialists must do their part to protect PHI at all times. This includes establishing practical and effective ways to verify e-signatures. For example, if a provider receives an e-signature, do ROI specialists verify that signature by looking at older requests in the system? If the system doesn’t include any older requests, does the specialist call the patient directly? How is this information tracked and logged? Some facilities simply don’t accept e-signatures at all.

As patient portals become more widely adopted, the demand for requests via e-signature will increase exponentially. Providers must have a strategy in place to address these challenges. It’s only going to get more complicated.

Does your facility accept e-signatures? If so, how do you process and validate these signatures? What works well, and what doesn’t work well? What are your biggest concerns at this point?

Contact MRA For Our Professional Services In Release Of Information

2 Responses to “E-signatures: Take Them Or Leave Them?”

  • Tammi Good says:

    This presents new challenges in verifying signatures — obviously the point of the article. I don’t have answers to the questions posed but I would be interested in hearing what others are doing.

    Is there a way to be alerted when a new response is posted?

  • Coretta says:

    I am a ROI specialist, when I come across an E signature , my first steps I take is ,check the patient chart for any thing he has signed, if I can locate anything that way, I check his Picture ID signature or anything in his financial records that they might have signed .

Leave a Reply