SignatureAPI can be used in a way that supports HIPAA compliance for organizations that need to handle protected health information (PHI).

What is HIPAA?

HIPAA (the Health Insurance Portability and Accountability Act of 1996) is a U.S. law that establishes standards for protecting sensitive health data. It applies to covered entities (like healthcare providers and insurers) and their business associates—third parties that handle PHI on their behalf.

Compliance with HIPAA involves a set of administrative, technical, and physical safeguards intended to ensure the confidentiality, integrity, and availability of PHI.

Business Associate Agreements (BAAs)

We’re able to sign Business Associate Agreements on request, where appropriate. We use the Bonterms Standard Business Associate Agreement v1 as our standard template.

BAAs are not extended to all customers by default. If you require a BAA, please contact us to initiate the process.

Using SignatureAPI in a HIPAA-Compliant Way

While SignatureAPI includes features that support secure handling of data, using it in a HIPAA-compliant way depends on how it’s implemented and configured.

There are specific requirements and guidelines to follow in order to meet HIPAA obligations when integrating with our API. If you’re planning to use SignatureAPI with PHI, reach out to our team for technical guidance.