Skip to main content
Menu

Resources

Electronic Signatures

August 04, 2021 2075

Valid signatures are essential to several patient transactions such as health history completion and review, informed consent and financial agreements. Risk increases for a practice if a patient signature cannot be authenticated. It is critical a dental practice owner understand what makes an e-signature valid in order to select the most appropriate technology for the practice. This article discusses what makes an e-signature valid and types of e-signatures.

The U.S. Electronic Signatures in Global and National Commerce (ESIGN) Act and the Uniform Electronic Transactions Act (UETA) together establish the requirements for e-signature to be recognized as valid under U.S. law:

1. Authority to sign

Each signer must have authority to sign. The electronic signature process should create and preserve evidence of the identity of each signer.

2. Intention to sign

An example of demonstrating this intention is to offer opt-in/opt-out boxes during the process.

3. Consent to do business electronically

Each party must consent. Consent does not have to be all-or-nothing. A consumer can choose to conduct business electronically for one transaction but not for another.

The circumstances in which a dental practice needs a patient signature are considered “consumer transactions” and, as such, the practice must ensure the patient or patient’s legal representative:

  • Receives a UETA/ESIGN-compliant consumer consent disclosure which reasonably demonstrates the consumer’s ability to receive electronic records in the formats that will be used for delivering the required information.
  • Affirmatively agrees to use electronic records for the transaction.
  • Has not withdrawn consent to use electronic records.

4. The electronic signature must be associated with the process by which the signature was generated.

One example of this is a signature generated after clicking through on a software program’s dialog box combined with some other identification process. Other examples include a digitized picture of a handwritten signature or a complex encrypted authentication system. The signature should be logically associated with the record being signed. Signature should be verifiable (verification through an audit trail is one way of doing it).

Electronic signature records are retained and are reproducible for reference by all parties or person entitled to retain the record.

Individual states and certain industries may set requirements over and above the ESIGN and UETA. UETA is codified in California Civil Code sections 1633.1-1633.17. Dentists contracted with one or more dental plans should verify respective plan requirements for e-signature, if any.

Digital Signature

A digital signature is one type of e-signature. It should not be confused with a “digitized signature,” which is an image of just a signature on paper; the image cannot be authenticated. California law defines a digital signature as “an electronic identifier, created by computer, intended by the party using it to have the same force and effect as the use of a manual signature.”[i] Software that generates a digital signature can add a level of security and authentication through use of PINs, passwords or digital certificates.

E-signature Use In Patient Records and E-Prescribing

The California Dental Practice Act requires every licensed health professional who performs a service on a patient in a dental office to identify themselves in the patient record by signing their name or an identification number and initials next to the service performed and to date the entries in the record.[ii]  In order to comply with this legal requirement when using an electronic health record software and to ensure the record’s validity, a dental practice owner should:

  • Ensure each individual authorized to perform a service on a patient has their own unique access credentials to the EHR and instruct them not to share the credentials with others.
  • Have policies and procedures for accessing and signing the patient record.
  • Regularly review the EHR audit trail to ensure compliance. An electronic signature can be validated by an audit trail that shows the date and time each electronic record is signed, the system identifier for the electronic record being signed, and the identity of the person signing the electronic record. Regular review of the EHR audit trail is a HIPAA Security Rule safeguard.

Mandatory use of e-prescribing in California starts in 2022. E-prescribing software is widely available, but dentists who need to prescribe controlled substances should be aware that e-prescribing for controlled substances requires additional security mandated by U.S. Drug Enforcement Agency regulations. In addition to going through a third-party identity-proofing process, prescribers are required to use a two-factor authentication process to “sign” an e-prescription for controlled substances. The factors must be two of the following:

  • Something known (a password, for example)
  • Something possessed (a hard token, such as a fob or cell phone, to receive a short-term code)
  • A biometric, such as a fingerprint

Only a prescriber is allowed to sign a prescription so prescribers may not give any of the factors to another individual.

Sources: