Question regarding an electronic signature and HIPAA authentications

Q.  A pediatric practice called last week questioning a HIPAA authorization that contained an electronic signature.  The practice was slightly suspicious of the signature and seeking guidance relative to its validity.  Is the medical practice required to honor the electronic signature and comply with the record request?


A. In New York, electronic signatures have the same legal validity as handwritten signatures. Since 2000, electronic signatures have been legally binding in New York under the Electronic Signatures and Records Act (ESRA); however, it is important to understand that no government organization nor citizen is required to use electronic signatures.  Practices are not necessarily required to accept E-Signatures relative to HIPAA authorizations, and they can deny these requests and require an actual “wet” signature.  If a provider adopts a policy refusing E-Signatures, upon receipt of an electronically signed authorization, the provider should immediately notify that requesting party and advise of the office/practice policy.  Failure to immediately notify the requesting party of the electronic signature refusal may result in violations of both HIPAA and the NYS Public Health Law.

If a medical provider finds themselves questioning the validity of any authorization, they should always call the requesting party and confirm the request and then document such in the patient’s record.

IMPORTANT – E-Signatures (ESRA) do not apply to any document providing for the disposition of an individual’s person or property upon death or incompetence or appointing a fiduciary of an individual’s person or property.  This includes wills, trusts, and “do not resuscitate” orders as well as powers of attorney and health care proxies.

*The above scenario should not be confused with the electronic transfer of medical records contemplated under the Cures Act.