Skip to main content
U.S. flag

An official website of the United States government

Return to Search

FAQ 247 Would business associate contracts in electronic form, with an electronic signature, satisfy the HIPAA Privacy Rule's business associate contract requirements?

This is a HIPAA FAQ for covered entities.

Final

Issued by: Office for Civil Rights (OCR)

Would business associate contracts in electronic form, with an electronic signature, satisfy the HIPAA Privacy Rule's business associate contract requirements?

Answer:

Yes, assuming that the electronic contract satisfies the applicable requirements of State contract law. The Privacy Rule generally allows for electronic documents, including business associate contracts, to qualify as written documents for purposes of meeting the Rule’s requirements.

However, currently, no standards exist under HIPAA for electronic signatures. In the absence of specific standards, covered entities must ensure any electronic signature used will result in a legally binding contract under applicable State or other law.

 

Created 12/19/02

HHS is committed to making its websites and documents accessible to the widest possible audience, including individuals with disabilities. We are in the process of retroactively making some documents accessible. If you need assistance accessing an accessible version of this document, please reach out to the guidance@hhs.gov.

DISCLAIMER: The contents of this database lack the force and effect of law, except as authorized by law (including Medicare Advantage Rate Announcements and Advance Notices) or as specifically incorporated into a contract. The Department may not cite, use, or rely on any guidance that is not posted on the guidance repository, except to establish historical facts.