I am a "covered entity" (healthcare provider) under HIPAA.
Adobe Acrobat Sign Solutions for enterprise and business is included on the HIPAA Ready page. So, my questions concerns the following:
- I create a PDF Form (File » Create » Create Form).
- I check the This document requires signatures box.
- The form requests Protected Health Information (PHI), e.g., past or current psychiatric diagnosis, and Personally Identifiable Information (PII), e.g., date of birth.
- I enter the patient's email address and send for signature.
- Patient completes the form and e-signs (via Adobe Acrobat Sign).
- The completed, signed form is stored in the Adobe document cloud.
My quesiton: Is all of the above covered by my BAA with Adobe, i.e., on Adobe's end are the appropriate safeguards in place to make everything HIPAA-compliant?
Thank you.
P.S. So that you know I did my homework, I found a related post wherein an Adobe employee referred the customer to the Adobe Acrobat Sign FAQ page, which contains this question and answer:
Q: What regulations does Acrobat Sign comply with?
A: For information on Acrobat Sign compliance, please see the Adobe Compliance Certifications, Standards, and Regulations list in the Adobe Trust Center.
That page, like the HIPAA Ready page, indicates that Adobe Document Cloud - Acrobat Sign Solutions for enterprise and business is "HIPAA ready", with a footnote stating, in essential part: "An Adobe service that is ... HIPAA ready means that the service can be used in a way that enables the customer to help meet its legal obligations related to the use of service providers."
Mark D Worthen PsyD
AdChoices