Use of Electronic Signatures by Community Mental Health Facilities

Recently, questions have been raised by community mental health facilities as to whether an electronic signature is given the same legal effect as a traditional, written signature.

In 1996, President Clinton signed into law the Health Insurance Portability & Accountability Act (HIPAA). Two years later, the Department of Health and Human Services issued a draft of a proposed HIPAA security regulations. In part, the regulations addressed security obligations of “covered entities” for safeguarding protected health information and set forth requirements regarding the use of electronic signatures on medical records. The draft regulation stated if electronic signatures were utilized, cryptographically-based, digital signatures would be required for HIPAA compliance. At the time, such technology was not readily available or affordable. The draft regulations had the effect of discouraging the use of electronic signatures on medical documents.

However in 2000, Congress enacted the Electronic Signatures in Global and National Commerce (ESIGN) Act. The purpose of the ESIGN Act was to promote the use of electronic signatures in commercial transactions involving both businesses and consumers. The Act stated that electronic documents and signatures were to be given the same legal effect and validity as written documents and signatures. Unlike the 1998 draft HIPAA security regulations, the ESIGN Act defines an acceptable electronic signature as any “electronic sound, symbol, or process attached to or logically associated with a [contract or other] record and executed or adopted by a person with the intent to sign the record.” Importantly, the ESIGN Act does not mandate the use of cryptographically-based technology.

Shortly after the ESIGN Act was enacted, Michigan enacted the Uniform Electronic Transactions (UETA) Act. The UETA essentially adopts the ESIGN Act’s definition of an electronic signature. It also states that a record or signature shall not be denied legal effect or enforceability solely because it is in electronic form. It also establishes guidelines on how an electronic record or signature shall be deemed attributable to the signator. Like the ESIGN Act, UETA applies to all transactions not specifically excluded by the Act.

Neither the ESIGN Act nor Michigan’s UETA requires the use of cryptographically-based, digital signatures. In light of the 1998 draft HIPPA security regulations, many questioned whether the ESIGN Act and UETA were applicable to the use of electronic signatures on medical documents. On February 20, 2003, the Department of Health and Human Services issued its Final HIPPA Security Standards. In doing so, the Department did not include its requirement of cryptographically-based, digital signatures. Instead, the Department stated, Aall comments concerning the proposed, electronic-signature standard, responses to these comments, and a final rule for electronic signatures will be published at a later date.@ To date, the Department has not issued any specific standard regarding the use of electronic signatures.

Michigan’s Mental Health Code does not specifically address the use of electronic signatures. To date, there does not appear to be any indication that the Mental Health Code would prohibit the use of electronic signatures as set forth by Michigan’s UETA. Indeed, on January 10, 2007, Governor Granholm signed legislation authorizing the use of electronic signatures by pharmacists for the transmission of electronic prescriptions. Importantly, that legislation adopted the same definition of electronic signature as found in Michigan’s UETA.

Thus, current Michigan law appears to support the use of electronic signatures by community mental health facilities. However, both the ESIGN Act and Michigan’s UETA are voluntary and consent must be obtained to conduct business electronically. Thus, the recipient must consent to the use of electronic signatures. Although specific guidelines have not been implemented to date, sufficient “security procedures” must exist to establish an electronic signature is attributable to the recipient of your care.