Electronic Signatures

The Electronic Signature Standards in Global and National Commerce Act (Public Law 106-229 - June 30, 2000) also known as E-SIGN or ESIGN, established the standards for electronic signatures that could be used for transactions. An e-signature that meets the criteria for ESIGN is considered valid for the purposes of documenting consent and for HIPAA authorization.

Obtaining an Electronic Signature

To satisfy the regulatory requirements for written consent and written HIPAA authorization the following criteria must be incorporated into the electronic form:

  • a valid electronic signature must be obtained (see definition below);
  • the subject must be able to print (or save) a copy of the consent form (with or without signature); and
  • the subject must be able to print (or save) a copy of the signed authorization.

The consent/HIPAA authorization (when applicable) must therefore, include instructions to print or save a copy of the page presented on the electronic device. Alternatively, the form could be emailed to the subject.

Definition of a Valid Electronic Signature Standards

Sec. 106 Definitions:
(5) ELECTRONIC SIGNATURE. - The term "electronic signature" means an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.

A valid electronic signature for consent and HIPAA authorization could be the subject's typed name or it could even be as simple as a check mark or an X or any other symbol in a box on a form. Any method is valid provided that the mark or symbol is "logically associated" with the individual making that mark. To associated the individual to the mark, the subject could type their name or even an assigned unique ID number.

OHRP FAQ: Can an electronic signature be used to document consent or parental permission?

Yes, under certain circumstances. First, the investigator and the IRB need to be aware of relevant laws pertaining to electronic signatures in the jurisdiction where the research is going to be conducted.

Unless the IRB waives the requirement for the investigator to obtain a signed consent or permission form based on the HHS regulations at 45 CFR 46.117(c), a written consent or permission form, which may be an electronic version, must be given to and signed by the subjects or the subjects' legally authorized representatives or the parents of subjects who are children. Some form of the consent document must be made available to the subjects or the parents of subjects who are children in a format they can retain. OHRP would allow electronic signature of the document if such signatures are legally valid within the jurisdiction where the research is to be conducted.

OHRP does not mandate a specific method of electronic signature. Rather, OHRP permits IRBs to adopt such technologies for use as long as the IRB has considered applicable issues such as how the electronic signature is being created, if the signature can be shown to be legitimate, and if the consent or permission document can be produced in hard copy for review by the potential subject. One method of allowable electronic signatures in some jurisdictions is the use of a secure system for electronic or digital signature that provides an encrypted identifiable “signature.” If properly obtained, an electronic signature can be considered an “original” for the purposes of recordkeeping.