At eversign we are aware that different industries come with different regulations, and in some areas there is more compliance pressure than in others. From the very start the eversign team has been committed to offering an e-Signature platform that is compliant or contributes to compliance to regulations like EU GDPR or HIPAA.

EU GDPR Compliance

What is GDPR?

In 2016 the European Union adopted the General Data Protection Regulation (GDPR), a regulation replacing the previous privacy directive (Directive 95/46/EC), in an attempt to improve and strengthen data protection law in the European Union and enhande the rights and freedoms of an individual with regards to their personal data and how it may be used by third parties.

eversign and GDPR Compliance

We have taken GDPR very seriously ever since its announcement and have taken various measures in order for the eversign platform and all its processes and workflows to become compliant with the requirements outlined throughout the GDPR regulation. Our aim at eversign is for our clients and prospective customers to be able to use eversign confidently knowing that both the eversign platform and the team behind it abide by GDPR principles.

Find below the key GDPR requirements and which measures have been taken by eversign:

  • Data Processing Agreement: The eversign Data Processing Agreement has been made available separately and adjusted to meet GDPR requirements in order for eversign to be able to continue to lawfully receive and process personal data of EU citizens as part of providing the eversign service.

  • Third-party vendor contracts: eversign has taken the European Union's GDPR as an occasion to review and (if required) adjust existing contracts with third parties that provide functionalities essential to the eversign e-Signature service.

  • Right to be forgotten: Customers may permanently delete their account at any given time. If an account is deleted permanently, all data associated with it will be removed from eversign and cannot be recovered.

  • Right to object: Customers may opt out of inclusion of their data in any data science projects conducted by eversign.

  • Right to rectification: Customers may access their eversign account at any time in order to complete or rectify any errors contained therein. Customers may also contact eversign Support in order to access their eversign account data.

  • Right of access: The eversign Privacy Policy outlines in detail which data is collected and used for which purposes. Customers may read the Privacy Policy at any time or contact eversign Support for clarification.

  • Right of portability: The customer may request their account data to be exported at any time by contacting eversign Support.

HIPAA Compliance

What is HIPAA Compliance?

The Health Insurance Portability and Accountability Act (HIPAA) is a US federal law established in 1996 that mandates industry-wide standards for health care organizations to implement and maintain technical, administrative and physical safeguards to protect the security, integrity, and confidentiality of information and data on patients.

eversign and HIPAA Compliance

Using the eversign electronic signature and document management platform significantly enhances the reliablity, authenticity and availability of signatures and signed documents. The eversign solution ensures electronically signed documents compliant with the U.S. Electronic Signature in Global and National Commerce Act of 2000 (ESIGN), the Uniform Electronic Transactions Act (UETA), and the European Union eIDAS (EU No.910/2014). Furthermore, e-Signatures by eversign come with tamper evidence and a complete and traceable audit trail document, making documents signed via eversign legally binding.

Although HIPAA does not mandate the way documents containing Protected Health Information (PHI) are signed, eversign supports a HIPAA compliant workflow of health care organizations and service providers by providing the tools they need to work in a HIPAA-compliant fashion. However, it must be noted that HIPAA compliance is subject to the individual practices of health care organizations and the use of eversign does not constitute compliance on its own.