Business Associate Agreement included on every paid plan. 256-bit AES encryption, comprehensive audit logs, and role-based access controls that satisfy HIPAA Security Rule requirements for PHI.
Free plan available · No credit card required · ESIGN Act compliant
Built-in features that save time and close deals faster.
HIPAA requires that any vendor handling Protected Health Information (PHI) sign a Business Associate Agreement (BAA). Zignature provides a standard BAA on all paid plans — covering all PHI processed through the platform. You don't need to negotiate a custom BAA or wait for legal review before getting compliant.
Every HIPAA-regulated document in Zignature is encrypted at rest with AES-256 and in transit with TLS 1.3. Comprehensive audit logs record every document access, view, download, and modification — with user identity and timestamp — satisfying the HIPAA Security Rule's audit control requirements (45 CFR §164.312(b)).
HIPAA's minimum necessary standard requires limiting PHI access to what's needed for a specific purpose. Zignature's role-based access controls let administrators grant document access at the team, department, or individual level — ensuring staff see only the PHI they need for their job function.
From simple agreements to complex multi-party workflows.
HIPAA-compliant collection of informed consent for treatment, procedures, and research — with required disclosures enforced.
PHI release authorization (45 CFR §164.508) with required elements enforced and automatic expiry for time-limited authorizations.
Execute BAAs with your own healthcare vendors and business associates — with template BAAs and multi-party signing.
Annual workforce HIPAA training acknowledgments — bulk send to all staff with completion tracking for audit readiness.
State-specific telehealth consent forms with jurisdiction disclosures — signed before each remote patient encounter.
Research data access authorizations, third-party disclosure consents, and de-identification agreements for data sharing.
No training required. Send your first document today.
Pick from pre-built compliant templates or upload your own document — our system applies the right compliance rules automatically.
Enable HIPAA BAA, GDPR DPA, identity verification, or QES as required for your regulatory environment.
Recipients get a secure link and are guided through the signing process with all required disclosures and consent flows.
Every transaction is sealed with a tamper-proof certificate of completion — ready for audits, regulators, and legal proceedings.
Here's exactly how Zignature satisfies each specific regulatory requirement — with citations.
| Requirement | Regulation Citation | How Zignature Satisfies It | Met |
|---|---|---|---|
| Business Associate Agreement |
§164.308(b)
|
Standard BAA included on all paid plans | |
| Access Controls (Unique User IDs) |
§164.312(a)(2)(i)
|
Each user has unique, non-shareable credentials | |
| Audit Controls |
§164.312(b)
|
Complete audit log of all document access and actions | |
| Integrity Controls |
§164.312(c)(1)
|
SHA-256 document hashing detects any tampering | |
| Transmission Security (Encryption) |
§164.312(e)(2)(ii)
|
TLS 1.3 encryption for all ePHI in transit | |
| Encryption at Rest |
§164.312(a)(2)(iv)
|
AES-256 encryption for all stored PHI |
BAA included. AES-256 encryption. Trusted by healthcare organizations nationwide.
Everything you need to know.
Yes. Zignature is HIPAA compliant and provides a signed Business Associate Agreement (BAA) on all paid plans. The platform implements HIPAA Security Rule administrative, physical, and technical safeguards — including 256-bit AES encryption, comprehensive audit logs, and role-based access controls for PHI.
Yes. All paid Zignature plans include access to a standard BAA that covers PHI processed through the platform. The BAA is available in your account settings after upgrading to a paid plan. Enterprise customers can request a custom-negotiated BAA to address specific organizational requirements.
When used for healthcare documents, Zignature may process signer names, email addresses, IP addresses, signing timestamps, and any PHI included in the document content. All of this is covered by the BAA. The platform is designed to minimize PHI exposure — only data necessary for the signing workflow is processed.
Yes. Zignature implements the required and addressable technical safeguards under 45 CFR §164.312, including: access controls (role-based, unique user ID), audit controls (comprehensive logging of all PHI access), integrity controls (document hashing to detect tampering), and transmission security (TLS 1.3 for all data in transit).
Yes. Zignature supports 21 CFR Part 11 compliant electronic signatures for FDA-regulated clinical research, including unique user authentication, closed and open system controls, and complete audit trails. This makes Zignature suitable for informed consent in FDA-regulated clinical trials.
Zignature stores documents indefinitely by default. Healthcare organizations typically configure a 6-year minimum retention policy (per HIPAA Security Rule 45 CFR §164.530(j)). Enterprise plans support automated retention schedules with configurable deletion policies for PHI minimization requirements.
Yes. All Zignature data is stored in AWS data centers located in the United States. For organizations with HIPAA data residency requirements, US-only data storage is the default configuration. Enterprise plans can specify geographic data residency constraints.
Upon account cancellation, organizations can export all signed documents and audit trails. PHI in Zignature's systems is subject to secure deletion per the BAA terms and NIST SP 800-88 guidelines after the contractually specified retention period.