E-Signature Information

In order to accept notice of patient privacy, release of (billing) information, and assignment of benefits (/patients/{patientid}/privacyinformationverified) or release of medication authorization (/patients/{patientid}/medicationhistoryconsentverified), partners should be familiar with the legal requirements of e-signatures from their own counsel; see below for references as well. In general, we recommend the following.

  1. A checkbox to confirm acknowledgement and consent to sign electronically;
  2. A finger-signed or typed box for the patient to enter their name;
  3. Retention of the audit trail for signature – date, time and name of the patient, as well as the text entered or image of signature; and
  4. To the extent necessary, the partner may need to ensure that their terms and conditions cover the requisite obligations for e-signature.

We offer two options to store information related to e-signatures in athenaNet. If information is not stored in athenaNet, any e-signature information must be stored by the partner for audit purposes.

One option is to use /patients/{patientid}/documents to store a document (subclass: ADMIN_CONSENT) in athenaNet. This option does require the client to have athenaClinicals. Typically, this would be used with a finger-signing on a tablet, or collected via a signature pad. A PDF file with the signature (as typed), along with the content of the agreement, timestamp, patient name, and any other e-signature information (e.g. if it was signed by someone other than the patient, it would include the relationship to the patient and why the patient was unable to sign). In addition to submitting the document, the partner must still call /patients/{patientid}/privacyinformationverified or /patients/{patientid}/medicationhistoryconsentverified; calling these endpoints does the actual update of athenaNet to mark these forms as accepted.

The option using /patients/{patientid}/documents is the only option available for any consent forms outside of /patients/{patientid}/privacyinformationverified (which is used for prand /patients/{patientid}/medicationhistoryconsentverified. For any other documents of this nature, the entire e-signature information should be included in the PDF attachment.

The other option is to pass along additional information about the e-signature as part of the /patients/{patientid}/privacyinformationverified or /patients/{patientid}/medicationhistoryconsentverified calls. In this case, the partner is still required, for audit purposes, to track what version of a form is used at a given time (because the actual content presented to the patient is not recorded in athenaNet). These calls accept the name of the signer (typically the "signature" itself), and the timestamp for the signature.

When the patient is not signing for her/himself, we also accept the signer's relationship to the patient (see below) and the (free text) reason the patient couldn't sign. If presenting an e-signature, and the signer is signing on behalf of someone else, the relationship of the patient to the signer should be passed over in "signerrelationshiptopatientid". As an example, if the signer is a parent and the patient is the child, and the parent is asked "What is the patient's relationship to you?", ID 18 would be used.


Was this information helpful? Yes | No Thank you for your feedback! What went wrong? Incomplete or incorrect information | Irrelevant Content | Others