By Eric Bergner and Linda Abdel-Malek

Seeking to create uniform standards that will govern transactions in e-commerce, Congress has passed a new piece of legislation regarding electronic signatures. The Electronic Signatures in Global and National Commerce Act - also known as E-Sign - recognizes electronic signatures as having the same legal weight as handwritten signatures for most commercial transactions, and provides for certain technology-neutral approaches to the adoption of standards relating to electronic signatures. The Act has been passed by both the House of Representatives and Senate, and was presented to President Clinton for signature on June 20. The President has indicated that he will sign it.

E-Sign Overview

Set to go into effect on October 1, 2000, the Act provides that a signature or contract may not be found to be invalid or unenforceable solely because it is in electronic form. The Act, however, specifically does not require anyone (other than the government) to agree to use an electronic contract or to accept an electronic signature. Rather, if you want to transact electronically, the Act says you can, even if there is a statute on the books that says you need a writing in non-electronic form.

E-Sign clearly wants to usher in electronic signatures gradually. It tries to effectuate a balance between the desire of industry to embrace e-business in its purest form and the technophobic consumer who is dubious of not having his or her agreement memorialized by a signed writing. Accordingly, E-Sign provides that where there is a law or regulation requiring that an agreement or other information relating to a transaction be in writing, an electronic signature or contract will not be valid unless the consumer has been provided with notice of his or her rights under that law and has affirmatively consented to doing business without a written agreement.

In addition, E-Sign treats certain types of transactions as sacrosanct. Wills, codicils, testamentary trusts, and documents created in connection with adoption, divorce and other matters of family law are unaffected by the legislation, as are certain types of court orders, notices of cancellation of health and life insurance benefits and of utility service, and notices of foreclosure and eviction. The Act leaves the door open, though, providing for a review in three years to see whether these protections are still warranted. If in the next three years we as a society have embraced e-methods of doing business, then perhaps the statute will be amended to provide for e-wills, e-life insurance, and e-viction.

Interaction with HIPAA Rules

E-Sign's application in the healthcare context is similarly conciliatory, as it complements rather than conflicts with the electronic signature standard of the proposed HIPAA Security Rule. The HIPAA Security Rule, like E-Sign, does not require the use of an e-signature (although an electronic signature may be required by a given transaction standard adopted by the Secretary of Health and Human Services); and while the definition of the term "electronic signature" appears to be different in E-Sign and the HIPAA Security Rule, the two definitions are not inconsistent. E-Sign's definition of "electronic signature" is very broad, encompassing a range of technologies through which an electronic signature could be utilized, such as a sound, symbol or process that incorporates a digital, wireless, or magnetic format, for example. The HIPAA Security Rule's electronic signature definition is somewhat of a subset of the E-Sign definition, providing that when an electronic signature is used, it must be digital.

Basically, the E-Sign legislation and the HIPAA Security Rule address two different, but related, concerns. The HIPAA Security Rule focuses on protecting the accuracy and security of a message transmitted by electronic means. For example, if a covered entity uses electronic signatures in its transactions, then the HIPAA Security Rule requires that the entity must assure (i) message integrity, i.e. unaltered transmission and receipt of the message; (ii) nonrepudiation, which would prevent the signer of a message from subsequently denying that he or she sent the message, and (iii) user authentication, which involves providing an assurance of the claimed identity of an entity. E-Sign, on the other hand, does not impose specific requirements, but instead, strives to introduce uniformity into a wide range of e-commerce transactions while allowing consumers control over the use of e-signatures and e-records. Though the approaches of E-Sign and the HIPAA Security Rule differ, their intention is the same - namely, to create an environment in which e-signatures may be more frequently used.

The proposed HIPAA Privacy Rule will also be affected by the consent requirements of E-Sign, to the extent that the Rule requires that a consumer be given certain information in written form. For example, under HIPAA, consumers are entitled to written notice of a covered entity's information sharing practices, and to a written explanation when an entity denies a consumer's request to amend or correct his or her healthcare information. E-Sign would allow this written information to be transmitted to the consumer in electronic form, but only upon the consumer's consent.

If E-Sign is any indication, each new law and regulation governing e-commerce will need to be evaluated to determine whether and to what extent it will affect the e-health industry. Only time will tell if future e-commerce and e-health laws will be as compatible with each other as E-Sign and the HIPAA Rules appear to be.

Eric Bergner (ebergner@mosessinger.com) is a partner in the New Media Practice Group at the law firm of Moses & Singer LLP in New York City, and Linda Abdel-Malek (labdelmalek@mosessinger.com) is an associate attorney in the Healthcare Practice Group at the firm.

From the July 5, 2000 issue of iHealthcare Weekly, a Rising Tide Studios Publication. Reprinted with the permission of the Publisher. All Rights Reserved. Copyright 2000. Please visit http://ihealthcareweekly.com/issues/ihcw07052000.html