eSignatures is available free of charge to current UW staff and faculty for UW business purposes. eSignatures offers the ability to:
- Send: Easily upload and send documents for electronic signature to people inside or outside the University
- Receive: Signers receive and sign documents quickly, securely, and flexibly using phone, tablet, or computer
- Manage: Check document status and send reminders
University of Washington departments interested in using the eSignatures service for business purposes have to follow the eSignatures onboarding process, which includes training for your team’s Delegated Admin.
Please note that eSignatures service is no longer offered to hospitals and clinics.
As a result of the 2020 license update, eSignatures service is limited to higher education, specifically for education, research, and administrative activities. Medical center/health care provider originated use cases for patient-related care are not permitted. Please note existing users in health institutions are eligible to continue utilizing the service. If you have questions around this change please reach out to us at firstname.lastname@example.org
Each document type that will be sent through the eSignatures service to collect signatures and data must be carefully considered in terms of risk of sensitive information exposure. Before submitting the interest form please make sure to review the following principles and guidelines.
When deciding what personal data to process via eSignatures, units and departments should follow UW Privacy Office’s Values and Principles.
For assistance in assessing privacy impacts, please refer to the UW Privacy Office Privacy Assessments webpage.
- HIPAA-protected data and credit card data may not be processed via eSignatures.
- Consent for the processing of Human Subjects data must follow Office of Research and Human Subjects guidance.
- Title 21 CFR Part 11 is not supported.
Access to UW information systems or the processing of UW data comes with responsibilities. Please read the Access and Use Agreement for UW Data and Information Systems (‘Agreement’), written to describe your privacy and information security responsibilities while using eSignatures.
Financial Transactions or Activities Guidelines
Documents that reflect or result in financial transactions or activities must not include any organizational or personal financial data, such as bank or credit/charge card account numbers, or other information protected by financial privacy rules and regulations. These documents are subject to a formal risk assessment by the UW Finance Office.
Electronic Consent Signatures – HSD/IRB Guidelines
The UW Office of Research, Human Subjects Division requires UW IRB approval in advance for using eSignatures to gather consent signature and/or HIPAA authorization signatures. Their guidelines are available online; submit your approval letter along with your request to use eSignatures for consent forms and/or HIPAA authorizations.
- Select simple forms: Work with your department to identify a few simple forms you would like to start out with. Simple forms are those that are sent out to specific recipients for signatures and, if needed, the entry of some information. While more advanced forms are possible, they require more expertise in DocuSign (the eSignatures tool) and aren’t recommended as a starting point.
If processing data using a centralized UW form, make sure you use the most current version of the form.
- Idenfity a Delegated Admin: Decide who in your organizational unit should be the primary contact for and owner of your account. They will be in charge of member management and be a technical resource for learning about DocuSign and requesting additional support.
- Begin the onboarding process: Reach out to UW-IT with the eSignatures Interest Form. Our onboarding process will guide you through the steps necessary to ensure that eSignatures is a good fit for your team’s needs and confirm that your intended usage meets University policy and guidelines for use of eSignatures. This is normally a 2-3 week process.
Note: eSignatures are governed by State and University policies; it is not possible to send documents for electronic signature without going through the onboarding process.
- Send interest form: Your technical contact should use the eSignatures Interest Form to indicate departmental interest.
- Initial review: Receive initial review and access to the DocuSign sandbox.
- Test in sandbox account: Your team is expected to use the sandbox account to get a feel for how the eSignatures sending and signing process works and understand what your team will need to do to get your forms ready for eSignatures. The sandbox must not be used for official University business.
- Submit additional info: In some cases your team will need to provide more information on your intended eSignatures use to complete the risk assessment process.
- Complete Delegated Admin(istrator) training: Your team’s Delegated Admin will attend an online training session to understand the responsibilities of this role in eSignatures service. Trainings are usually held every other Friday from 9:30-10:30 a.m. We’ll provide specific dates once you’ve completed through step 4 in this process.
- Receive DocuSign access: Departments’ Delegated Admin will receive access to the production DocuSign account and begin managing documents and users.
How eSignatures Works
Here are some short videos of simple ways to use eSignatures:
- Sending Documents (includes a video tutorial)
- Managing Your Documents (includes a video tutorial)
- Creating Templates (video tutorial)
- Send Envelopes Using Templates (includes a video tutorial)
- Signing Experience for Recipients: (includes a video tutorial)
Electronic signatures provided by DocuSign are legally accepted by regulatory and governmental bodies.
At this time DocuSign is offered at no cost to the organizations.
No, the eSignatures service may not be used for documents that contain HIPAA-protected information. However, the eSignatures service may be used for documents that request HIPAA authorization for research purposes and must adhere to the Human Subjects Division’s guidance on this topic.
In order to ensure legal compliance and reduce potential losses resulting from improper electronic signatures, governmental agencies must develop a process for evaluating their use of electronic signatures before implementation. The University of Washington has developed a “risk assessment” process similar to that used by federal and state central services agencies in order to assess the risks associated with using electronic signatures. As part of this process, before approving the use of an electronic signature in a particular case, the University will consider:
- the likelihood of a successful challenge to the validity of the electronic signature, and
- the monetary loss, or other adverse impact, that could result from such a successful challenge to the enforceability of the electronic signature.
In order to allow the University to adequately assess such risk, departments must submit a preliminary risk assessment form, and, if required, a risk assessment form, which will be evaluated centrally.
The University will evaluate the risks associated with the proposed use, based on the information provided, and determine whether a particular use of an electronic signature solution is appropriate. Approval of a particular use of an electronic signature solution shall not constitute approval of other uses of an electronic signature solution or approval of the use of a different electronic signature solution.