Compliance & Security Documentation

CertaintySign is built with security and compliance at its core. Learn about our certifications, security practices, and how we help organizations meet regulatory requirements.

SOC 2 Type II

Compliant

HIPAA

Compliant

FedRAMP

Compliant

ESIGN Act

Compliant

eIDAS

Compliant

GDPR

Compliant

HIPAA Compliance

CertaintySign provides HIPAA-compliant e-signature solutions for healthcare organizations handling Protected Health Information (PHI).

Business Associate Agreement (BAA)

Under HIPAA, covered entities must enter into a Business Associate Agreement with any vendor that handles PHI. CertaintySign provides a signed BAA with all Healthcare plans, ensuring your organization maintains HIPAA compliance.

Standard BAA included with Healthcare Professional plan

Custom BAA available for Healthcare Enterprise customers

Annual BAA review and updates as regulations change

PHI Safeguards

We implement comprehensive administrative, physical, and technical safeguards to protect PHI in accordance with the HIPAA Security Rule.

AES-256 encryption at rest and TLS 1.3 in transit

Role-based access controls with audit logging

Automatic session timeouts and MFA enforcement

US-only data residency for PHI storage

HIPAA Requirement	CertaintySign Implementation
Access Controls (§164.312(a)(1))	Role-based access, unique user IDs, automatic logoff
Audit Controls (§164.312(b))	Comprehensive audit logging with 7-10 year retention
Integrity Controls (§164.312(c)(1))	SHA-256 document hashing, tamper-evident seals
Transmission Security (§164.312(e)(1))	TLS 1.3 encryption for all data in transit
Encryption (§164.312(a)(2)(iv))	AES-256 encryption for all data at rest
Person Authentication (§164.312(d))	Email verification, MFA, SSO integration

Need More Information?

Our compliance team is available to answer questions about certifications, security practices, and how CertaintySign can meet your regulatory requirements.