Solutions for (and confusion around) electronic signatures.
July 24, 2011 10:58 AM   Subscribe

Is Docusign the only game in town? Who is good/cheap/sane on this? I am building a (healthcare) site where users must upload 'signed' forms (no PHI). My fantasy solution: The receiver can see that the form is *signed*, but won't see *exactly who* signed it. Memail me if necessary. Note: not talking about digital signatures, but *legally* electronically signed. Educate me on how 'legally signed', 'authenticated', and 'digitally signed' intersect.
posted by gregglind to Computers & Internet (5 answers total) 5 users marked this as a favorite
I had a long post typed out as I worked on a similar application.

What constitutes a signature? As explained to me by a real life lawyer, it is not the actual pen on paper signature, but something that signifies that a particular individual signed the document. The electronic signature law describes it much better than I:
Electronic signature - means an electronic sound, symbol, or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record.
This is very broad, and for us, what this meant in implementation is that we only needed to store the IP address, username and boolean "IsSigned" value in a database. That's it, despite the protestations of some people within the organization, without any legal background, who demanded we have some complicated physical signature capturing mechanism. Again, this is where lawyers are really helpful. They explained that if we had to go to court we had logs that this person had signed in on that account from that IP address multiple times before, but even if they used a different IP each time, they had to sign in with their username and password. They could claim that was "hacked" but that's the same as saying someone forged your signature.

If your document needs a notary to be valid, that's a whole other ball of mess I know nothing about, but I doubt DocuSign helps you there either.

The real value in DocuSign is that they can get your signature from multiple sources, and have a document sharing mechanism. If the various parties are sending revised contracts back and forth, this becomes slightly more complicated to track in an application. If you can offload it all to DocuSign (or EchoSign) go ahead.

I'm going to guess with 99% certainty this was a project handed to you by someone without any experience in what constitutes a valid contract. Demand you consult with a lawyer, because this isn't something a lay person should be worrying about, you'll almost certainly get it wrong.
posted by geoff. at 11:16 AM on July 24, 2011

My employer makes accounting software that is subject to audit by the Department of Defense. When a user submits their timesheet, they check off a box that states this timesheet is an accurate record of my work hours, blah blah blah, and then types their password as the "signature."

That passes muster with the government auditors that are auditing the records of our clients. They accept that as substitute for an old school printed timesheet that somebody signed in ink.
posted by COD at 11:17 AM on July 24, 2011 [1 favorite]

In the news.
posted by Brian B. at 11:40 AM on July 24, 2011

What good is a signature if you don't know who the signer is? The point of a signature is that the person doing the signing is taking responsibility for whatever it is they're signing.

An "anonymous signature" is nearly a contradiction in terms.
posted by Chocolate Pickle at 2:00 PM on July 24, 2011

Re: anonymous signer, the point is that *someone knows* and that its' part of a pre-approved list. A proxy knows who the signer is, and substitutes their authority. It's not all a contradiction.
posted by gregglind at 3:43 PM on July 24, 2011

« Older History of the 'Fly Me' era   |   Jungle, drum 'n' bass and reggae Newer »
This thread is closed to new comments.