Upholding client privacy and security has always been important for independent insurance agencies, and recent security breaches in other sectors have brought these issues to the forefront. This is especially true with e-signatures. Although e-signing provides great benefits to both client and agency, it is important to know and comply with the rules and regulations guarding this practice.
Currently, the legislation guarding e-signature security include:
- HIPAA (Health Insurance Portability and Accountability Act)
- ESIGN (Electronic Signatures in Global and National Commerce Act)
- UETA (Uniform Electronic Transactions Act)
Although many states have adopted the above legislation, each varies. Some states may not have enacted all the above, and others may have additional legislation. It’s important to check out your individual state(s)’ legislation regarding electronic transactions.
Check Your Compliance
With numerous items of legislation covering e-signature security, it may seem daunting to cover everything. However, the Electronic Signature and Records Association outlines some of the important areas to cover to protect your agency and your clients.
1. User Authentication
Make sure client identity is verified through a pre-created username and password, each with complex multi-character alphanumeric codes. You may choose to ask for other verification information such as date of birth or social security number prior to signing.
2. Document Validity
It is important to ensure documents do not change after signing. This protects both your agency and your clients. Ensure all signed documents are locked and include timestamps that verify signature date and time.
3. Evidence of Process
There have been cases in which contracts were deemed invalid due to a lack of user authentication and document validity proof. To prevent against this, it is helpful to use a system that captures each step of the e-sign process. This includes items such as send date/time, page views, and timestamp of signature. This high level of detail will ensure your contacts hold up in court.
4. Proof of Compliance
Compliance items are outlined in the above legislation, and generally apply to alerting the client of terms and conditions such as:
- Right to sign paper copies
- Notice of hardware/software requirements for e-signatures
- Agreement to e-sign
In order to stay fully compliant, the client’s signature must be present on the same page listing the terms and conditions of e-signing, and both should be connected to the signed document. Keeping the terms and conditions, the document, and the client’s signature all in one place means easier verification of compliance and validity for your agency, your client and any third-part reviewers.
5. Transmission Security
As the document moves back and forth, it is important to maintain security. The best form of security is your agency management system due to its password protection and data-encrypted security. However, documents in transit may be on your mobile device or laptop for a short time, so it is best to create an encrypted folder or hard drive to store documents in the meantime. CNET keeps a current list of encryption software (complete with user ratings) that will allow you to create an encrypted folder or hard drive for temporary storage.
The best way to stay in compliance with e-signature standards and maintain high security is to choose an outside provider to focus on this important area of your independent insurance agency’s business. We at SIS. Also, as you strive for security, be careful of overkill. Some agencies make the mistake of adding in so many complex security barriers that potential clients may be turned away.
At SIS, we take security very seriously. We partner with RPost for e-signatures because it’s simple, secure, and effective, just like our Partner XE agency management system. Partner XE blends security with usability so you can feel confident and streamline your workflow at the same time. To find out more about Partner XE’s security and usability features, contact us at 800.747.9273 or firstname.lastname@example.org.