Paubox blog: HIPAA compliant email made easy

Does Paubox Forms use a digital signature?

Written by Kirsten Peremore | April 26, 2024

Paubox Forms makes use of electronic signatures, not digital signatures.

 

What is a digital signature? 

According to the CISA, a digital signature is, “...a type of electronic signature—is a mathematical algorithm routinely used to validate the authenticity and integrity of a message (e.g., an email, a credit card transaction, or a digital document).”

A digital signature provides that the contents have not been altered in transit and confirms the sender's identity. By using a private key that only the sender knows, a digital signature is created and attached to the document. When the recipient receives the document, they can use the sender's public key to verify the signature. 

This process confirms that the document is indeed from the sender and has remained unchanged. The primary purpose of a digital signature is to provide a secure and verifiable method of signing digital information, similar to a handwritten signature on paper. 

 

How does it work

  • The sender generates a hash (a fixed-size bit string) of the message or document.
  • The sender encrypts the hash with their private key, creating the digital signature.
  • The signed document, along with the digital signature, is sent to the recipient.
  • Upon receiving, the recipient decrypts the signature using the sender’s public key to reveal the hash.
  • The recipient generates a new hash of the received document to compare with the decrypted hash.
  • If the hashes match, it confirms the integrity and authenticity of the document.

See also: What is a digital signature?

 

What's the difference between a digital signature and an electronic signature?

An electronic signature differs from a digital signature in its purpose and the level of security it provides. An electronic signature captures a person's intent to agree to the contents of a document in any electronic format, such as typing a name, using a touchpad to sign, or clicking an agreement button. It is designed for convenience and speed, accommodating everyday transactions that require a simple proof of acceptance. 

On the other hand, a digital signature is specifically designed to secure documents through cryptographic means. It uses a complex system involving a pair of cryptographic keys to both sign and verify the authenticity and integrity of the signed document. This system shows that the document has not been tampered with and firmly establishes the identity of the signer

 

Does Paubox Forms use a digital signature?

No, Paubox Forms offers a signature feature that uses electronic signatures, not digital signatures. This conclusion is substantiated by the nature of the signature options provided: users can either type their signature or draw it using a cursor or touchscreen. These methods align with the broader definition of electronic signatures, which include any electronic means that a person uses to attach their signature or consent to a digital document. 

Unlike digital signatures, which involve cryptographic methods for verification and security, the signatures collected by Paubox Forms do not incorporate cryptographic security measures. It does however offer electronic signatures in combination with their HIPAA compliant email solution, contributing to secure transmission and storage of signatures.

See also: Collect patient data securely with Paubox Forms

 

FAQs

Can I customize the signature request on Paubox Forms?

Yes, you can customize how you request a signature on Paubox Forms, choosing between options for a typed signature or a drawn signature.

 

Are signatures collected through Paubox Forms legally binding?

Yes, electronic signatures collected via Paubox Forms are legally binding as they capture the signer’s intent to agree to the document’s contents, similar to traditional pen-and-paper signatures.

 

How does Paubox Forms ensure the security of signatures?

While Paubox Forms uses electronic signatures, which are primarily for user verification and consent, the platform ensures security through HIPAA-compliant practices such as data encryption and access controls.