Electronic Signature (E-Signature): An electronic sound, symbol, or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign that record.

Electronic Record: Any contract, form, clinical note, order, prescription, communication, or other document created, stored, or transmitted in digital form.

DMEPOS: Stands for Durable Medical Equipment, Prosthetics, Orthotics, and Supplies – medical equipment and related items often requiring a physician order and documentation for insurance purposes.

User: Any individual authorized to access MedFlow IO, including but not limited to healthcare providers, clinical support staff, administrative personnel, and other agents who interact with medical documents on the platform.

Authentication: The process of verifying a user's identity before allowing access to the system or signing capability.

Audit Trail: An electronic log or record that tracks user actions in the system in chronological order.

MedFlow IO's electronic signature features are designed to enable compliance with applicable U.S. laws and regulations, including the federal Electronic Signatures in Global and National Commerce Act (ESIGN Act), the Uniform Electronic Transactions Act (UETA), the Health Insurance Portability and Accountability Act (HIPAA), and Medicare/CMS requirements for medical documentation. However, the responsibility for ensuring that the use of these features complies with all applicable laws rests solely with the organization using the platform.

Legal Equivalence: Under the ESIGN Act, electronic signatures and records may be given the same legal effect as their paper counterparts. MedFlow IO provides tools for electronic signatures, but each organization is solely responsible for ensuring these tools are used in a manner consistent with legal requirements.

Consent to Electronic Signatures: By using MedFlow IO and its electronic signature functionality, organizations and users consent to conducting transactions and keeping records in electronic form. Organizations are responsible for obtaining any additional consents required by law.

HIPAA and Security Requirements: While MedFlow IO implements technical safeguards for electronic records and signatures, organizations remain fully responsible for their HIPAA compliance and for ensuring proper use of the platform in accordance with their obligations as covered entities.

Medicare/CMS Regulations: Medicare recognizes properly implemented electronic signatures as valid authentication for medical documentation. Organizations are solely responsible for ensuring their use of electronic signatures meets all Medicare/CMS requirements, including those related to proper authentication, signature formats, and record-keeping.

Other Laws: To the extent that state laws or other federal regulations impose additional requirements on electronic signatures, it is solely the responsibility of the organization to identify such requirements and ensure compliance.

Organizations are wholly and solely responsible for managing user roles, permissions, and signature authority within MedFlow IO. The platform provides tools for role-based access control, but the organization must configure and use these tools appropriately. Specifically:

Organizations must ensure that only authorized individuals are granted signing privileges for various document types.

Organizations must verify that users only sign documents they are legally authorized to sign based on their credentials, licensure, scope of practice, and applicable laws.

Organizations must implement appropriate internal policies to govern which types of users may create or sign prescriptions, orders, or other medical documents.

Organizations must immediately revoke access for any user who leaves the organization or whose authorization to sign documents changes.

Organizations must not allow administrative or non-clinical staff to sign clinical content on behalf of providers.

Organizations assume all liability for improper or unauthorized signatures created through their user accounts, regardless of whether such signatures were applied with or without the organization's knowledge or consent.

Every user of MedFlow IO who applies electronic signatures has certain fundamental responsibilities, as determined by their organization:

Authentic Credentials: Users must use only their own unique MedFlow IO user account to sign documents. Sharing credentials is strictly prohibited.

Security of Access: Users should take reasonable steps to secure their access to MedFlow IO, including using strong passwords and safeguarding them.

Intent and Review: Before applying an electronic signature to any record, users must review the content of that document and ensure it is accurate, complete, and ready to be signed.

No Repudiation: By signing electronically, users agree not to repudiate or contest the validity of their signature later solely on the basis that it was electronic.

Accuracy of Signature Information: Users must ensure that their profile information (name, credentials, etc.) is up-to-date and correctly reflects their identity and role.

MedFlow IO implements certain features to facilitate electronic signatures:

User Authentication: The platform requires each user to authenticate with a unique username and password.

Integrity and Tamper-Proofing: MedFlow IO employs measures to protect records from undetected alteration.

Audit Trail Creation: For every action within the system, MedFlow IO creates a detailed audit log entry tracking all create, read, update, and delete operations in the database.

Role-Based Access Controls: The platform's design includes the ability to configure which users can view or sign certain types of documents.

Data Encryption and Privacy: All electronic records on MedFlow IO are protected by encryption both in transit and at rest.

Organizations explicitly acknowledge and agree that:

1. They bear sole and exclusive responsibility for ensuring that electronic signatures created through their MedFlow IO accounts are valid, compliant with all applicable laws and regulations, and created only by authorized individuals.

2. They bear sole and exclusive responsibility for verifying that users who create and sign prescriptions within the platform are properly licensed, credentialed, and authorized to do so under applicable law.

3. They will defend, indemnify, and hold harmless MedFlow IO and its affiliates from any claims, damages, or liabilities arising from the organization's use of electronic signatures, including but not limited to claims related to unauthorized signatures, invalid signatures, or non-compliance with applicable laws or regulations.

4. MedFlow IO does not verify the credentials, licenses, or legal authority of any user to sign any document, and organizations acknowledge that such verification is solely their responsibility.

5. MedFlow IO makes no representations or warranties regarding the legal validity or enforceability of any electronic signature created through the platform, and organizations use the electronic signature features at their own risk.

MedFlow IO maintains audit trails and supports data retention for electronically signed records:

Comprehensive Audit Logs: Actions related to electronic signatures are logged.

Retention of Electronic Records: MedFlow IO will retain electronic medical records and associated electronic signatures for the period specified in our Terms of Service.

Record Accessibility: During the retention period, authorized users will have access to their records and signature logs.

Backup and Disaster Recovery: MedFlow IO performs regular backups of data and has a disaster recovery plan.

Electronic signatures on MedFlow IO are linked to documents that often contain protected health information (PHI). While MedFlow IO implements technical measures to protect this information, organizations remain responsible for ensuring that their use of the platform complies with HIPAA and other privacy laws.

MedFlow IO may modify or update this Electronic Signature Policy at our discretion. We will provide notice of any significant changes to this Policy to all active users and customer organizations. Continued use of the MedFlow IO platform after an updated Policy has gone into effect constitutes acceptance of the revised terms.