An electronic signature is a person’s electronic expression of his or her agreement with or approval of the terms of a particular document. States are becoming increasingly interested in using electronic signatures for convenience and to reduce paperwork. Parent/guardian signatures are required for procedural safeguards related to the IFSP, and both parent and staff signatures are sometimes required for other aspects of IFSP development and implementation.
Parts B and C of the Individuals with Disabilities Education Act both allow for the use of electronic signatures provided necessary safeguards are in place. Such safeguards are consistent with the Family Educational Rights and Privacy Act (FERPA) and Health Insurance Portability and Accountability Act (HIPAA) guidelines. Electronic signatures can be used to capture parent consent/authorization and are applicable even when parents do not have direct access to a data system via a parent portal.
Connection to DaSy Data System Framework:
- Purpose and Vision QI2: The purpose and vision include the Part C/Part B 619 state program’s intents and goals for the data system.
- System Design and Development QI4: The Part C/Part B 619 state data system has the capacity to support accountability, program improvement, and program operations.
- Data Governance and Management QI6: Data governance policies require the development and implementation of procedures to ensure the security of the data from breach or loss.
- Data Governance and Management QI7: Data governance policies require the development and implementation of procedures to ensure that only authorized users gain appropriate access to the data, including reports.
Potential Data Elements
- Name of the signee
- Signature
- Date signed
- Additional data elements needed for identity authentication
Functionality
- Access and security controls
- Identity authentication
- Secure storage and protection of data, e.g., signature
Key Considerations
- FERPA and HIPAA allow for the use of electronic signatures as long as processes are in place to authenticate the identity of the person signing, that is, to make sure the person is who they say they are.
- Other considerations are the security and protection of the signature itself (for example, through the use of encryption) and issues related to whether and how the signature and related identity authentication data elements are stored.
- Alternatives to maintaining parent/guardian electronic signatures in the state data system include allowing local programs to maintain the electronic signature in a local system or using the state system as a way to document that the signature was obtained (see Kansas example below).
State Examples
Utah
Video Demonstration (view 15:57-19:02)
Demonstrates how electronic signatures are obtained and used.
- Web Signatures Overview. This document provides an overview of how the Baby and Toddler Online Tracking System (BTOTS) captures electronic signatures, ensures authenticity, securely stores the signed documents, and manages encryption.
Kansas
Kansas Electronic Signature PDF. This PDF shows the Signatures page for the Kansas Infant/Toddler System. A parent (or legal guardian or child advocate) provides an electronic signature by typing their name and the signature date into the system while in the presence of a staff member.
Related Resources
- Understanding the Confidentiality Requirements Applicable to IDEA Early Childhood Programs Frequently Asked Questions (U.S. Department of Education, 2016; p. 11)
The U.S. Department of Education’s Office of Special Education Programs developed these Frequently Asked Questions to help early childhood programs under the Individuals with Disabilities Education Act (Part B section 611, Part B section 619, and Part C) address privacy and confidentiality questions. Page 11 provides an answer to the question: Can an electronic signature be used as parental consent pursuant to the IDEA and FERPA? - Identity Authentication Best Practices (Privacy Technical Assistance Center, 2015)
This brief offers best practice recommendations for developing and implementing effective authentication processes to ensure that only appropriate individuals and entities have access to education records. General suggestions provided in the brief are applicable to all modes of data access—in person, over the phone, by mail, or electronically.
Published June 2017.