Support Forum

Yes, it is possible to use JotForm in a HIPAA compliant way. Our servers already match all criteria since we already care a lot about the security. However, some features of our application is not HIPAA compliant so if you refrain from using those features, I think you should be fine.

1. Always use SSL (https) version of JotForm site on your browser. Use "https://www.jotform.com" to login to your account, create your forms, look at your submissions and link to your forms.

2. Edit emails on all forms to make sure no specific information is used on them. We send emails in plain text. So, they are not secure. Only use emails to get alerts to know there is a new submission. Once you receive an email alert, log into the secure JotForm site and then look at the user 

3. Do not use Reports feature. Since the report URLs are not password protected.

3. If you use the Reports feature only do it with password protection. That will both ask for a password and it will transfer all data over SSL.

4. Same for uploads. They are not password protected.

5. Logout immediate after you are done with the site.

6. Regularly download submissions and then delete them.

These are all I can think of right now. But if I think of anything else I will post it here.

Update: Reports now support password protection. So you can use them.

Por lo que estoy llegando a entender la seguridad de JotForm fuera de su dominio web no es segura cierto?

Entonces mi pregunta es si accedo a la información de contacto desde el dominio de jotform es segura la conexión o también es vulnerable?

Un saludo

@Promusic,

That is not correct. You can embed SSL version of your form into your website, in that case all the data will be encrypted. Please check the following tutorial to get the information about how to receive SSL submissions.

How can I receive SSL Submissions?

It is also possible to get the licensed JotForm Application and install it on your own server.

Please feel free to contact us if you need any further assistance.