HIPAA compliance

  • Profile Image
    Edward Hamlin 
    Asked on December 05, 2016 at 03:12 PM

    Hi - I saw a physical therapist who used your product for his intake forms and am thinking about doing the same for my wife's neurology practice. It was quite elegant. 

    I read the FAQ on security, but wanted to ask if you know whether JotForm has achieved HIPAA compliance. Https and data encryption are certainly a huge step toward that, but if form data resides on your servers at any point there's another set of criteria that kick in.

    In fact, it would be helpful to know whether that data can be wiped once the form is transmitted. Does it have to be persisted on your server indefinitely?

    Thanks in advance - nice product!


  • Profile Image
    Answered on December 05, 2016 at 05:24 PM

    Unfortunately we are not HIPAA compliance at the moment, although there are some ways to use our forms in a HIPAA compliant way, what I would suggest you to get more details about this is to take a look on this thread where our support manager has posted info about this: https://www.jotform.com/answers/333046 

    Now, regarding to your concern about storing your submissions and data on our servers, then there is a way to delete submissions as soon as they are received, this way you only receive the info via email and there is no record on the submissions page saved since it was already deleted. 

    Here's the link to the app that will help you to achieve that: https://apps.jotform.com/app/auto_delete_submissions 

    Do note also that when a submission has been  deleted there is not a way to restore it, it is also deleted from our database as well. 

    Please if you have any question, let us know.