Is your database environment HIIPA compliant?

  • Profile Image
    Asked on February 28, 2017 at 06:36 PM

    Hi I am in the process of building an app for my wife's business. It is critical that the data we collect is secure.



    I have seen that you have several app's created called client medical history etc. Is your environment HIIPA compliant?

    What is the safest way to build forms that collect the sensitive client information.




  • Profile Image
    Answered on March 01, 2017 at 12:25 AM

     Update (April 19, 2018) HIPAA is available for our Gold & Silver plans. 


    Jotform doesn't have HIPAA Compliance Certificate, but you can use Jotform in HIPAA Compliant way. Please check the below details:

    Our servers already match all criteria since we already care a lot about the security. However, some features of our application are not HIPAA compliant so if you refrain from using those features, I think you should be fine.

    1. Always use SSL (https) version of JotForm site on your browser. Use "" to login to your account, create your forms, look at your submissions and link to your forms.

    2. Edit emails on all forms to make sure no specific information is used on them. We send emails in plain text. So, they are not secure. Only use emails to get alerts to know there is a new submission. Once you receive an email alert, log into the secure JotForm site and then look at the user 

    3. If you use the Reports feature only do it with password protection. That will both ask for a password, and it will transfer all data over SSL.

    4. Same for uploads. They are not password protected.

    5. Logout immediate after you are done with the site.

    6. Regularly download submissions and then delete them.


    Data stored on our servers are not encrypted, but access to our servers is safeguarded. Data transmission from the person who submits their health information to our servers can be done in an encrypted manner, by using the forms securely.

    JotForm certainly complies with the technical safeguard section of the HIPAA security rule:

    Information systems housing PHI must be protected from intrusion. When information flows over open networks, some form of encryption must be utilized. If closed systems/networks are utilized, existing access controls are considered sufficient and encryption is optional.

    Basically, this are described from this thread: If you have any further concerns, please let us know.


  • Profile Image
    Answered on March 09, 2017 at 09:04 AM
    Hi thanks for getting back.
    Not sure that I understand number 6?
    Would you mind expanding
    Best Regards
  • Profile Image
    Answered on March 09, 2017 at 01:18 PM

    It means that you can regularly download the form submissions and then delete them after. In this way, the form submission will be deleted from our servers. You need to download it so that you have a backup copy of the submission, just in case you need it in the future.

    Hope that answered your question. If you need any clarifications, let us know. Thank you.

  • Profile Image
    Answered on April 10, 2018 at 07:15 AM

    Hello Henrik,

    Great news! JotForm now offers HIPAA compliance. This means users in the healthcare industry can use JotForm to collect sensitive patient information through consent and onboarding forms, medical history updates, online bill payments, and prescription refill requests. 

    HIPAA-compliant forms require a Gold pricing plan, which is only $99 a month or a Silver pricing plan, which is $39 a month. A business associate agreement (BAA) is also available upon request.

    For more information about our HIPAA-compliant forms, visit

  • Profile Image
    Answered on April 19, 2018 at 04:29 AM

    Update: HIPAA is available for the Silver plan as well.