Is JotForm HIPAA / FERPA compliant?

  • Profile Image
    Amanda Custer 
    Asked on April 20, 2017 at 02:16 PM

    Is your system for submission storage HIPPA and FERPA compliant?

  • Profile Image
    Jim_R
    Answered on April 20, 2017 at 03:36 PM

    Update (April 19, 2018) HIPAA is available for our Gold & Silver plans. https://www.jotform.com/hipaa/ 

     

    Hello Amanda, the short answer is no - We are not HIPAA nor FERPA compliant.

    HIPAA compliance was discussed in good detail on this thread https://www.jotform.com/answers/333046 so just head over to that thread if you're interested to know where we stand in this regard.

    Since the main concern with these questions is "security", allow me to discuss some key security features we have even if we are not compliant with these acts.

    All forms created in Jotform are and should be running on SSL by default.

    Related article: All-Forms-are-Now-Secure-by-Default-The-SSL-Limits-on-Free-Accounts-are-Lifted

    On top of that, the forms and submissions are transmitted securely with a 256 bit high-grade encryption, which means that data is encrypted during the transmission and cannot be interrupted by anyone else. We have an SSL certificate that uses SHA256 with RSA encryption https://www.ssllabs.com/ssltest/analyze.html?d=secure.jotform.com 

    As an added layer of security, you may also enable Form Encryption which basically encrypts all your Submission Data. Just be mindful of the other features that will cease to exist once you enable this. For more details, I strongly recommend you review our guide about encryption, especially theQ &A section.

    Complete guide: What-Are-Encrypted-Forms-and-How-to-Use-Them-as-Expert 

  • Profile Image
    Jim_R
    Answered on February 28, 2018 at 05:15 PM

    Good news - We are now in the process of making forms HIPAA compliant in the near future. This will be announced once completely available so stay tuned!

  • Profile Image
    steve
    Answered on March 01, 2018 at 12:23 AM

    HIPPA compliant forms are available with our Gold plan and our Enterprise product. 

  • Profile Image
    Rose
    Answered on April 12, 2018 at 08:13 AM

    Great news! JotForm now offers HIPAA compliance. This means users in the healthcare industry can use JotForm to collect sensitive patient information through consent and onboarding forms, medical history updates, online bill payments, and prescription refill requests.

    HIPAA-compliant forms require a Gold pricing plan, which is only $99 a month or a Silver pricing plan, which is $39 a month . A business associate agreement (BAA) is also available upon request.

  • Profile Image
    tina
    Answered on April 19, 2018 at 09:00 AM

    Update: HIPAA is available for the Silver plan as well.