Is JotForm HIPAA / FERPA compliant?

  • Profile Image
    Amanda Custer 
    Asked on April 20, 2017 at 02:16 PM

    Is your system for submission storage HIPPA and FERPA compliant?

  • Profile Image
    Jim_R
    Answered on April 20, 2017 at 03:36 PM

    Hello Amanda, the short answer is no - We are not HIPAA nor FERPA compliant.

    HIPAA compliance was discussed in good detail on this thread https://www.jotform.com/answers/333046 so just head over to that thread if you're interested to know where we stand in this regard.

    Since the main concern with these questions is "security", allow me to discuss some key security features we have even if we are not compliant with these acts.

    All forms created in Jotform are and should be running on SSL by default.

    Related article: All-Forms-are-Now-Secure-by-Default-The-SSL-Limits-on-Free-Accounts-are-Lifted

    On top of that, the forms and submissions are transmitted securely with a 256 bit high-grade encryption, which means that data is encrypted during the transmission and cannot be interrupted by anyone else. We have an SSL certificate that uses SHA256 with RSA encryption https://www.ssllabs.com/ssltest/analyze.html?d=secure.jotform.com 

    As an added layer of security, you may also enable Form Encryption which basically encrypts all your Submission Data. Just be mindful of the other features that will cease to exist once you enable this. For more details, I strongly recommend you review our guide about encryption, especially theQ &A section.

    Complete guide: What-Are-Encrypted-Forms-and-How-to-Use-Them-as-Expert