Do we need BAA in place since data is stored in your servers?

  • Profile Image
    Asked on July 12, 2017 at 11:10 AM

    If the data is stored on your servers, then we would need to have a BAA in place.

  • Profile Image
    Answered on July 12, 2017 at 01:33 PM

    Update (April 19, 2018) HIPAA is available for our Gold & Silver plans. 


    Jotform is not HIPAA compliant, but you can use Jotform in an HIPAA compliant way. For more details please check this thread: 

    Submitted data is stored on JotForm servers. We have no compliance certificate for either HIPAA or BAA. 

    Feel free to contact us if you have any other questions. 

  • Profile Image
    Answered on April 10, 2018 at 06:48 AM

    Hello Carl,

    Great news! JotForm now offers HIPAA compliance. This means users in the healthcare industry can use JotForm to collect sensitive patient information through consent and onboarding forms, medical history updates, online bill payments, and prescription refill requests. 

    HIPAA-compliant forms require a Gold pricing plan, which is only $99 a month or a Silver pricing plan, which is $39 a month. A business associate agreement (BAA) is also available upon request.For more information about our HIPAA-compliant forms, visit

  • Profile Image
    Answered on April 19, 2018 at 08:06 AM

    Update: HIPAA is available for Silver plan as well.