HIpaa compliance

  • Profile Image
    none 
    Asked on September 22, 2017 at 11:56 AM

    I am interested in putting a patient intake form on my website that will allow new patients to enter in their demographics, insurance info and personal and family medical history to be submitted online (instead of printing out and bringing at the time of exam).  I am wondering if your services would be considered HIPAA compliant.  If so I would be interested in being a Jetform subscriber.  It would be great to discuss this by phone if possible.

  • Profile Image
    david
    Answered on September 22, 2017 at 12:54 PM

    We offer HIPAA compliant forms for Enterprise users:

    https://www.jotform.com/enterprise/

    And will soon offer HIPAA compliant forms for Gold users as well.

    For all other users, here is more information on HIPAA compliance:

    https://www.jotform.com/answers/333046-is-JotForm-HIPAA-Compliant

  • Profile Image
    jeffjm
    Answered on September 23, 2017 at 11:23 PM

    Jotform is an option provided you are using HTTPS for the form AND if you are sending the results to an email address, that must also be encrypted. In other words, sending the form results to a gmail account IS NOT HIPAA compliant. Also, what you do with that data once it is collected presents another opportunity to violate HIPAA. Be certain if you are storing the results electronically (as in a PDF, CSV, or TXT file) that it is being stored on an encrypted drive. Ideally, you would also be using file level encryption.

    Finally, it would be a good idea to try to get a Business Associate agreement in place with Jotform. They will be saving PHI, and that technically qualifies them as a BA. I'm not sure what their policy is, but you should consider their position in deciding what tool to use.

    If you have additional questions, you can contact Acentec, Inc.

  • Profile Image
    Kevin_G
    Answered on September 23, 2017 at 11:59 PM

    Please note that submissions can be indeed encrypted, but there are some features that cannot be used while encryption is enabled on your form, in order to get more details about it, please check this guide: https://www.jotform.com/help/344-Encrypted-Forms-and-How-to-Use-Them 

     sending the form results to a gmail account IS NOT HIPAA compliant

    It's possible to send submissions via email to different providers, you may even use your own mail server information using the SMTP method, more details can be found here: https://www.jotform.com/help/244-How-to-Setup-SMTP-for-a-Form 

    Business Associate Agreement is only available for the enterprise version of JotForm.