HIpaa compliance

  • Profile Image
    Asked on September 22, 2017 at 11:56 AM

    I am interested in putting a patient intake process form on my website that will allow new patients to enter in their demographics, insurance info and personal and family medical history to be submitted online (instead of printing out and bringing at the time of exam).  I am wondering if your services would be considered HIPAA compliant.  If so I would be interested in being a Jetform subscriber.  It would be great to discuss this by phone if possible.

  • Profile Image
    Answered on September 22, 2017 at 12:54 PM

    Update (April 19, 2018) HIPAA is available for our Gold & Silver plan.  https://www.jotform.com/hipaa/ 


    We offer HIPAA compliant forms for Enterprise users:


    And will soon offer HIPAA compliant forms for Gold users as well.

    For all other users, here is more information on HIPAA compliance:


  • Profile Image
    Answered on September 23, 2017 at 11:23 PM

    Jotform is an option provided you are using HTTPS for the form AND if you are sending the results to an email address, that must also be encrypted. In other words, sending the form results to a gmail account IS NOT HIPAA compliant. Also, what you do with that data once it is collected presents another opportunity to violate HIPAA. Be certain if you are storing the results electronically (as in a PDF, CSV, or TXT file) that it is being stored on an encrypted drive. Ideally, you would also be using file level encryption.

    Finally, it would be a good idea to try to get a Business Associate agreement in place with Jotform. They will be saving PHI, and that technically qualifies them as a BA. I'm not sure what their policy is, but you should consider their position in deciding what tool to use.

    If you have additional questions, you can contact Acentec, Inc.

  • Profile Image
    Answered on September 23, 2017 at 11:59 PM

    Please note that submissions can be indeed encrypted, but there are some features that cannot be used while encryption is enabled on your form, in order to get more details about it, please check this guide: https://www.jotform.com/help/344-Encrypted-Forms-and-How-to-Use-Them 

     sending the form results to a gmail account IS NOT HIPAA compliant

    It's possible to send submissions via email to different providers, you may even use your own mail server information using the SMTP method, more details can be found here: https://www.jotform.com/help/244-How-to-Setup-SMTP-for-a-Form 

    Business Associate Agreement is only available for the enterprise version of JotForm.

  • Profile Image
    Answered on April 10, 2018 at 04:11 AM

    Great news! JotForm now offers HIPAA compliance. This means users in the healthcare industry can use JotForm to collect sensitive patient information through consent and onboarding forms, medical history updates, online bill payments, and prescription refill requests. 

    HIPAA-compliant forms require a Gold pricing plan, which is only $99 a month or a Silver pricing plan, which is $39 a month. A business associate agreement (BAA) is also available upon request.For more information about our HIPAA-compliant forms, visit www.jotform.com/hipaa

  • Profile Image
    Answered on April 19, 2018 at 07:26 AM

    Update: HIPAA is available for Silver plan as well.