Non-HIPAA sub-account can add widgets to the shared HIPAA form (widgets that are excluded on HIPAA)

  • Profile Image
    DP_Jotfrom
    Asked on May 17, 2018 at 10:16 AM

    Hi,

    I created a blank HIPAA compliant form under this account.  I shared it with a non-hipaa compliant account. 

    I added a widget from that non hipaa compliant account and that widget does not meet hipaa compliance (Per the hipaa compliance process I went through to set this account as Hipaa compliant).  I was not able to add the widget from the hipaa account. 

    I find that the non compliant widget is on the form under the hipaa account.  

    for name : Hippa widget compliance test

    widget name: take photo

    hippa account: DP_Jotfrom

    non hippa account: NMSCJotform

    My expected result was the form being created under the hipaa account would not allow any widgets that are not hipaa compliant to be added from any account.  This does not seem to be the case.  Please advise if this is the expected function. 

    Our need is to have standard users be able to make forms that are hipaa compliant and end up living under this hipaa gold account.  It doesnt seem that a standard user can create a form and move it to this account, clone it to this account or modify a form on this account that maintains the hipaa compliance. 

    Please advise and thanks!

     

  • Profile Image
    BDAVID
    Answered on May 17, 2018 at 12:42 PM

    Why do you say that the widget that was added by the sub-user(who is not in HIPAA compliance), is not compliant with the rest of the fields of your HIPAA form? Please not that any field added by you, or the sub-user to the HIPAA form, will be also compliant.

  • Profile Image
    DP_Jotfrom
    Answered on May 17, 2018 at 02:27 PM

    I added a widget from that non hipaa compliant account and that widget does not meet hipaa compliance (Per the hipaa compliance process I went through to set this account as Hipaa compliant). This widget had to be removed from multiple forms to allow the Hipaa process to complete.  

    if this widget is hipaa compliant why did it need to be removed from the forms to allow compliance on the account. and why is the widget not available from the hipaa account to add.  Please advise

  • Profile Image
    EltonCris
    Answered on May 17, 2018 at 04:36 PM

    Not all the widgets are HIPAA compliant that's why some of the widgets are removed while on HIPAA account. Example, the Take Photo Widget. I believe the main reason is that some of the widgets can't be sent encrypted due to the functionality they require so they had to be removed.

  • Profile Image
    DP_Jotfrom
    Answered on May 17, 2018 at 05:26 PM

    Please advise then why it is allowed for a non hipaa account to add a widget to a hipaa compliant form?  i have given you a specific example of this happening.  


    Is there phone support for this issue available.  I do not believe I am able to get the specific answers i need to this issue and it is critical to our use of Jotform. 

  • Profile Image
    EltonCris
    Answered on May 17, 2018 at 06:49 PM

    That's probably because the form was accessed in a Non-HIPAA account which has the widget. I have escalated this to our developers for further investigation. We will let you know once we have updates.

    For now, please ask your sub-users not to add the mentioned widget in your HIPAA form. 

    Thanks

  • Profile Image
    hasan
    Answered on June 08, 2018 at 06:53 AM

    Hi,

    We fixed the issue. Thank you for your report.

    Regards.