HIPAA: Edit submission link is not working, it is redirecting to the JotForm login page

llofland

Asked on June 12, 2018 at 7:32 PM

I have created a page for team members to enter personal information, including medical information (HIPAA form).

The page was edited from an existing page. I copied a specific "edit submission" link for testing and sent the link to the person to edit their personal information. When they click the hyperlink, Jotform is asking for a UN and PW.

How is this resolved for persons who do not have a Jotform account?

Page URL: https://www.jotform.com/edit/4015268333319926002
John_Benson

Replied on June 12, 2018 at 10:41 PM

I tried doing some test on our HIPAA account and I was able to replicate the issue. After opening the edit submission link, I was redirected to the JotForm Login page.

Please give me more time to investigate the issue and if needed, I will forward this to our developers.

Thank you.
llofland

Replied on June 13, 2018 at 5:43 PM

Thank you
...
llofland

Replied on June 14, 2018 at 2:53 PM

Any resolve to this issue?
aubreybourke

Replied on June 14, 2018 at 3:35 PM

I checked the link you provided:

https://www.jotform.com/edit/4015268333319926002

And found if I am logged into JotForm I can access it. But if I'm not logged in, I cant access it and it and it will ask me to login.

I believe this is a requirement of HIPAA enabled accounts. They have tighter security.

But first please check your privacy settings in your profile section. Make sure they are all unchecked and test it once again:

It should look like this:

If the problem persists we can pass it through to the development team. They will be able to tell us if its a bug. And if it is a bug, they might be able to fix it.
llofland

Replied on June 14, 2018 at 6:43 PM

The problem is that I have 200 team members who have already filled out
their information. The medical information has been added to the form.
I don’t think they should have to open a jotform acct to amend their
information.
...
John_Benson

Replied on June 14, 2018 at 8:06 PM

There's no need for the 200 team member to create an account. Unfortunately, the form owner (HIPAA account) is the only one that can edit the submissions.

For more information about email notification and autoresponder for HIPAA account, please visit this link: https://www.jotform.com/help/504-How-to-use-Notification-and-AutoResponder-emails-in-HIPAA-accounts

I also escalated this issue to our developers so they can further check why the edit submission link is redirecting to the JotForm Login page.

I hope this information helps. We will contact you again on this thread once we have any updates.
llofland

Replied on June 15, 2018 at 7:58 AM

OK, I get the privacy part of HIPAA, I am a healthcare provider. However, each member should have access to their own medical information. It sounds like you are telling me that I will have access and edit ability to every team member's private medical information?

It just doesn't sound efficient to have one person to "edit" each person's information when a condition, medication, etc changes.
aubreybourke

Replied on June 15, 2018 at 9:08 AM

This ticket has been escalated to Level 2 support. The developers will take a look at this issue. And hopefully they will provide a response.
llofland

Replied on June 17, 2018 at 8:53 AM

I know this has been pushed to the developers, has there been any resolve?
Adrian

Replied on June 17, 2018 at 9:07 AM

Unfortunately, there is no update from our developers on this yet.

I believe that only form owners (accounts) are able to edit the submissions made to a HIPAA form. This is due to HIPAA restrictions and rules.

The edit link could get into the hands of the public and this way sensitive patient information data would be available to anyone with the edit link.

You will be updated via this thread once there is an update on this from our developers.
hasan JotForm Developer

Replied on June 18, 2018 at 7:03 AM

Hello,

Unfortunately, we cannot satisfy your case in terms of HIPAA Regulations. There must be an authentication mechanism before reaching health information.

Regards.
llofland

Replied on June 19, 2018 at 5:38 PM

ok, I understand HIPAA. I am wondering how the member edits their own medical information once entered? Do they have to re-enter the information each time? This is not how it's done at your doctors's office.

Hospitals and doctors offices do this every day when you check in: "Verify your information". Basically what you are saying is that each of my team members (200 people) must have a Jotform acct or they have to re-enter the information each time? Sorry to be a pain, but neither of those is correct.
Adrian

Replied on June 19, 2018 at 6:10 PM

I am wondering how the member edits their own medical information once entered? Do they have to re-enter the information each time? This is not how it's done at your doctors's office.

I am not sure if you can make those kinds of comparisons as these are two different scenarios.

Once a submission is made to a HIPAA form, it can be edited only by the account owner and they must be logged in to do that. At the doctor's office, it is usually someone filling/editing the data for you.

Hospitals and doctors offices do this every day when you check in: "Verify your information". Basically what you are saying is that each of my team members (200 people) must have a Jotform acct or they have to re-enter the information each time? Sorry to be a pain, but neither of those is correct.

Unfortunately, due to HIPAA rules and restrictions, only the form owner can make edits to form submissions. As I have said earlier if no authentication is required, anyone with the submission edit link would be able to see the data and make changes.

We are sorry for the inconvenience.