HIPAA Compliance Hidden Email Content

I have recently upgraded my account to have HIPAA Compliance features. My client currently has 9 locations to choose from on their form. I need assistance in 2 areas:

1. I am having issues setting up conditional logic on the backend. I am trying to send a notification email to the appropriate location when it is selected on the form. I need them to only receive emails when it applies to their own location. 

2. I need the recipient to receive an email with all the information included, but right now, all info is "Hidden to protect your privacy." How can I adjust this so that each location can easily access all form details without having jotform credentials??

Also, out of the information listed on the form, does that need to be protected/hidden at this time? Is showing the date of birth on the form complies with HIPAA?

Set the fields as not protected in HIPAA enabled form and they will be shown in the email.

Refer to this guide: https://www.jotform.com/help/504-how-to-use-notification-and-autoresponder-emails-in-hipaa-accounts/

The way the data is handled after it is received on the emails at the location has a large part in determining whether the form remains HIPAA enabled or not.

Also, you can use a HIPAA enabled mail service if you want.

Thank you for your help! Could you also elaborate on this comment:

"The way the data is handled after it is received on the emails at the location has a large part in determining whether the form remains HIPAA Enabled or not."

Apologies for providing a statement without clear elaboration.

What that statement meant is that HIPAA Compliance is primarily about how medical form data is secured. JotForm HIPAA compliance takes care of the data from when the user fills it in up to when the data is viewed in the submissions. This is done by encrypting the data and storing it securely on a separate server that complies with HIPAA standards. Refer to this guide: https://www.jotform.com/help/506-jotform-hipaa-compliance/

Once the data is viewed in the submissions the responsibility is still on your organization to ensure that the data is viewed by the right individuals meant to have access.

As regards the above issue, it happens that you could have a form that contains Healthcare data combined with other data that is not designated as healthcare data such as email, phone number, address etc.

With such a setup, non-healtcare data can be made visible in the email submission as the form will still be enabled for HIPAA.

However, healthcare data has to remain protected and as such not displayed in email submissions for form to stay in line with HIPAA compliance features.

Refer to this guide: https://www.jotform.com/help/518-how-to-set-phi-fields-on-your-forms/

Thank you so much. That is extremely helpful. Do you know, if a patient is switching pharmacies, is their date of birth considered PHI? 

Yes, their date of birth is considered PHI. You have to do de-identification to make this data available. i.e. the data you make visible in the email should contain information that cannot be used to directly identify the user when combined and attach them to the health information provided. 

Here is a useful resource on HIPAA: https://www.hhs.gov/hipaa/index.html

To be on the safer side, it's better to encrypt all the data. This will ensure you are compliant with no worries. 

For more specific customizations, you may have to read through the HIPAA regulations act and confirm that your organization is following the right procedures to secure patient data.