How can I learn more of the details to the HIPAA encryption & features?

  • Colm
    Asked on January 14, 2019 at 3:49 PM

    I just upgraded to the HIPAA compliant account, but would have some questions. What's the best way to learn about these?  Is there a support person I could have a short call with?

     - I wanted to check on what kind of encryption is used from the forms data submission to the JotForm servers?

     - I'm using the HIPAA surveys from a browser embedded in another application.  Since the browser directly links to the sharing URL from Jotform, is the encryption in place for the survey?

     - I've set up the Jotform integration to Google Docs and Google Drive while testing.  Is the data encrypted in transit from Jotform to Google Docs/Drive?  I'll need to set up appropriate security with them (or any Jotform integration partner I use).  Does Jotform know which of the data/file storage partners have HIPAA compliant options?  

     - When I set up a HIPAA secure form option with Google, is there any changes I'll need to make to the Jotform integration?

     - How do learn about setting up a payment or appointment form within the HIPAA environment.  For a payment screen, how do I securely pass the cost data to it?

    Thanks!

    Colm

     

  • Jed_C
    Replied on January 14, 2019 at 6:37 PM

    What's the best way to learn about these? — You can learn more about HIPAA by visiting our page here https://www.jotform.com/hipaa/ 

    Is there a support person I could have a short call with? — We don't have a phone support at the moment. The fastest way to reach out support team is via forum.

    I wanted to check on what kind of encryption is used from the forms data submission to the JotForm servers? — Jotform uses a dedicated server only for HIPAA compliant accounts. Jotform follows the strongest, industry-leading standard for encryption which is AES 256-bit encryption.

    I'm using the HIPAA surveys from a browser embedded in another application.  Since the browser directly links to the sharing URL from Jotform, is the encryption in place for the survey? — HIPAA forms is using the encryption by default. The URL where it loads the form is already encrypted this means that loading the stand alone form URL or loading it in an application is already secured.

    I've set up the Jotform integration to Google Docs and Google Drive while testing.  Is the data encrypted in transit from Jotform to Google Docs/Drive? — Yes, it is already encrypted.

    I'll need to set up appropriate security with them (or any Jotform integration partner I use).  Does Jotform know which of the data/file storage partners have HIPAA compliant options? — I believe including Google Drive, all G Suite Apps are HIPAA compliant, you can read more here from this link https://static.googleusercontent.com/media/gsuite.google.com/en//files/hipaa-implementation-guide.pdf.

    When I set up a HIPAA secure option with Google, is there any changes I'll need to make to the Jotform integration? — No, just enable the HIPAA on your account and you should be all set. To enable, please follow this guide https://www.jotform.com/help/500-How-to-upgrade-to-HIPAA-Compliance 

    How do learn about setting up a payment or appointment form within the HIPAA environment.  For a payment screen, how do I securely pass the cost data to it? — Like what I've mentioned, Jotform is HIPAA compliant already. It would now only depend on the payment process that you integrate with whether they are HIPAA compliant or not. It would be best to ask those question directly to the payment processor support team.

    Let us know if you have any questions or if you need further assistance.