Your HIPAA compliant form on our non-HIPAA compliant website hosting.

  • Profile Image
    Oleg Timoshenko 
    Asked on May 10, 2019 at 09:29 AM

    Hello Jotform Support Team,


    I'm seriously considering your service and have a question to make sure I'm doing the right thing.  We have a website that is hosted on BlueHost; it's not a HIPAA compliant vendor. We have a need to use forms to collect potential patient's data. We can't do it w/ our current vendor (BlueHost). This means that we either need to change our hosting company or, if possible, to use another vendor (like you:) and host your HIPAA compliant form on our non-HIPAA website. So, do you know if by doing this (embedding JotDot form via iFrame, for example) makes the whole process of capturing patient's data and receiving it on our end a HIPAA compliant process? Please advise! Have you seen other people doing it?

  • Profile Image
    Answered on May 10, 2019 at 11:58 AM

    Hello Oleg, 

    The data you collect on HIPAA forms will only go to our HIPAA compliant servers and never reach your non compliant hosting provider, so why not? This will not matter if you will use an embedded form or its direct link to collect data. With our forms, responses will be collected in a HIPAA compliant environment anyway. Please review our HIPAA page here: 

    We will be glad to assist if you need more help, just let us know.