Security of health information

  • Profile Image
    Patricia Hagan 
    Asked on August 22, 2019 at 09:50 AM

    I work for a small charity which is a membership organisation, our clinicians are planning an audit of an aspect of clinical practice and are considering using JotForm.  Looking on your website you have pricing options which refer to HIPAA compliance - i presume this is American.  In the UK companies processing patient information need to complete NHS Digital's Data Security and Protection Toolkit (DSPT) to provide assurance that they are practising good data security.  Have Jotform completed the DSPT or do they have any plans to do so? 

    I note from your website that it is possible to ensure data is stored within the EU, is this option only available with some of your pricing plans and are there any additional costs for this?

  • Profile Image
    Richie_P
    Answered on August 22, 2019 at 11:37 AM

    To clarify, are you referring to the servers the HIPAA compliance submissions are saved?

    You may check this link for more information.

    https://www.jotform.com/hipaa/

    In the UK companies processing patient information need to complete NHS Digital's Data Security and Protection Toolkit (DSPT) to provide assurance that they are practising good data security.  Have Jotform completed the DSPT or do they have any plans to do so?

    Can you please give us more information regarding DSPT ?

    I note from your website that it is possible to ensure data is stored within the EU, is this option only available with some of your pricing plans and are there any additional costs for this?

    Yes, you may store the data in EU servers. This is available for all plans in EU. Kindly check this link:https://www.jotform.com/eu-safe-forms/


  • Profile Image
    Patricia Hagan 
    Answered on August 22, 2019 at 12:43 PM
    Completion of this is mandatory for any supplier who may handle patients personal data.
    ...
  • Profile Image
    Richie_P
    Answered on August 22, 2019 at 01:55 PM

    Can you please share to us a website that we can check the requirements for DSPT?

    I tried checking for DSPT in the web however, I can't seem to find any information regarding HIPAA and DSPT.

    Or do you want to add DSPT with GDPR?

    Looking forward for your response.