Can I make my form HIPAA compliant even though I am in Europe?

  • Profile Image
    joosteijkenboom
    Asked on September 11, 2019 at 12:21 PM

     I know it is an US standard, but it does give a sense of security.

  • Profile Image
    Kevin_G
    Answered on September 11, 2019 at 01:27 PM

    Yes, HIPAA can be enabled on your account, please kindly refer to this guide in order to follow the process: https://www.jotform.com/help/500-How-to-upgrade-to-HIPAA-Compliance 

    If you have questions, let us know. 

  • Profile Image
    joosteijkenboom
    Answered on September 11, 2019 at 01:34 PM

    Thank you for your answer, 


    In the guide you posted, under step 5, you can read: We offer business associate agreement (BAA) for our HIPAA customers that operate in the US


    I do not operate in the US, so what does that mean for me? Is it invalid? 


    I just want to do some medical questionnaires as a temporary solution until we have other means to ask the questionaires. But I would like to have some assurances that the data is processed safely. The hippa compliance is what pulled me towards jotform, so I would like to use that safety measure. 

    I do have a silver account. 


    Thanks for the help.  



  • Profile Image
    Kevin_G
    Answered on September 11, 2019 at 02:08 PM

    Yes, it means the BAA will be invalid as the rules for data protection outside the US are different and there are different rules depending on the country. 

    However, I think although the BAA may be invalid, your account would still have applied the security measures such as data encryption under the HIPAA compliance. 

    Now, if your only purpose is to have your data secure, I think you may enable the encryption feature which will keep your data saved and accessible only providing the correct decryption key, this feature is for regular accounts so you can test it even using a free account. Kindly check this guide for more details about it: https://www.jotform.com/help/344-Encrypted-Forms-and-How-to-Use-Them 

    If you have questions, let us know. 

  • Profile Image
    joosteijkenboom
    Answered on September 12, 2019 at 03:36 AM

    Thank you for your reply. 

    I have seen the encrypted functionality, but would like to avoid it since I would like to extract the results using google sheets. 

     

    So if I understand it correctly, if I enable Hipaa:

     

    - We have a BAA, which might not be valid by law but is still a good indication of our security measures 

    - Data will be encrypted, but we can still use google sheets integration 

    - Further encryption is not needed 

     

    Is that correct?

     

    Thanks

  • Profile Image
    ashwin_d
    Answered on September 12, 2019 at 06:52 AM

    - We have a BAA, which might not be valid by law but is still a good indication of our security measures 

    Yes that is correct. 


    - Data will be encrypted, but we can still use google sheets integration 

    Yes google spreadsheet integration is available in HIPAA complaint form. 


    - Further encryption is not needed 

    No you do not have to enable encryption in form. Please note that in HIPAA complaint form, the data is by default encrypted in our database.

  • Profile Image
    joosteijkenboom
    Answered on September 12, 2019 at 08:41 AM

    It seems our data has to be stored on US servers to enable HIPAA compliance. Since we work from Europe, we are obligated to store healthcare data in europe only. 


    So I guess our only option is to enable "manual" encryption? And therefore we won't be able to use google sheets integration etc? 

  • Profile Image
    BDAVID
    Answered on September 12, 2019 at 09:59 AM

    That is correct. HIPAA is available for users who store data on US servers. If you use encryption, features such as integrations, Form Reports, and PDF submission won't be available: https://www.jotform.com/help/344-Encrypted-Forms-and-How-to-Use-Them

    Let us know if you have more questions, we will be glad to assist you.