API access to HIPAA submissions

I want to create a HIPAA form and use it for a few weeks to enable a third-party developer to write some code for use in our app that would query the JotForm database via API or other means. I don't want to give them assess to our existing form database due to privacy issues. What is the best way to such temporary access with a different password and user name?

I think there's no need to provide them your account. Just create an API Key for them so they can use it for API calls. If it requires accessing your form, you can add them as a Collaborator then copy and send them the Collaboration Link.

Example:

Thankyou. However, I do not want to give them access to existing submission in your database to protect patient privacy. The API calls, as I understand, would give them access. What do you recommend if this is true?

...

You were right. Using the API Key may give them access to the form submissions as well as the information found on your account.

How about using an external database to send the specific form's submissions to? For example, you may send the form's data to a MySQL database using PHP. Then your third-party developer may create a code to query from that database instead of querying directly from Jotform.

Please see this guide on How-to-send-Submissions-to-Your-MySQL-Database-Using-PHP.

I want them to query JotForm using your API as part of the app routine because of HIPAA security.

...

Unfortunately, using API may grant access to all the information on the form's and the account. 

However, you may refer to our API documentation and try using a hipaa-api.jotform.com domain to access the submission data.

You can also reach out to our developers to help you with the API configuration via this email: api@jotform.com 

Thank you. I already have a hipaa domain. What I think I need is to use a new hipaa account for about a month or two. When the developers are done, I will delete the account and use the code they develop for my current gold hipaa JotForm account. Would it be possible for me to get a hipaa sandbox account to use at no or little cost for outsourced developers since it will only contain 2-3 brief forms and very few submission (10 or so) for testing purposes?

...

Yes, I think that would be a good workaround as well. However, we do not have a HIPAA sandbox account. So I'm afraid you need to upgrade the test account to at least a Silver subscription to enable HIPAA compliance.

I decided to create a new HIPAA account and want to share it with the developers. Please explain the process for sharing with them.

...

I think there's no specific steps required for that, you can simply share them the login credential of your new account and that's it.

If you have any other questions, let us know.