API access to HIPAA submissions

  • Profile Image
    sebeller
    Asked on January 20, 2020 at 04:12 PM

    I want to create a HIPAA form and use it for a few weeks to enable a third-party developer to write some code for use in our app that would query the Jotform database via API or other means. I don't want to give them assess to our existing form database due to privacy issues. What is the best way to such temporary access with a different password and user name?

  • Profile Image
    EltonCris
    Answered on January 20, 2020 at 08:22 PM

    I think there's no need to provide them your account. Just create an API Key for them so they can use it for API calls. If it requires accessing your form, you can add them as a Collaborator then copy and send them the Collaboration Link.

    Example:

  • Profile Image
    sebeller
    Answered on January 21, 2020 at 06:50 AM
    Thankyou. However, I do not want to give them access to existing submission in your database to protect patient privacy. The API calls, as I understand, would give them access. What do you recommend if this is true?

    ...
  • Profile Image
    JohnRex
    Answered on January 21, 2020 at 09:31 AM

    You were right. Using the API Key may give them access to the form submissions as well as the information found on your account.

    How about using an external database to send the specific form's submissions to? For example, you may send the form's data to a MySQL database using PHP. Then your third-party developer may create a code to query from that database instead of querying directly from Jotform.

    Please see this guide on How-to-send-Submissions-to-Your-MySQL-Database-Using-PHP.

  • Profile Image
    sebeller
    Answered on January 21, 2020 at 09:50 AM
    I want them to query Jotform using your API as part of the app routine because of HIPAA security.

    ...
  • Profile Image
    JohnRex
    Answered on January 21, 2020 at 11:00 AM

    Unfortunately, using API may grant access to all the information on the form's and the account. 

    However, you may refer to our API documentation and try using a hipaa-api.jotform.com domain to access the submission data.

    You can also reach out to our developers to help you with the API configuration via this email: api@jotform.com 

  • Profile Image
    sebeller
    Answered on January 21, 2020 at 12:50 PM
    Thank you. I already have a hipaa domain. What I think I need is to use a new hipaa account for about a month or two. When the developers are done, I will delete the account and use the code they develop for my current gold hipaa Jotform account. Would it be possible for me to get a hipaa sandbox account to use at no or little cost for outsourced developers since it will only contain 2-3 brief forms and very few submission (10 or so) for testing purposes?

    ...
  • Profile Image
    JohnRex
    Answered on January 21, 2020 at 01:56 PM

    Yes, I think that would be a good workaround as well. However, we do not have a HIPAA sandbox account. So I'm afraid you need to upgrade the test account to at least a Silver subscription to enable HIPAA compliance.

  • Profile Image
    sebeller
    Answered on January 21, 2020 at 05:50 PM
    I decided to create a new HIPAA account and want to share it with the developers. Please explain the process for sharing with them.

    ...
  • Profile Image
    EltonCris
    Answered on January 21, 2020 at 07:48 PM

    I think there's no specific steps required for that, you can simply share them the login credential of your new account and that's it.

    If you have any other questions, let us know.