Hippa compliance questions

  • Profile Image
    Tim
    Asked on March 08, 2021 at 06:04 PM

    I setup a couple forms for a Dr. clinic during a website build. They would like to use the google sheet integration. I created their Jotform account, sent them BAA and had them sign, then linked their new google sheet account to the form. They would like us to maintain technical mangement of the forms and details.

    1. Does this still allow for Hippa compliance, since we have access to Jotform's and their google account for tech issues.
    2. Is there something we need to do to protect our agency during this process.
  • Profile Image
    jherwin
    Answered on March 08, 2021 at 10:47 PM

    Thank you for contacting us, Tim.

    1.) Jotform and Google sheets are HIPAA compliant. We really don’t suggest sharing the account credentials because the form will collect sensitive information and only the account owner should look at the submitted data. However, if they allow you to view the data then I think that's okay. Please note that it is the responsibility of the account owner if they share their account access with you or with anyone.

    2.) Maybe create an agreement with them and ask them to sign your terms and conditions.