What is JotForm?
JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.
At JotForm, we want to make sure that you’re getting the online form builder help that you need. Our friendly customer support team is available 24/7.
We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.
Is it possible to capture submissions in our own database in an HIPAA compliant way?Asked by Daniel on May 02, 2015 at 08:04 PM
It is possible to send your submissions to your own database by following the steps provided here: http://www.jotform.com/help/126-How-to-Insert-Update-Submissions-to-Your-MySQL-Database-Using-PHP. Since you are going to use your own database you may also want to check our auto delete submissions app which you can use to automatically delete the submission from our databases and keep the information only in your own environment.
I suggest you to check this thread: http://www.jotform.com/answers/333046-is-JotForm-HIPAA-Compliant to see how you can use our system in an HIPAA compliant way.
If you've further questions, please let us know.
Thanks for responding Raul. What I don't understand is whether I'll be complying with HIPAA if I follow the steps provided in that first link.
Well, since you'll be capturing the data using your own database you would need to make sure that your environment complies with HIPAA requirements. I found here a checklist that can help you: https://luxsci.com/blog/hipaa-compliance-checklist-what-you-need-to-do.html
Basically what you would need from us is to use secure submissions and edit the email notifications to make sure that sensitive data is not transferred in them and also use the auto-delete submissions app that I posted you in my previous response to keep the captured information in your own database only.
The rest would depend on how do you set up your own environment since the data will be kept there.
I hope this makes more sense to you.
Let us know if you need more clarification on this matter.