Is it possible to capture submissions in our own database in an HIPAA compliant way?

  • Profile Image
    Daniel
    Asked on May 02, 2015 at 08:04 PM

    Hi,

     

    My company requires either form submission info to be sent to our own DB in a HIPAA compliant way, or for our software to be able to access JotForm's DB and retrieve the form submission info from there in a HIPAA compliant way. Is this possible with JotForm? 

  • Profile Image
    raul
    Answered on May 02, 2015 at 08:12 PM

    It is possible to send your submissions to your own database by following the steps provided here: http://www.jotform.com/help/126-How-to-Insert-Update-Submissions-to-Your-MySQL-Database-Using-PHP. Since you are going to use your own database you may also want to check our auto delete submissions app which you can use to automatically delete the submission from our databases and keep the information only in your own environment.

    I suggest you to check this thread: http://www.jotform.com/answers/333046-is-JotForm-HIPAA-Compliant to see how you can use our system in an HIPAA compliant way.

    If you've further questions, please let us know.

  • Profile Image
    Daniel 
    Answered on May 02, 2015 at 08:17 PM

    Thanks for responding Raul. What I don't understand is whether I'll be complying with HIPAA if I follow the steps provided in that first link.

  • Profile Image
    raul
    Answered on May 02, 2015 at 08:25 PM

    Well, since you'll be capturing the data using your own database you would need to make sure that your environment complies with HIPAA requirements. I found here a checklist that can help you: https://luxsci.com/blog/hipaa-compliance-checklist-what-you-need-to-do.html

    Basically what you would need from us is to use secure submissions and edit the email notifications to make sure that sensitive data is not transferred in them and also use the auto-delete submissions app that I posted you in my previous response to keep the captured information in your own database only.

     

    The rest would depend on how do you set up your own environment since the data will be kept there.

    I hope this makes more sense to you.
    Let us know if you need more clarification on this matter.