Is Jot Form HIPPA compliant?

  • Profile Image
    Asked on May 12, 2015 at 12:08 PM

    I am an acupuncturist that needs to follow HIPPA compliance with electronic data submission.  Thanks!  

  • Profile Image
    Answered on May 12, 2015 at 01:59 PM

    Update (April 19, 2018) HIPAA is available for our Gold and Silver plans. 


    Currently, Jotform does not hold an HIPAA Compliance Certificate, nevertheless you can use Jotform in HIPAA Compliant way. More details below:

    Jotform has a very powerful cloud of secure servers.

    This provides security protection against malicious attacks like SQL injection and denial of service (DOS) attacks. 

    We provide a very high-security level throughout our hosting provider's servers for stored data

    Moreover, all of our SSL certificates support high-grade 256-bit encryption.

    In that sense, JotForm certainly complies with the technical safeguard section of the HIPAA security rule:

    Information systems housing PHI must be protected from intrusion. When information flows over open networks, some form of encryption must be utilized. If closed systems/networks are utilized, existing access controls are considered sufficient and encryption is optional.

    For a better explanation on how to be HIPAA compliant using Jotform, you must know that data stored on our servers is not encrypted, but access to our servers is highly safeguarded.

    On the other hand, Data transmission from the person who submits their health information to our servers can be done in an encrypted manner, by using the forms securely

    So, to be compliant with HIPAA rules, users must follow these advices:

    1. Always use SSL (HTTPS) version of JotForm site on your browser. Use "" to login to your account, create your forms, look at your submissions and link to your forms.

    2. Edit emails on all forms to make sure no specific information is used on them. We send emails in plain text. So, they are not secure. Only use emails to get alerts to know there is a new submission. Once you receive an email alert, log into the secure JotForm site and then look at the user 

    3. If you use the Reports feature only do it with password protection. That will both ask for a password, and it will transfer all data over SSL.

    4. Same for uploads. They are not password protected.

    5. Logout immediate after you are done with the site.

    6. Regularly download submissions and then delete them.


    I would also like to add that we are now a Safe Harbor Certified. Please check our privacy policy page for this update:

    That's it! Let us know if you have any further questions.


  • Profile Image
    Answered on April 13, 2018 at 10:04 AM

    Great news! JotForm now offers HIPAA compliance. This means users in the healthcare industry can use JotForm to collect sensitive patient information through consent and onboarding forms, medical history updates, online bill payments, and prescription refill requests. 

    HIPAA-compliant forms require a Gold pricing plan, which is only $99 a month or a Silver pricing plan, which is $39 a month. A business associate agreement (BAA) is also available upon request.

    For more information about our HIPAA-compliant forms, visit

  • Profile Image
    Answered on April 19, 2018 at 04:28 AM

    Update: HIPAA is available for the Silver plan as well.