If I ask for private information, how do I guarantee the information is private?

  • hwaters
    Asked on July 22, 2015 at 8:39 PM

    I hate thinking it will be sent to a server I am not familiar with and potential medical information could be no longer private. Is there an encryption option? Or even better a direct push to my private email to bypass storage server risk.

  • Charlie
    Replied on July 23, 2015 at 2:54 AM

    Update (April 19, 2018) HIPAA is available for our Gold and Silver plans.

    https://www.jotform.com/hipaa/ 

    Hi,

    Unfortunately, all the initial submission data will be stored in our data centers. However, you have an option to delete them and they will be permanently be gone in our servers, which means that action is irreversible.

    Another option, you can directly push the submission data to your server using FTP. Here's a guide on that: http://www.jotform.com/help/177-How-to-Enable-FTP-on-Form-Submissions. But, you need to have at least a file upload field in the form itself. You can also integrate your form to other file storage systems like Dropbox and Google Drive, although I'm not sure if that is something you are considering.

    Here are some security info that our founder shared to us:

    - We have bug bounty programs where we pay outside parties for

    reporting vulnerabilities in our system.

    - Our servers are protected by private networks and constantly updated

    and patched.

    - Our system administrators have a collective 40+ years of industry experience.

    - Our development team is encouraged to follow best security practices.

    - All data transfer are made of 256-bit SSL secure connection.

    - Our servers are located on SSAE16 Audited facilities.

     

    You can also use SSL enabled forms, here's a guide on that: http://www.jotform.com/help/63-How-can-I-receive-SSL-Submissions 

    For medical information, I assume you are looking for HIPAA compliance? Here's an info regarding JotForm and HIPAA: http://www.jotform.com/answers/333046-is-JotForm-HIPAA-Compliant 

     

    Our developers also released a new feature, the "Encrypted Forms". You can learn more about it in this blog post: http://www.jotform.com/blog/162-Introducing-Encrypted-Forms-The-Ultimate-in-Online-Form-Security.

    I hope that somehow this helps.

  • Rose
    Replied on April 13, 2018 at 10:03 AM

    Great news! JotForm now offers HIPAA compliance. This means users in the healthcare industry can use JotForm to collect sensitive patient information through consent and onboarding forms, medical history updates, online bill payments, and prescription refill requests. 

    HIPAA-compliant forms require a Gold pricing plan, which is only $99 a month or a Silver pricing plan, which is $39 a month. A business associate agreement (BAA) is also available upon request.

    For more information about our HIPAA-compliant forms, visit www.jotform.com/hipaa

  • Scott JotForm Developer
    Replied on April 19, 2018 at 4:22 AM

    Update: HIPAA is available for the Silver plan as well.