Are your new forms HIPAA compliant?

  • Profile Image
    David Straight 
    Asked on July 23, 2015 at 10:58 AM

    I'd like to collect patient intake information from my website but as a health provider, I need a hipaa compliant form.

     

    I look forward to your answer and hope they are :-)

     

    David Straight

  • Profile Image
    Sammy
    Answered on July 23, 2015 at 12:54 PM

    At the present jotform does not hold a HIPAA Compliance Certificate, however we are technically compliant in terms of data protections.

    We provide high grade SSL encryption for data transfer over the web and we also recently introduced the form encryption feature

    To be compliant to the HIPAA rules in your form you can ensure the following features are implemented

    1. Always use SSL (https) version of JotForm site on your browser. Use "https://www.jotform.com" to login to your account, create your forms, look at your submissions and link to your forms.

    2. Turn on form encryption to allow the encryption of form data

    http://www.jotform.com/encrypted-forms/

     

    3. Edit emails on all forms to make sure no specific information is used on them. We send emails in plain text. So, they are not secure. Only use emails to get alerts to know there is a new submission. Once you receive an email alert, log into the secure JotForm site and then look at the user (if you use form encryption email alerts wont be sent)

     

    4. If you use the Reports feature only do it with password protection. That will both ask for a password, and it will transfer all data over SSL.

     

    5. Logout immediately after you are done using the site to reduce the likelihood of someone having access to your account and its data on the same computer.

     

    6. Regularly download submissions and then delete them.