Is JotForm HIPAA compliant? Do you have more information on security?

  • Profile Image
    kristal james
    Asked on November 23, 2015 at 03:00 PM
    Also, is Jotform HIPAA compliant?
  • Profile Image
    Answered on November 23, 2015 at 03:14 PM

    Update (April 19, 2018) HIPAA is available for our Gold and Silver plans. 


    The quickest answer would be No. JotForm is not HIPAA compliant.

    However, JotForm does offer various security features that make it a service that you can use in a HIPAA compliant manner.

    Since all of the forms are now using secure URL no matter of the plan, if you do not change it on purpose, your forms will be loaded, and the data submitted over HTTPS - secure - protocol, meaning that no one can see what was loaded nor what was the data that is submitted.

    You can read more about this on our blog: All Embed Codes are Now Secure by Default (SSL)

    This however still leaves you at being secure, but not secure enough if you need to be HIPAA compliant, but our Encrypted forms feature covers you there.

    What happens is that all data submitted over encrypted form is being sent to our servers in an encrypted format, with encryption happening on the users side before it is being sent to us. As such not even we can look into it and see what might be stored in your data.

    You can see more about this here: Introducing Encrypted Forms: The Ultimate in Online Form Security

    I do suggest taking a look at this detailed explanation of the same as well: What are Encrypted Forms and how to use them as expert? as it covers all options and possible questions or issues that you might have at start.

    Now, if you use the encrypted forms (which is mentioned in the guide above), you will make the emails HIPAA compliant, meaning that no data will be sent over emails, but you will still receive a notification of the submission being created.With the encrypted forms it means that your reports will only show proper data if the people looking at them have the private key that is only shared with you when you create the form and even if someone would log into your account by some chance, they would again need the private key to do the same.If you download the submissions to your own secure storage and remove them from JotForm storage you are adding one more layer of protection around the submitted data and the files.Which is why as mentioned at the very top, JotForm itself is not HIPAA compliant, but using it in a HIPAA compliant manner is quite possible and easy to do.Do let us know if you have any additional questions in regards to the HIPAA compliance and we would be happy to answer them.

  • Profile Image
    Answered on November 24, 2015 at 08:59 AM

    Is there someone I can speak to from Jotform in regards to HIPAA compliance?
  • Profile Image
    Answered on November 24, 2015 at 10:21 AM

    I have moved your post to a new thread here Joe, where we will be happy to assist with any questions that you might have in regards to this shortly.

  • Profile Image
    Answered on January 12, 2016 at 04:59 PM

    Unable to open  

    Link takes me back to MyForms.

  • Profile Image
    Answered on January 12, 2016 at 08:52 PM


    Sorry but that's a private thread, that's why it is not available on your end.

    If you have a question, please open a new thread so we can help you.

    Thank you!

  • Profile Image
    Answered on April 13, 2018 at 10:06 AM

    Great news! JotForm now offers HIPAA compliance. This means users in the healthcare industry can use JotForm to collect sensitive patient information through consent and onboarding forms, medical history updates, online bill payments, and prescription refill requests. 

    HIPAA-compliant forms require a Gold pricing plan, which is only $99 a month or a Silver pricing plan, which is $39 a month. A business associate agreement (BAA) is also available upon request.

    For more information about our HIPAA-compliant forms, visit

  • Profile Image
    Answered on April 19, 2018 at 03:23 AM

    Update: HIPAA is available for Silver plan as well.