Is JotForm HIPAA compliant? Do you have more information on security?

  • Profile Image
    kristal james
    Asked on November 23, 2015 at 03:00 PM
    Also, is Jotform HIPAA compliant?
  • Profile Image
    Ben
    Answered on November 23, 2015 at 03:14 PM

    The quickest answer would be No. JotForm is not HIPAA compliant.

    However, JotForm does offer various security features that make it a service that you can use in a HIPAA compliant manner.

    Since all of the forms are now using secure URL no matter of the plan, if you do not change it on purpose, your forms will be loaded, and the data submitted over HTTPS - secure - protocol, meaning that no one can see what was loaded nor what was the data that is submitted.

    You can read more about this on our blog: All Embed Codes are Now Secure by Default (SSL)

    This however still leaves you at being secure, but not secure enough if you need to be HIPAA compliant, but our Encrypted forms feature covers you there.

    What happens is that all data submitted over encrypted form is being sent to our servers in an encrypted format, with encryption happening on the users side before it is being sent to us. As such not even we can look into it and see what might be stored in your data.

    You can see more about this here: Introducing Encrypted Forms: The Ultimate in Online Form Security

    I do suggest taking a look at this detailed explanation of the same as well: What are Encrypted Forms and how to use them as expert? as it covers all options and possible questions or issues that you might have at start.

    Now, if you use the encrypted forms (which is mentioned in the guide above), you will make the emails HIPAA compliant, meaning that no data will be sent over emails, but you will still receive a notification of the submission being created.With the encrypted forms it means that your reports will only show proper data if the people looking at them have the private key that is only shared with you when you create the form and even if someone would log into your account by some chance, they would again need the private key to do the same.If you download the submissions to your own secure storage and remove them from JotForm storage you are adding one more layer of protection around the submitted data and the files.Which is why as mentioned at the very top, JotForm itself is not HIPAA compliant, but using it in a HIPAA compliant manner is quite possible and easy to do.Do let us know if you have any additional questions in regards to the HIPAA compliance and we would be happy to answer them.

  • Profile Image
    Joe 
    Answered on November 24, 2015 at 08:59 AM

    Is there someone I can speak to from Jotform in regards to HIPAA compliance?
  • Profile Image
    Ben
    Answered on November 24, 2015 at 10:21 AM

    I have moved your post to a new thread here http://www.jotform.com/answers/710934 Joe, where we will be happy to assist with any questions that you might have in regards to this shortly.

  • Profile Image
    drjax
    Answered on January 12, 2016 at 04:59 PM

    Unable to open http://www.jotform.com/answers/710934  

    Link takes me back to MyForms.

  • Profile Image
    EltonCris
    Answered on January 12, 2016 at 08:52 PM

    @drjax

    Sorry but that's a private thread, that's why it is not available on your end.

    If you have a question, please open a new thread so we can help you.

    Thank you!