What is JotForm?
JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.

At JotForm, we want to make sure that you’re getting the online form builder help that you need. Our friendly customer support team is available 24/7.

We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.

  • Profile Image

    Is JotForm HIPAA compliant? Do you have more information on security?

    Asked by kristal james on November 23, 2015 at 03:00 PM
    Also, is Jotform HIPAA compliant?
  • Profile Image

    Answered by Ben on November 23, 2015 at 03:14 PM

    The quickest answer would be No. JotForm is not HIPAA compliant.

    However, JotForm does offer various security features that make it a service that you can use in a HIPAA compliant manner.

    Since all of the forms are now using secure URL no matter of the plan, if you do not change it on purpose, your forms will be loaded, and the data submitted over HTTPS - secure - protocol, meaning that no one can see what was loaded nor what was the data that is submitted.

    You can read more about this on our blog: All Embed Codes are Now Secure by Default (SSL)

    This however still leaves you at being secure, but not secure enough if you need to be HIPAA compliant, but our Encrypted forms feature covers you there.

    What happens is that all data submitted over encrypted form is being sent to our servers in an encrypted format, with encryption happening on the users side before it is being sent to us. As such not even we can look into it and see what might be stored in your data.

    You can see more about this here: Introducing Encrypted Forms: The Ultimate in Online Form Security

    I do suggest taking a look at this detailed explanation of the same as well: What are Encrypted Forms and how to use them as expert? as it covers all options and possible questions or issues that you might have at start.

    Now, if you use the encrypted forms (which is mentioned in the guide above), you will make the emails HIPAA compliant, meaning that no data will be sent over emails, but you will still receive a notification of the submission being created.With the encrypted forms it means that your reports will only show proper data if the people looking at them have the private key that is only shared with you when you create the form and even if someone would log into your account by some chance, they would again need the private key to do the same.If you download the submissions to your own secure storage and remove them from JotForm storage you are adding one more layer of protection around the submitted data and the files.Which is why as mentioned at the very top, JotForm itself is not HIPAA compliant, but using it in a HIPAA compliant manner is quite possible and easy to do.Do let us know if you have any additional questions in regards to the HIPAA compliance and we would be happy to answer them.

  • Profile Image

    Answered by Joe  on November 24, 2015 at 08:59 AM

    Is there someone I can speak to from Jotform in regards to HIPAA compliance?
  • Profile Image

    Answered by Ben on November 24, 2015 at 10:21 AM

    I have moved your post to a new thread here http://www.jotform.com/answers/710934 Joe, where we will be happy to assist with any questions that you might have in regards to this shortly.

  • Profile Image

    Answered by drjax on January 12, 2016 at 04:59 PM

    Unable to open http://www.jotform.com/answers/710934  

    Link takes me back to MyForms.

  • Profile Image
    JotForm Support

    Answered by EltonCris on January 12, 2016 at 08:52 PM


    Sorry but that's a private thread, that's why it is not available on your end.

    If you have a question, please open a new thread so we can help you.

    Thank you!