- maetheridgeAsked on August 19, 2016 at 08:28 PM
I have created some beautiful medical forms through Jotform that I would like to offer on my website for patients to use, but unfortunately I cannot because Jotform does not offer the required Business Associate Agreement (BAA) that allows me to be in compliance with federal HIPAA laws. A BAA is required to be in place before a medical practitioner can use your forms for patient data.
I know what you're thinking: just use the encrypted version, and we will never have access to your patients' data at all and so your patients' information is completely secure. That makes total sense, but HIPAA requirements do not care that the data is encrypted before it gets to Jotform's servers. A BAA must be in place by law no matter if the data is encrypted or not.
An increasing number of online technology providers are offering BAA's for their customers, including Google, Hushmail, and many, many others. A BAA simply says that you agree to keep data secure and not disclose it. Here is some useful information directly from the federal government's Health and Human Services Department about BAA's:
PLEASE consider adding the option of a BAA to Jotform's services so that I can use my forms on my website and be HIPAA compliant! Otherwise, I am forced to choose a different form builder company, and my forms will be inferior.
- JotForm SupportjonathanAnswered on August 19, 2016 at 10:16 PM
I have elevated your request to my higher ups for proper review. We will notify you here for response and update on the status.
- maetheridgeAnswered on August 28, 2016 at 06:32 PM
Thank you. Could you please provide me with an update on this question?
- JotForm SupportjonathanAnswered on August 28, 2016 at 06:44 PM
Our higher ups were already able to see your suggestion/request. It was now flagged as a requested feature.
But I would like to let you know that you should not get your hopes to high if this request will be updated soon.
Currently it was assigned with lower priority. It must have been due to reason that there were more feature or bugs in the Form Builder that were given much higher imporatance and priorty for this request.
- mightyogreAnswered on September 20, 2016 at 12:15 PM
It would take an attorney 15 minutes to make a BAA. Please do it.
- JotForm Support ManagerJeanetteAnswered on September 20, 2016 at 02:07 PM
We can only guide the users on how to make forms compliant with HIPAA requirements. Probably in the near future, Jotform will be fully HIPAA compliant. However, it is not possible to sign a BAA for now.
- maetheridgeAnswered on September 20, 2016 at 08:52 PM
I'm sorry, Jeanette, that is not correct. HIPAA requires a BAA between the healthcare professional and the company that has access to their data, even if it is in an encrypted format. Therefore, there is no way for a healthcare provider to legally use the Jotform forms in a HIPAA compliant manner until Jotform agrees to offer a BAA to its users.
I will be very glad when Jotform adds a BAA option to its service. I have a feeling you will get a lot more paid subscribers once that happens!
- SteveAnswered on January 05, 2017 at 12:43 AM
maetheridge is correct. As a healthcare services provider, I could never justify the use of a form builder where PHI can be potentially compromised. Too many practices are behind the times and is only beginning to implement customized patient intake forms-and when they do, they will look for a platform that provides a BAA. I am currently looking for form builders with this feature for my consulting business. These are the builders that I am currently looking at:
123 contact form autopilot cognito forms device magic form assembly formdesk formforall formidable forms formsite formstack goformz google forms gravity forms iformbuilder jotform machform ninjaforms perfectforms survey gizmo survey monkey trackvia typeform unbounce wufoo
Unfortunately, I will have to cross jotform off the list. Please get with the times, you have many competitors now.
- JotForm SupportamyAnswered on January 05, 2017 at 02:54 AM
Thank you for your feedbacks.
My manager gave information on this issue on 20th September 2016. But I am escalating this issue to her and our other members of higher management again.
When we have any update regarding your request, we'll inform you via this topic.