PLEASE consider offering a Business Associate Agreement (BAA)

  • maetheridge
    Asked on August 19, 2016 at 8:28 PM

    I have created some beautiful medical forms through Jotform medical history templates that I would like to offer on my website for patients to use, but unfortunately I cannot because Jotform does not offer the required Business Associate Agreement (BAA) that allows me to be in compliance with federal HIPAA laws. A BAA is required to be in place before a medical practitioner can use your forms for patient data. 

    I know what you're thinking: just use the encrypted version, and we will never have access to your patients' data at all and so your patients' information is completely secure. That makes total sense, but HIPAA requirements do not care that the data is encrypted before it gets to Jotform's servers. A BAA must be in place by law no matter if the data is encrypted or not. 

    An increasing number of online technology providers are offering BAA's for their customers, including Google, Hushmail, and many, many others. A BAA simply says that you agree to keep data secure and not disclose it. Here is some useful information directly from the federal government's Health and Human Services Department about BAA's:

    http://www.hhs.gov/hipaa/for-professionals/covered-entities/sample-business-associate-agreement-provisions/index.html

    PLEASE consider adding the option of a BAA to Jotform's services so that I can use my forms on my website and be HIPAA compliant! Otherwise, I am forced to choose a different form builder company, and my forms will be inferior. 

  • jonathan
    Replied on August 19, 2016 at 10:16 PM

    Hi,

    I have elevated your request to my higher ups for proper review. We will notify you here for response and update on the status.

    Thank you.

  • maetheridge
    Replied on August 28, 2016 at 6:32 PM

    Thank you. Could you please provide me with an update on this question? 

  • jonathan
    Replied on August 28, 2016 at 6:44 PM

    Our higher ups were already able to see your suggestion/request. It was now flagged as a requested feature.

    But I would like to let you know that you should not get your hopes to high if this request will be updated soon.

    Currently it was assigned with lower priority. It must have been due to reason that there were more feature or bugs in the Form Builder that were given much higher imporatance and priorty for this request.

    Thanks.

  • mightyogre
    Replied on September 20, 2016 at 12:15 PM

    It would take an attorney 15 minutes to make a BAA.  Please do it.

  • Jeanette JotForm Support
    Replied on September 20, 2016 at 2:07 PM

    Update (April 19, 2018) HIPAA is available for our Gold & Silver plans. https://www.jotform.com/hipaa/ 

    We can only guide the users on how to make forms compliant with HIPAA requirements.  Probably in the near future, Jotform will be fully HIPAA compliant. However, it is not possible to sign a BAA for now.

  • maetheridge
    Replied on September 20, 2016 at 8:52 PM

    I'm sorry, Jeanette, that is not correct. HIPAA requires a BAA between the healthcare professional and the company that has access to their data, even if it is in an encrypted format. Therefore, there is no way for a healthcare provider to legally use the Jotform forms in a HIPAA compliant manner until Jotform agrees to offer a BAA to its users. 

    I will be very glad when Jotform adds a BAA option to its service. I have a feeling you will get a lot more paid subscribers once that happens!

  • Steve
    Replied on January 5, 2017 at 12:43 AM

    maetheridge is correct. As a healthcare services provider, I could never justify the use of a form builder where PHI can be potentially compromised. Too many practices are behind the times and is only beginning to implement customized patient intake forms-and when they do, they will look for a platform that provides a BAA. I am currently looking for form builders with this feature for my consulting business. These are the builders that I am currently looking at: 

    123 contact form
    autopilot
    cognito forms
    device magic
    form assembly
    formdesk
    formforall
    formidable forms
    formsite
    formstack
    goformz
    google forms
    gravity forms
    iformbuilder
    jotform
    machform
    ninjaforms
    perfectforms
    survey gizmo
    survey monkey
    trackvia
    typeform
    unbounce
    wufoo

    Unfortunately, I will have to cross jotform off the list. Please get with the times, you have many competitors now.

  • amy
    Replied on January 5, 2017 at 2:54 AM

    Thank you for your feedbacks. 

    My manager gave information on this issue on 20th September 2016. But I am escalating this issue to her and our other members of higher management again.

    When we have any update regarding your request, we'll inform you via this topic. 

    Kind Regards.

  • Rose
    Replied on April 11, 2018 at 8:59 AM

    Great news! JotForm now offers HIPAA compliance. This means users in the healthcare industry can use JotForm to collect sensitive patient information through consent and onboarding forms, medical history updates, online bill payments, and prescription refill requests.

    HIPAA-compliant forms require a Gold pricing plan, which is only $99 a month or a Silver pricing plan, which is $39 a month. A business associate agreement (BAA) is also available upon request.

    For more information about our HIPAA-compliant forms, visit www.jotform.com/hipaa

  • gizem
    Replied on April 19, 2018 at 7:48 AM

    Update: HIPAA is available for the Silver plan as well.