PLEASE consider offering a Business Associate Agreement (BAA)

  • Profile Image
    Asked on August 19, 2016 at 08:28 PM

    I have created some beautiful medical forms through Jotform medical history templates that I would like to offer on my website for patients to use, but unfortunately I cannot because Jotform does not offer the required Business Associate Agreement (BAA) that allows me to be in compliance with federal HIPAA laws. A BAA is required to be in place before a medical practitioner can use your forms for patient data. 

    I know what you're thinking: just use the encrypted version, and we will never have access to your patients' data at all and so your patients' information is completely secure. That makes total sense, but HIPAA requirements do not care that the data is encrypted before it gets to Jotform's servers. A BAA must be in place by law no matter if the data is encrypted or not. 

    An increasing number of online technology providers are offering BAA's for their customers, including Google, Hushmail, and many, many others. A BAA simply says that you agree to keep data secure and not disclose it. Here is some useful information directly from the federal government's Health and Human Services Department about BAA's:

    PLEASE consider adding the option of a BAA to Jotform's services so that I can use my forms on my website and be HIPAA compliant! Otherwise, I am forced to choose a different form builder company, and my forms will be inferior. 

  • Profile Image
    Answered on August 19, 2016 at 10:16 PM


    I have elevated your request to my higher ups for proper review. We will notify you here for response and update on the status.

    Thank you.

  • Profile Image
    Answered on August 28, 2016 at 06:32 PM

    Thank you. Could you please provide me with an update on this question? 

  • Profile Image
    Answered on August 28, 2016 at 06:44 PM

    Our higher ups were already able to see your suggestion/request. It was now flagged as a requested feature.

    But I would like to let you know that you should not get your hopes to high if this request will be updated soon.

    Currently it was assigned with lower priority. It must have been due to reason that there were more feature or bugs in the Form Builder that were given much higher imporatance and priorty for this request.


  • Profile Image
    Answered on September 20, 2016 at 12:15 PM

    It would take an attorney 15 minutes to make a BAA.  Please do it.

  • Profile Image
    Answered on September 20, 2016 at 02:07 PM

    Update (April 19, 2018) HIPAA is available for our Gold & Silver plans. 

    We can only guide the users on how to make forms compliant with HIPAA requirements.  Probably in the near future, Jotform will be fully HIPAA compliant. However, it is not possible to sign a BAA for now.

  • Profile Image
    Answered on September 20, 2016 at 08:52 PM

    I'm sorry, Jeanette, that is not correct. HIPAA requires a BAA between the healthcare professional and the company that has access to their data, even if it is in an encrypted format. Therefore, there is no way for a healthcare provider to legally use the Jotform forms in a HIPAA compliant manner until Jotform agrees to offer a BAA to its users. 

    I will be very glad when Jotform adds a BAA option to its service. I have a feeling you will get a lot more paid subscribers once that happens!

  • Profile Image
    Answered on January 05, 2017 at 12:43 AM

    maetheridge is correct. As a healthcare services provider, I could never justify the use of a form builder where PHI can be potentially compromised. Too many practices are behind the times and is only beginning to implement customized patient intake forms-and when they do, they will look for a platform that provides a BAA. I am currently looking for form builders with this feature for my consulting business. These are the builders that I am currently looking at: 

    123 contact form
    cognito forms
    device magic
    form assembly
    formidable forms
    google forms
    gravity forms
    survey gizmo
    survey monkey

    Unfortunately, I will have to cross jotform off the list. Please get with the times, you have many competitors now.

  • Profile Image
    Answered on January 05, 2017 at 02:54 AM

    Thank you for your feedbacks. 

    My manager gave information on this issue on 20th September 2016. But I am escalating this issue to her and our other members of higher management again.

    When we have any update regarding your request, we'll inform you via this topic. 

    Kind Regards.

  • Profile Image
    Answered on April 11, 2018 at 08:59 AM

    Great news! JotForm now offers HIPAA compliance. This means users in the healthcare industry can use JotForm to collect sensitive patient information through consent and onboarding forms, medical history updates, online bill payments, and prescription refill requests.

    HIPAA-compliant forms require a Gold pricing plan, which is only $99 a month or a Silver pricing plan, which is $39 a month. A business associate agreement (BAA) is also available upon request.

    For more information about our HIPAA-compliant forms, visit

  • Profile Image
    Answered on April 19, 2018 at 07:48 AM

    Update: HIPAA is available for the Silver plan as well.