HIPAA compliance and encryption

  • Profile Image
    Asked on October 31, 2016 at 08:16 AM

    Got half the answer in the FAQ section but still need to verify data sovereignty. Also, the form questions provide answers about HIPAA but there are a few other rules like the HITEC which have required breach notification rules. Many require a Business Agreement to be in place so does Jotforms offer this to healthcare entities?

    I did see that you offer not only encryption "in flight" but also the option to encrypt on the server if the user selects ... very nice.

    --  --  -- Prior question:

    Great tool. Context of the questions: Using Jotform for healthcare

    1. Where is the form data stored? Is that storage guaranteed to be in the US (data sovereignty rules) and HIPAA compliant encrypted transmission?

    2. If not, can the data be redirected to a HIPAA compliant server? Amazon, Azure, and Google all offer HIPAA compliant cloud options as do many others.



  • Profile Image
    Answered on October 31, 2016 at 11:15 AM

    Update (April 10, 2018) HIPAA is available for our Gold plan.


    It seems to me that you have some concerns involving our Hippa Compliance for encryption and security reasons so this has made you question it some and we would be more than happy to clarify.

    What sort of Business Agreement are you referring to if you don't mind us asking more? Usually compliance is non-written so long as you agree to comply with the terms in most cases and generally we do not usually sign anything for these cases as far as I knows since there's been no need for it.

    As for your prior questions even though related that's a different subject that I have moved to this new thread to answer separately.

  • Profile Image
    Answered on October 31, 2016 at 11:20 AM

    Additionally, this thread here https://www.jotform.com/answers/333046-is-JotForm-HIPAA-Compliant should help to answer more about our Hippa Compliance.

  • Profile Image
    Answered on April 13, 2018 at 12:00 PM

    Great news! JotForm now offers HIPAA compliance.
     This means users in the healthcare industry can use JotForm to collect sensitive patient information through consent and onboarding forms, medical history updates, online bill payments, and prescription refill requests. 

    HIPAA-compliant forms require a Gold pricing plan, which is only $99 a month. A business associate agreement (BAA) is also available upon request.

    For more information about our HIPAA-compliant forms, visit www.jotform.com/hipaa