JotForm User Guide / HIPAA Compliant Forms /

How to upgrade to HIPAA Compliance?

How to upgrade to HIPAA Compliance?

JotForm HIPAA accounts are served from an isolated HIPAA system. In that system, we are taking additional measures in addition to our normal practices to avoid even unintentional data breaches. When you upgrade to HIPAA compliance, all your data is migrated to the isolated HIPAA system which supports HIPAA guidelines.


You may create a new account or upgrade your existing JotForm account to HIPAA compliance. Our upgrade wizard will help you with both cases and in this guide we will explain those steps.


1- The upgrade wizard is initiated from https://www.jotform.com/myaccount/data.




2- The upgrade wizard will first check your subscription type. We are offering HIPAA compliance only for Silver or Gold subscriptions. If you don’t have a Silver or Gold subscription you will see the following message.




3- The upgrade wizard will check if you have verified your email address. If you have not already verified your email address, you will see the following message. "You can update your email address, trigger re-sending verification email to continue."




4- The upgrade wizard will ask you to define a new password. This password will be your account password after your account is upgraded to HIPAA Compliance. The new password has to follow the HIPAA guidelines. The rules are:

  • - It must be different from your last 6 passwords

  • - It must have minimum 8 characters

  • - It must be a mix of upper case, lower case, numbers and special characters.


After defining your new password, please click “Next” to continue.



5- At this step, you will be asked to sign JotForm's Business Associate Agreement (BAA). Please provide required information and click "Submit". BAA will be generated automatically with the information you have provided and will be sent you via email once upgrade operation is completed on your account. Here is how BAA form looks like.



6- In this step, the upgrade wizard will review all your forms for HIPAA compliance. To avoid any HIPAA compliance issue, JotForm will allow use of only HIPAA compliant widgets and integrations in your forms. If wizard detects any elements in your forms that are not HIPAA compliant, it will list those elements.




If no issues are found, then you are all set to begin migration. Please click “Next” to start migrating your forms to our HIPAA system.




7- Clicking “Next” in the previous step will trigger the automated migration process for your forms. Once the migration is completed, you will see the following screen showing the result of migration. From this screen, you can download JotForm’s signed Business Associate Agreement (BAA). Click “Complete” to close the wizard.




8- You will also receive an email notifying you about the result of the migration. JotForm’s signed Business Associate Agreement (BAA) will also be attached to this email.




9- Congratulations! Your account, forms and data are now HIPAA Compliant. The HIPAA Compliance badge is automatically added to your account and forms.





Important Notice 1: HIPAA compliance is available only for Silver and Gold plan. If you are not on any of these plans, you need to upgrade Silver or Gold plan first. Here is a more detailed user guide about how to upgrade your account: https://www.jotform.com/help/331-How-to-Upgrade-My-Account


Important Notice 2: Please make sure your email address is verified.

Send Comment

4 Comments...

  • MaryHerndon

    Hello!

    I'm interested in upgrading to a HIPAA compliant plan. I've created one form (that includes an attachment field) in the free version to get an idea how things work. I see that when a form is submitted it send an e-mail with the attachment in the free version. How will forms (and attachments) be received by me when I have upgraded to the HIPAA compliant plan?

    THANK YOU!

  • DanielRadulescu

    Ok, so I have existing forms on my existing Bronze account that I want to be HIPAA compliant. If SOME widgets and integrations will no longer work when you upgrade, then I would imagine that it would make sense to have a list of those non-working widgets and integrations so that we can identify the scope of this upgrade and plan accordingly - NOPE. So in contacting support, there is no such list.... REALLY?? So upgrade and just see what breaks is the solution? According to support there is a disconnection of integrations and a REMOVAL of non-HIPAA compliant widgets. How do we know what breaks? Upgrade the plan and then you'll see. While I love that there is a pathway to a more secure and HIPAA compliant environment, the wait and see what breaks philosophy is really concerning! Please create a simple list of what is and is not HIPAA compliant if/when an upgrade occurs so that correction can be made prior to upgrade instead of at the time of upgrade with an unknown body of work...

  • EastersealsSC

    If we have the silver plan, does it cost additional to use the HIPAA compliance forms?

  • whedrick

    We have silver package but the upgrade to compliance link states that we do not.