JotForm User Guide / HIPAA Compliant Forms /

How to set up Notification for HIPAA accounts?

How to set up Notification for HIPAA accounts?

HIPAA Compliance requires protection of sensitive healthcare data in every possible way. JotForm takes the necessary measures to protect healthcare data while they are stored in JotForm HIPAA Compliance system. However, this protection is not sufficient to provide a complete solution. That is why JotForm also manages how this data is shared via email channels.


Notification emails, as one of the most used methods for tracking form submission, is a potential data breach point. Only a few specialized email service is providing end-to-end email encryption and using secure communication channels for emails (SSL) is not sufficient to avoid a potential data breach. This is the reason for redefining the rules for notification emails in HIPAA accounts.


The good news is JotForm still allowing notification emails and making them more secure. You can still define any number of notification email for your forms. However, email recipients are expected to pass additional security gates to access submission data. In this guide, we will explain how notification emails were defined and what should be done by recipients to view the submission. If you want to add password protected submission PDF into your notification emails, check out this link.


1- You can define as many notification emails as you need. While you are editing your form, go to SETTINGS at the top of the Form Builder. Select EMAILS on the left navigation menu. Click the PLUS + icon to add notification emails. You can find detailed information on notification emails on this link.



2- Whenever there is a form submission, the following notification email will be sent to users. As you can see from the screenshot, the email is for notifying the user that an encrypted form response was received. The user has the notification but cannot view the response unless he has explicit permission from you.



3- When the email recipient tries to view the submission by clicking “VIEW RESPONSE”, he/she will see the following screen. This security gate is needed as the email could be compromised and we are making sure that you give explicit access to this user. The user needs to add his email address to the form and click “Request Access”.



4- Whenever there is such a request, you will receive the following email. If you want to give access to the user, you need to click to “Approve Request and Add as a Sub-user”. As you can understand, to allow the user to access the protected health information, you need to add him/her as a sub-user to your account. With this method, even the email is compromised, you still have the control to decide who will access sensitive healthcare data.



5- When you click on “Approve Request and Add as a Sub-user”, the user will be automatically added as a sub-user in your account and receive an email regarding the result of his/her previous request. You will be redirected to sub-user management interface in JotForm to see the latest status about your sub-users. From this interface, you can add/remove sub-users or change their permissions. See How to Share Forms with a Sub-Account User for more information about sub-user management.



6- Your new sub-user (bob@example.com) will receive the following email. S/He needs to complete account creation to access submission data.



7- Once your sub-user created his account, he will have access to form submissions (according to permissions you set on Step 5). The following screenshot shows what they will see once they log-in to JotForm.


Please note that sub-account does not need to login the account every time s/he receives a submission. After all these steps, the recipient can view submission data both from submission page and via notification email. 

This is how you give access to protected health information (PHI) stored in your account. You need to make them sub-users in your account and allow them to view (at least) whichever form you want. 

Send Comment