HIPAA compliance requires the protection of sensitive healthcare data in every possible way. Jotform takes the necessary measures to protect healthcare data while they are stored in the Jotform HIPAA-friendly system. However, sharing this data on insecure channels may still result in HIPAA violations.
One of the channels that may not be secure is email. Only a few specialized email services are providing end-to-end email encryption and using secure communication channels for emails like SSL is not sufficient to avoid a potential data breach. On the other hand, emails are crucial for many use cases and irreplaceable for many users.
Protected Health Information (PHI)
With Jotform HIPAA, you can still use Notification and Autoresponder emails given that you don’t include any sensitive healthcare data in them. You can do this by marking your form fields that gather health information as protected.
See How to Set HIPAA PHI Fields on Your Forms to learn more.
When you get a new submission and the data is delivered via email, PHI fields will be removed from the email.
Send Comment:
11 Comments:
More than a year ago
We need to edit our forms, e.g. to note what actions we are taking. The "edit" function at the bottom of each form now just takes us to the Jotform home page. Is there a way to enable editing? Does it always require logging into the account? Does removing the HIPAA badge make the form editable again?
More than a year ago
Will a downloaded copy of the form submission in PDF also hide the sensitive information as seen in the screenshot above?
More than a year ago
If you are going to hide the information in the notification email, then the system is useless. The whole point of using the forms is to get the information. I don't get it. This means we have to go back to paper. How totally ridiculous. Patients send us text messages all the time. What's the difference between patients sending us a text message and them sending us an email?
More than a year ago
How can the approver get to see the protected fields in an HIPAA complaint submission?
More than a year ago
Can I email my HIPPA compliant form (which need to be completed and signed by my client) through my Hushmail which can be encrypted?
More than a year ago
CURRENTLY EVEN THE PROTECTED INFO IS BEING SENT OUT IN THE APPOINTMENT REMINDER EMAILS WITH THE DEFAULT THAT WAS JUST APPLIED!!!
More than a year ago
So to see the sensitive info, which do not show in the email, do we need to log into jotform to view the submissions?
More than a year ago
I was advised that attached PDFs are still allowed since jotform HIPAA compliant accounts automatically password protect the PDFs. Can you confirm how to set up email notifications to include a password protected pdf on a HIPPA compliant account? I don’t see it as an option anywhere.
More than a year ago
I agree with mattoxphy - please respond
More than a year ago
I just upgraded to HIPAA and noticed that the autoresponder and notification emails hide everything including the date the form was filled out. While many of our forms and email communications do require privacy there are some forms and communications that do not. Is there a way to create the autoresponder and notification emails for those form that do not require HIPAA protection to send information as it was under the old platform?
More than a year ago
I do not have the "protected" and "not protected" icons on my forms. How do I get system to recognize I have protected health information and need to mark some fields as protected? Does not seem to be an option for me.