JotForm User Guide / HIPAA Compliant Forms /

How to use Notification and AutoResponder emails in HIPAA accounts?

How to use Notification and AutoResponder emails in HIPAA accounts?

HIPAA Compliance requires protection of sensitive healthcare data in every possible way. JotForm takes the necessary measures to protect healthcare data while they are stored in JotForm HIPAA Compliance system. However, sharing this data on insecure channels may still result in HIPAA violations.

One of the insecure channels is emails. Only a few specialized email service is providing end-to-end email encryption and using secure communication channels for emails (SSL) is not sufficient to avoid a potential data breach. So, delivering form submission data with JotForm's Notification or AutoResponder emails is an example of carrying sensitive healthcare data into an insecure medium and causing a HIPAA violation. On the other hand, both emails are crucial for many use-cases and they are just irreplaceable for many JotForm users.

In JotForm HIPAA Compliant accounts, you are still allowed to use Notification and AutoResponder emails. The only thing you should pay attention is not including sensitive healthcare data in them. That is why you need to mark your form fields as "Protected" as described in How to Set PHI Fields on Your Forms. When you get a new submission and if that submission needs to be delivered with email channel, "Protected" fields will be removed from the email and the email will have only "Not Protected" fields.

Here is an example of Protected/Not Protected fields:

This guide assumes you already know how to set-up Notification and AutoResponder emails for your forms. If you need detailed information on them, you can read "Setting up Email Notifications" and "Setting up an Autoresponder Email" or "JotForm User Guide / Form Emails" sections.

Here is an example of Notification Email in HIPAA Compliant accounts (note the Protected fields are removed from the email content):

Here is a sample AutoResponder Email in HIPAA Compliant accounts:

Contact Support:
Our customer support team is available 24/7 and our average response time is between one to two hours.
Our team can be contacted via:
Contact JotForm Support:

Send Comment


  • nicoletoffice


  • clearsoundhearinginstruments

    So to see the sensitive info, which do not show in the email, do we need to log into jotform to view the submissions?

  • Amber Blackwell

    I was advised that attached PDFs are still allowed since jotform HIPAA compliant accounts automatically password protect the PDFs. Can you confirm how to set up email notifications to include a password protected pdf on a HIPPA compliant account? I don’t see it as an option anywhere.

  • tjlphd

    I agree with mattoxphy - please respond

  • PPTS

    I just upgraded to HIPAA and noticed that the autoresponder and notification emails hide everything including the date the form was filled out. While many of our forms and email communications do require privacy there are some forms and communications that do not. Is there a way to create the autoresponder and notification emails for those form that do not require HIPAA protection to send information as it was under the old platform?

  • mattoxphy

    I do not have the "protected" and "not protected" icons on my forms. How do I get system to recognize I have protected health information and need to mark some fields as protected? Does not seem to be an option for me.