HIPAA compliance requires the protection of sensitive healthcare data in every possible way. Jotform takes the necessary measures to protect healthcare data while they are stored in the Jotform HIPAA-friendly system. However, sharing this data on insecure channels may still result in HIPAA violations.
One of the insecure channels is emails. Only a few specialized email services are providing end-to-end email encryption and using secure communication channels for emails like SSL is not sufficient to avoid a potential data breach. On the other hand, emails are crucial for many use cases and they are just irreplaceable for many users.
Protected Health Information (PHI)
With Jotform HIPAA, you are still allowed to use Notification and Autoresponder emails. The only thing you should pay attention to is not including sensitive healthcare data in them. That is why you need to mark these fields as “protected” on the form as described in How to Set HIPAA PHI Fields on Your Forms.

When you get a new submission and if that submission needs to be delivered with an email channel, PHI fields will be removed from the email.

To learn more, see how to set up Notification and Autoresponder emails.
Send Comment:
11 Comments:
We need to edit our forms, e.g. to note what actions we are taking. The "edit" function at the bottom of each form now just takes us to the Jotform home page. Is there a way to enable editing? Does it always require logging into the account? Does removing the HIPAA badge make the form editable again?
Will a downloaded copy of the form submission in PDF also hide the sensitive information as seen in the screenshot above?
If you are going to hide the information in the notification email, then the system is useless. The whole point of using the forms is to get the information. I don't get it. This means we have to go back to paper. How totally ridiculous. Patients send us text messages all the time. What's the difference between patients sending us a text message and them sending us an email?
How can the approver get to see the protected fields in an HIPAA complaint submission?
Can I email my HIPPA compliant form (which need to be completed and signed by my client) through my Hushmail which can be encrypted?
CURRENTLY EVEN THE PROTECTED INFO IS BEING SENT OUT IN THE APPOINTMENT REMINDER EMAILS WITH THE DEFAULT THAT WAS JUST APPLIED!!!
So to see the sensitive info, which do not show in the email, do we need to log into jotform to view the submissions?
I was advised that attached PDFs are still allowed since jotform HIPAA compliant accounts automatically password protect the PDFs. Can you confirm how to set up email notifications to include a password protected pdf on a HIPPA compliant account? I don’t see it as an option anywhere.
I agree with mattoxphy - please respond
I just upgraded to HIPAA and noticed that the autoresponder and notification emails hide everything including the date the form was filled out. While many of our forms and email communications do require privacy there are some forms and communications that do not. Is there a way to create the autoresponder and notification emails for those form that do not require HIPAA protection to send information as it was under the old platform?
I do not have the "protected" and "not protected" icons on my forms. How do I get system to recognize I have protected health information and need to mark some fields as protected? Does not seem to be an option for me.