How to Set HIPAA PHI Fields on Your Forms

April 19, 2024

HIPAA compliance requires protecting sensitive healthcare data in every possible way. However, it is quite common that not all fields on a form contain protected health information (PHI). In other words, you may be collecting sensitive healthcare data with HIPAA PHI fields along with non-sensitive regular data together. With Jotform features that help with HIPAA compliance, you can have such mixed content on a single form.

Jotform allows you to mark your form fields used to collect healthcare data and must be “protected.” This allows Jotform to enable additional services specific to HIPAA PHI fields.

An important use case for this feature is with Notification and Autoresponder emails. You may know that email communication doesn’t guarantee sufficient data security for HIPAA and any email containing PHI is a potential source of data breach. On the other hand, email is the most important communication channel that keeps many businesses running. With Jotform features that help with HIPAA compliance available, you can still use Notification and Autoresponder emails as before. The only difference is that the HIPAA PHI fields’ data are automatically removed from the email.

Configuring Your Forms for Mixed Content

On your forms, each form element has a PHI switch. You can use this switch to toggle between states.

A PHI switch in Jotform Form Builder


Use this feature with caution and double-check which fields are set to OFF or not protected to avoid HIPAA violations.

Here are the available options:

  • PHI (protected) — For fields collecting sensitive healthcare data that can’t be used in insecure mediums.
  • OFF (not protected) — For fields collecting data that are not considered PHI and can be used in insecure mediums.

When you enable features that help with HIPAA compliance, all form fields will be marked as PHI by default. You can change any of them according to your needs. Your data is always encrypted even if you turn off PHI. The feature allows you to tell the system which data needs protection and which can go on without.

Here is an example email. Notice how unprotected fields are displayed while protected ones are hidden:

Non-PHI fields displayed in the email

HIPAA-Friendly Online Forms

Organize patient health records with forms that can help you comply with HIPAA.

Learn More
HIPAA-Friendly Online Forms
Contact Support:

Our customer support team is available 24/7 and our average response time is between one to two hours.
Our team can be contacted via:

Support Forum:

Contact Jotform Support:

Send Comment:

Jotform Avatar
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


  • PediatricJunction - Profile picture
  • Info_thule - Profile picture