How to Set HIPAA PHI Fields on Your Forms

HIPAA compliance requires protecting sensitive healthcare data in every possible way. However, it is quite common that not all fields on a form contain protected health information (PHI). In other words, you may be collecting sensitive healthcare data with HIPAA PHI fields along with non-sensitive regular data together. With Jotform HIPAA compliance features available, you can have such mixed content on a single form.

Jotform allows you to mark your form fields used to collect healthcare data and must be “protected.” This allows Jotform to enable additional services specific to HIPAA PHI fields.

An important use case for this feature is Autoresponder and Notification emails. You may know that email communication doesn’t guarantee a sufficient level of data security for HIPAA and any email which is containing PHI is a potential source of a data breach. On the other hand, email is the most important communication channel that keeps many businesses running. With Jotform HIPAA compliance features available, you can still use Autoresponder and Notification emails as before. The only difference is that the HIPAA PHI fields’ data are automatically removed from the email.

Configuring Your Forms for Mixed Content

On your forms, each form element has a PHI switch. You can use this to switch between states.

Here are the options:

• PHI (protected) — For fields that are used for collecting sensitive healthcare data and can’t be used in insecure mediums.
• OFF (not protected) — For fields used for collecting data not considered PHI and can be used in insecure mediums.

When you enable HIPAA compliance, all form fields will be marked as PHI by default. You can change any of them according to your needs. Your data is always encrypted even if you turn off PHI. The feature allows you to tell the system which data needs protection and which can go on without.

Here is an example email. Notice how unprotected fields are displayed while protected ones are hidden: