Print
ENTERPRISE: Regular Server vs. HIPAA Compliant Server
Security
Data is encrypted at rest by default at an Enterprise Server (good for PII):
Enterprise solution is completely isolated from JotForm environment, so nothing is shared with other users.
All data (user's forms/submissions etc.) is automatically encrypted at rest while being written to the physical disks.
Each encryption key is also encrypted with master keys managed by Google Cloud Platform (our hosting partner).
Encryption at rest database, available on HIPAA, is one level above that (required for PHI):
Our servers get the raw data, and while writing it to the database, we encrypt it with AES256 (every individual submission has a unique key) and every individual AES265 key is also encrypted with user's public key (RSA2048). Keys are seamless to users and completely managed by JotForm.
In short, the regular enterprise setup provides disk encryption, whereas HIPAA adds database encryption over it.
Integrations
Compared to the 100+ available integrations for non-HIPAA servers the number of available integrations goes down significantly to a handful:
What this means is any existing integration you might have that is not on this list will be disabled. Note that this is not a JotForm limitation, but a HIPAA requirement which mandates end-to-end HIPAA compliance (traceability of each access to PHI to a known, unique individual).
And even with these available integrations, it is your legal responsibility to maintain HIPAA compliance. If you have integrated your form submission data with a Google spreadsheet for instance, and then made that Sheet available openly to the internet, obviously that would not be a HIPAA-compliant integration.
Approval Workflows
What is a NULL widget on a form?