Typeform provides data-collection services through online forms, and has integrated security features to meet HIPAA security and privacy requirements.
Both physical security and network security features are in place, including access control, penetration testing, multiple levels of encryption, and other data protection measures. Typeform has an information security department that’s responsible for overseeing all security administration.
Since the service offers protection for data and information, it seems that covered entities have the option to use this service for protected health information (PHI). Collecting PHI is part of HIPAA compliance, which means that Typeform is a business associate. Covered entities using this service to gather, store, or transmit PHI should contact Typeform customer service to ensure they have a business associate agreement (BAA) in place.