Yes, Typeform is HIPAA compliant. The company provides necessary security features and will sign a business associate agreement (BAA) with covered entities.
Both physical security and network security features are in place, including access control, penetration testing, multiple levels of encryption, and other data protection measures. Typeform has an information security department that’s responsible for overseeing all security administration.
Since the service offers necessary protection for data and information, covered entities have the option to use this service for protected health information (PHI). Collecting PHI is part of HIPAA compliance, which means that Typeform is a business associate. Covered entities using this service to gather, store, or transmit PHI should contact Typeform customer service to ensure they have a business associate agreement (BAA) in place.