No, Typeform isn’t HIPAA compliant. Also, the company won’t sign a business associate agreement (BAA).
Typeform provides data-collection services through online forms. Even though the company is currently working on HIPAA compliance, the existing service doesn’t meet HIPAA security and privacy requirements.
Typeform’s terms and conditions are clear that covered entities shouldn’t use these forms for collecting protected health information (PHI).
Because Typeform doesn’t provide HIPAA-compliant security features, the company won’t sign a BAA.