No, Wufoo isn’t HIPAA compliant. SurveyMonkey, which owns Wufoo, recommends using SurveyMonkey for protected health information (PHI).
Wufoo’s online forms aren’t HIPAA compliant, so covered entities shouldn’t use them to collect or store protected health information. To be HIPAA compliant, software must include physical, administrative, and technical safeguards to protect PHI. While Wufoo offers security features, they don’t meet HIPAA requirements.
Covered entities shouldn’t collect or store identifiable information about patients, services, treatments, and payments through Wufoo’s services.
SurveyMonkey acquired Wufoo in 2011. Since the acquisition, covered entities have been invited to use SurveyMonkey for all their HIPAA-related needs.
Since Wufoo isn’t HIPAA compliant, it won’t sign a business associate agreement (BAA). A signed BAA is available through Survey Monkey, however.