Is JotForm HIPAA Compliant?

JotForm is a software solution for creating online forms. Can JotForm be used by healthcare organizations to collect patient information? Is JotForm HIPAA compliant?

HIPAA Compliant Forms on Websites

HIPAA covered entities can use online forms to collect a wide range of information from patients. Online forms are useful for registering new patients, obtaining consent, conducting customer surveys, and taking payments. Web forms streamline data collection, allow patient information to be sent to EHRs or other internal systems quickly and efficiently, and they can improve the patient experience.

HIPAA covered entities that have the resources can create online forms manually; however, those that lack staff with the necessary skills or have to create large numbers of forms will benefit from using online form software to speed up the process of creating online forms.

While form software can be used for all the above purposes, if the forms are used to collect protected health information, the software provider will be considered a business associate under HIPAA Rules. Consequently, prior to using form software in conjunction with ePHI, a HIPAA covered entity is required to enter into a business associate agreement with the form software company. The BAA will provide a HIPAA covered entity with satisfactory assurances that any ePHI received, stored, or transmitted by the forms will be safeguarded and the company is aware of its responsibilities under HIPAA.

Is JotForm HIPAA Compliant?

JotForm is one of the most popular online form software providers with over 4 million users worldwide, but can the software be used by healthcare providers for creating HIPAA compliant forms?

JotForm protects customer data through a 256 Bit SSL connection and RSA 2048 encryption is used for data storage and transmission. The software also features access controls to limit who can view form data.

Importantly, in addition to providing a secure online form solution, JotForm is prepared to enter into a BAA with HIPAA covered entities that sign up for JotForm. As long as healthcare organizations obtain a BAA from JotForm, it is a a HIPAA compliant online form solution for healthcare organizations and can be used in connection with ePHI.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.