The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Is JotForm HIPAA Compliant?

Posted By on Jan 5, 2024

JotForm is HIPAA compliant and can be used to collect, store, and share Protected Health Information (PHI) provided businesses subscribe to a Gold or Enterprise plan and agree to the terms of JotForm’s Business Associate Agreement. Existing subscribers with a Starter, Bronze, or Silver plan must upgrade their plan to use JotForm in compliance with HIPAA.

JotForm is a software solution for creating online forms that can be used in the healthcare industry to simplify the collection and documentation of PHI. Use cases include collecting PHI during the patient intake process, documenting patient consent and authorizations, soliciting patient feedback, and scheduling appointments via forms embedded into a web page or patient portal.

JotForm integrates with multiple HIPAA compliant productivity and collaboration tools (i.e., OneDrive, Google Workspace, Salesforce, etc.) to streamline workflows and increase efficiency. Through these integrations, it is also possible to transmit PHI to EHRs or other systems to improve the patient experience. However, in order to use the software solution with PHI, it is first necessary to make JotForm HIPAA compliant.

How to Make JotForm HIPAA Compliant

The first step to making JotForm HIPAA compliant is to subscribe to a Gold or Enterprise plan, as these are the only two plans to support HIPAA compliance. Both the Gold and the Enterprise plans encrypt data, store data in a HIPAA compliant environment, and have the necessary access, activity, and auditing capabilities. Full information about JotForm and HIPAA compliance can be found here.

HIPAA Compliant
Patient Communication
Software

Keep Patients Informed,
Reduce No Shows & Increase
Staff Productivity

Rectangle Health’s Patient Engagement Software Is Used By 1,000s Of Healthcare Providers & Easily Integrates With All Existing Practise Management Systems

Your Privacy Respected

HIPAA Journal Privacy Policy

Organizations that have a Starter, Bronze, or Silver plan must upgrade their plan to make their use of JotForm HIPAA compliant. JotForm provides a wizard to help organizations upgrade to their new plan which imports data from the existing plan to the new plan and checks imported forms for compliance with HIPAA – highlighting any issues that need to be resolved before the forms can be imported.

Once a Gold or Enterprise plan is created, organizations are required to agree to the terms of JotForm’s Business Associate Agreement before using the account to collect, store, or share PHI. Like most major software providers, JotForm has a standard one-size-fits-all Agreement. Accounts holders must digitally sign the Agreement, after which a copy is sent to the account holder by email.

Considerations Before Using JotForm

JotForm is an excellent option for collecting, storing, and sharing PHI in compliance with HIPAA, but there are a few things organizations should consider before adopting the software solution or upgrading an existing plan to a Gold or Enterprise plan to make JotForm HIPAA compliant.

The first of these is how PHI will be transmitted from JotForm’s servers to individuals or systems. JotForm warns against the use of unencrypted email, but organizations should also be conscious of the fact that if an integrated service is being used (i.e., OneDrive), the integrated service also has to be configured to be HIPAA compliant and supported by a Business Associate Agreement.

In a similar vein, it is important to be aware that not all integrations with JotForm support HIPAA compliance. JotForm notes that although it is possible to integrate services such as HubSpot, Mailchimp, and Zapier into the platform, these services are not HIPAA compliant and should not be used to receive, store, or forward PHI to other services.

The final consideration is if an organization is an existing JotForm customer who currently collects non-covered data via website forms (i.e., names and phone numbers, but not health information). In such cases, it is worth considering that existing forms will be migrated from their current server to a secure server, and any embedded links to the existing forms will need replacing.

Organizations who are unsure about how to make JotForm HIPAA compliant or use JotForm in compliance with HIPAA should reach out to JotForm’s Support Team or seek compliance advice.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist