Is JotForm HIPAA Compliant?
JotForm is HIPAA compliant and can be used to collect, store, and share Protected Health Information (PHI) provided businesses subscribe to a Gold or Enterprise plan and agree to the terms of JotForm’s Business Associate Agreement. Existing subscribers with a Starter, Bronze, or Silver plan must upgrade their plan to use JotForm in compliance with HIPAA.
JotForm is a software solution for creating online forms that can be used in the healthcare industry to simplify the collection and documentation of PHI. Use cases include collecting PHI during the patient intake process, documenting patient consent and authorizations, soliciting patient feedback, and scheduling appointments via forms embedded into a web page or patient portal.
JotForm integrates with multiple HIPAA compliant productivity and collaboration tools (i.e., OneDrive, Google Workspace, Salesforce, etc.) to streamline workflows and increase efficiency. Through these integrations, it is also possible to transmit PHI to EHRs or other systems to improve the patient experience. However, in order to use the software solution with PHI, it is first necessary to make JotForm HIPAA compliant.
How to Make JotForm HIPAA Compliant
The first step to making JotForm HIPAA compliant is to subscribe to a Gold or Enterprise plan, as these are the only two plans to support HIPAA compliance. Both the Gold and the Enterprise plans encrypt data, store data in a HIPAA compliant environment, and have the necessary access, activity, and auditing capabilities. Full information about JotForm and HIPAA compliance can be found here.
HIPAA Compliant
Patient Communication
Software
Keep Patients Informed,
Reduce No Shows & Increase
Staff Productivity
Rectangle Health’s Patient Engagement Software Is Used By 1,000s Of Healthcare Providers & Easily Integrates With All Existing Practise Management Systems
Your Privacy Respected
HIPAA Journal Privacy Policy
Organizations that have a Starter, Bronze, or Silver plan must upgrade their plan to make their use of JotForm HIPAA compliant. JotForm provides a wizard to help organizations upgrade to their new plan which imports data from the existing plan to the new plan and checks imported forms for compliance with HIPAA – highlighting any issues that need to be resolved before the forms can be imported.
Once a Gold or Enterprise plan is created, organizations are required to agree to the terms of JotForm’s Business Associate Agreement before using the account to collect, store, or share PHI. Like most major software providers, JotForm has a standard one-size-fits-all Agreement. Accounts holders must digitally sign the Agreement, after which a copy is sent to the account holder by email.
Considerations Before Using JotForm
JotForm is an excellent option for collecting, storing, and sharing PHI in compliance with HIPAA, but there are a few things organizations should consider before adopting the software solution or upgrading an existing plan to a Gold or Enterprise plan to make JotForm HIPAA compliant.
The first of these is how PHI will be transmitted from JotForm’s servers to individuals or systems. JotForm warns against the use of unencrypted email, but organizations should also be conscious of the fact that if an integrated service is being used (i.e., OneDrive), the integrated service also has to be configured to be HIPAA compliant and supported by a Business Associate Agreement.
In a similar vein, it is important to be aware that not all integrations with JotForm support HIPAA compliance. JotForm notes that although it is possible to integrate services such as HubSpot, Mailchimp, and Zapier into the platform, these services are not HIPAA compliant and should not be used to receive, store, or forward PHI to other services.
The final consideration is if an organization is an existing JotForm customer who currently collects non-covered data via website forms (i.e., names and phone numbers, but not health information). In such cases, it is worth considering that existing forms will be migrated from their current server to a secure server, and any embedded links to the existing forms will need replacing.
Organizations who are unsure about how to make JotForm HIPAA compliant or use JotForm in compliance with HIPAA should reach out to JotForm’s Support Team or seek compliance advice.