Is JotForm HIPAA Compliant?

HIPAA compliant form software

JotForm is a software solution that can be used for making online forms. Can healthcare organizations use JotForm to acquire patient data? Does JotForm support HIPAA compliance?

Using HIPAA Compliant Forms on Websites

HIPAA covered entities may use online forms for collecting patient data. Online forms could, for instance, be used for new patient registration, acquiring consent, conducting surveys, and accepting payments. Web forms improve the speed of data collection, enable the sending of patient information to EHRs or any internal systems, and they could improve the patient experience.

HIPAA covered entities that have the means to create online forms in house can do so manually; nonetheless, using a software solution is quicker and easier.

Although form software may be utilized for all the earlier mentioned purposes, using the forms to collect patients’ protected health information (PHI) will make the software provider a business associate. Therefore, before using form software in connection with any ePHI, a HIPAA covered entity must enter into a business associate agreement (BAA) with the form software provider. The BAA will give a HIPAA covered entity a reasonable guarantee that the company will protect all ePHI that is stored or transmitted via the form software and that the software developer understands the requirements of HIPAA.

So, Is JotForm HIPAA Compliant?

JotForm is a very popular online form software solution for creating web forms. More than 4 million people use the solution, but what about healthcare organizations? Can they use JotForm to create HIPAA compliant forms?

JotForm keeps customer information secure by means of a 256 Bit SSL connection and uses RSA 2048 encryption for stored and transmitted data. The software additionally has access controls to restrict the people allowed to view data collected by the form software.


Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

Besides appropriate security, JotForm will sign a BAA with HIPAA covered entities that register to use JotForm. So long as healthcare providers obtain a BAA from JotForm and configure the solution correctly, JotForm can be considered a HIPAA compliant solution.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: