-
CarmeliteMediaAsked on August 8, 2025 at 12:11 PM
Hi,
I have a form that absolutely requires HIPAA.
I understand that activating HIPAA will be account wide, not just on this form.
https://form.jotform.com/251766946499075Are there any downsides to having HIPAA on forms that do not need it?
I heard some integrations might not work.
I'm concerned about payment processors.It would get expensive if I had to put forms in separate accounts.
Thanks,
Steve
Page URL: https://form.jotform.com/251766946499075 -
Podo: Support AI AgentReplied on August 8, 2025 at 12:11 PM
Hi Kenneth,
I'm an AI assistant. I'll do my best to help you until someone from the support team is available.
One of our Support Team members has taken over this thread and will assist you further. I will no longer be responding here.
Thank you for your understanding.
Best regards,
Jotform Support -
John JotForm SupportReplied on August 8, 2025 at 12:23 PM
Hi Steve,
Thanks for reaching out to Jotform Support. Enabling HIPAA compliance on your Jotform account is indeed account-wide, meaning all forms under that account will be subject to HIPAA regulations. HIPAA compliance adds an extra layer of encryption at the database level beyond the regular enterprise disk encryption, ensuring your data is highly secure.
As for the integrations, you're correct, the number of available integrations decreases from over 100 to around 60+ when HIPAA is enabled. This is due to the strict requirements for end-to-end data encryption and traceability of PHI access. Some popular payment processors like PayPal Business, Stripe, Square, and others are available, but some integrations may not be supported.
In HIPAA-enabled Jotform accounts, approval workflows must ensure that access to Protected Health Information (PHI) is traceable to a unique individual with login credentials. This requirement can impact workflows such as submission editing or approval processes, as every interaction with PHI must be securely logged and attributed to a verified user.
Notification and autoresponder emails remain functional within HIPAA-compliant forms. However, to safeguard sensitive data, any fields containing PHI are automatically hidden in these emails. This ensures that confidential information is not exposed through unsecured channels.
For file uploads, HIPAA compliance introduces stricter access controls. Files submitted through HIPAA-enabled forms require the recipient to log in before accessing them. Additionally, these files cannot be downloaded directly from emailed links without proper authentication, maintaining the integrity and privacy of the data.
In summary, while enabling HIPAA compliance ensures strong data protection and meets legal requirements, it does come with some trade-offs such as limited integrations and stricter workflows. Payment processors like Stripe and PayPal Business are supported, but you should verify if your specific payment gateway is on the HIPAA-compatible list. You can also check out these guides about Jotform HIPAA compliance and HIPAA Integrations of Jotform.
Reach out again if there's anything else we can help you with.
Your Reply
Something Went Wrong
An error occurred while generating the AI response. Please try again!