Jotform Guide

Is Jotform HIPAA Compliant? Full Compliance Check

M

Written by Muzi

Full Stack Web Developer and Digital Entrepreneur with a focused expertise in creating high-utility digital platforms that make complex technology straightforward for everyday users.

Updated May 2026 · 9 min read

💡 Quick Answer

Jotform is HIPAA compliant on its Gold and Enterprise plans. These plans include a Business Associate Agreement (BAA), encrypted PHI storage, restricted staff access, and audit logging. Free, Bronze, and Silver plans are NOT HIPAA compliant and must not be used for Protected Health Information. HIPAA mode must be manually activated in account settings after upgrading to Gold or Enterprise.

Is Jotform HIPAA Compliant — The Verdict

Is Jotform HIPAA compliant? Yes — but only on specific plans with specific settings activated. Jotform offers a genuine HIPAA compliance pathway that satisfies the technical safeguards required by the Health Insurance Portability and Accountability Act (HIPAA) for covered entities and business associates.

Jotform HIPAA compliance is not automatic. You must be on the Gold or Enterprise plan, sign the Business Associate Agreement, and enable HIPAA mode. Using the wrong plan or not activating HIPAA mode while collecting PHI is a HIPAA violation regardless of Jotform's underlying capabilities.

Which Jotform Plans Are HIPAA Compliant

PlanHIPAA CompliantBAA AvailableMonthly Price (Annual)
Free✗ Not compliant$0
Bronze✗ Not compliant~$34
Silver✗ Not compliant~$39
Gold✓ HIPAA compliant~$49
Enterprise✓ HIPAA compliant (enhanced)Custom

What Jotform HIPAA Mode Does

When HIPAA mode is enabled on a Jotform Gold or Enterprise account, the following security controls are activated:

  • Restricted Jotform staff access: Jotform employees cannot access your form submissions without your explicit authorization
  • Encrypted email notifications: Submission notification emails do not include PHI in plain text — only a secure link
  • Extended audit logging: All access to form data is logged with timestamps and user identifiers
  • Secure access controls: Additional authentication requirements for submission access
  • BAA terms enforced: Business Associate Agreement terms are contractually applied to all data handling

How to Enable Jotform HIPAA Compliance

  1. Upgrade to Gold or EnterpriseGold plan costs ~$49/month
  2. Go to Account Settings → Security
  3. Toggle "HIPAA Compliance" to ON
  4. Read and sign the Business Associate Agreement when prompted
  5. Review all active forms — existing forms may need notification settings adjusted to avoid sending PHI in email body
  6. Test a form submission to confirm data handling meets requirements
Important: Do not collect PHI until all six steps are complete. Partial setup does not satisfy HIPAA requirements.

Jotform Healthcare Use Cases

  • Patient intake and registration forms
  • Medical history questionnaires
  • Appointment scheduling (with sensitive health fields)
  • Mental health therapy intake forms
  • Consent and authorization forms
  • Insurance verification forms
  • Telehealth onboarding
  • Vaccination or screening records collection

HIPAA Compliance Limitations to Know

  • HIPAA mode is not retroactive: Submissions collected before HIPAA mode was enabled are not covered under the BAA.
  • Third-party integrations: If you connect a HIPAA-enabled Jotform to Google Sheets or Airtable, those services must independently satisfy HIPAA requirements.
  • Email notifications still risky: Even with HIPAA mode, incorrect notification settings can expose PHI. Always test that email notifications do not include protected fields in the email body.
  • Not a complete compliance solution: Jotform's HIPAA compliance covers the form builder tool. Your overall HIPAA program still requires policies, training, and other technical safeguards beyond Jotform.

Also see: Jotform HIPAA pricing breakdown | Jotform PCI compliance for payment forms

Frequently Asked Questions

Is Jotform HIPAA compliant?
Jotform offers HIPAA compliance on its Gold and Enterprise plans. Users on these plans can sign a Business Associate Agreement (BAA) with Jotform. The HIPAA-compliant version uses encrypted storage, restricted data access, and audit logging. Standard free and Bronze plans are not HIPAA compliant.
Which Jotform plans are HIPAA compliant?
Only the Jotform Gold plan (~$49/month annual) and Enterprise plan include HIPAA compliance. Free, Bronze, and Silver plans do not include HIPAA features and must not be used to collect Protected Health Information (PHI).
Does Jotform provide a Business Associate Agreement?
Yes. Jotform provides a Business Associate Agreement (BAA) to Gold and Enterprise customers. The BAA is required under HIPAA for any business associate that handles PHI on behalf of a covered entity. The BAA is accessible and signable directly in Jotform account settings.
Can I use Jotform for patient intake forms?
Yes, but only on the Gold or Enterprise plan with HIPAA mode enabled and the BAA signed. Patient intake forms collecting PHI (names, birth dates, health conditions, insurance information) require full HIPAA compliance. Using Jotform free or paid-but-not-HIPAA plans for PHI is a legal violation.
Is Jotform HIPAA compliant for mental health therapy?
Jotform Gold or Enterprise with HIPAA mode enabled can be used for mental health therapy intake forms, session notes requests, and appointment scheduling. Therapists must enable HIPAA mode, sign the BAA, and ensure their specific form configuration does not transmit PHI via unsecured email notifications.
What is HIPAA mode in Jotform?
HIPAA mode is a setting in Jotform's Gold and Enterprise accounts that activates additional security controls: restricted staff access to data, encrypted email notifications (no PHI in email body), extended audit logging, and specific HIPAA-required data handling. HIPAA mode must be manually enabled in account settings.