HIPAA & BAA · Forms
Is Jotform HIPAA compliant?
Conditionally. Jotform will sign a BAA and offers HIPAA features, but only on Gold or Enterprise plans with HIPAA explicitly enabled.
Key facts
- BAA available: Conditionally — on specific plans
- What it takes: Gold or Enterprise plan required; HIPAA features must be enabled and the BAA signed in account settings (no extra fee on Gold).
- Official source: Jotform Help — How to receive the BAA — https://www.jotform.com/help/501-how-to-receive-the-baa-for-my-hipaa-account/ (verified 2026-06)
How to use Jotform in a HIPAA-compliant way
- Upgrade to a Jotform Gold or Enterprise plan.
- Enable HIPAA compliance in account settings and complete the setup wizard (verify email, strong password, review forms).
- Digitally sign Jotform's Business Associate Agreement; a copy is emailed to you.
- Audit each form, integration, and storage location to ensure only HIPAA-compliant components handle PHI.
- Disable or avoid non-compliant integrations and third-party connections for PHI-bearing forms.
Important caveats
- PHI must not be collected on Free, Bronze, or Silver plans; only Gold/Enterprise are HIPAA-eligible.
- Enabling HIPAA can restrict certain features and integrations on the account.
- Compliance depends on configuring each form correctly, not just signing the BAA.
The bottom line
No software is "HIPAA compliant" on its own. HIPAA compliance is a property of your organization, not a tool. Even with a signed BAA, you remain responsible for configuring Jotform correctly, limiting access to PHI, training staff, and maintaining your own safeguards. This page is general information, not legal advice; confirm current terms with Jotform.
Frequently asked questions
Does Jotform sign a BAA?
On specific plans. Gold or Enterprise plan required; HIPAA features must be enabled and the BAA signed in account settings (no extra fee on Gold). A signed BAA is required before any PHI is involved.
Is Jotform HIPAA compliant out of the box?
No software is "HIPAA compliant" by itself. Even when Jotform offers a BAA, you are responsible for signing it, configuring the product correctly, restricting access, and maintaining your own administrative, physical, and technical safeguards.
What should I check before using Jotform with PHI?
PHI must not be collected on Free, Bronze, or Silver plans; only Gold/Enterprise are HIPAA-eligible.
