Formstack offers an Enterprise level solution that is compliant with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Forms can collect Electronic Personal Health Information (ePHI) with HIPAA and HITECH compliant encryption technology. Mandatory security measures for Formstack HIPAA compliance include data encryption, access controls, auditing, and logging.
HIPAA & HITECH Compliance at a high level is about security; keeping data encrypted when at rest and restricting access of ePHI data. This is applied to your entire process, the entire lifecycle of the data, including when it jumps from one software to another. Formstack is one piece of your process that is HIPAA & HITECH compliant and we are not liable for ensuring that your entire process is meeting HIPAA security requirements. However, we are responsible for ensuring that when your data is within Formstack, it is in fact encrypted at rest. It is your responsibility to ensure that you have the following restrictions in place with any given integration:
Proof of HIPAA Audit
Sign a BAA
Encrypt data with SSL
Process for breach (should be in the BAA)
To learn more about HIPAA and how you can activate Formstack HIPAA compliance for your organization, please contact the Formstack Support Team and for more information on Formstack's security you can visit our Data Security page.