Do I need the Jotform HIPAA plan, or can I use a regular plan with care?

If you collect protected health information, you need the Gold plan or Enterprise with a signed BAA. There is no compliant way to handle PHI on Starter, Bronze, or Silver. The BAA is the legal instrument that lets Jotform act as your business associate, and it only attaches to Gold and Enterprise accounts.

What about Zapier, Google Sheets, or Slack?

Most general-purpose integrations break HIPAA the moment a submission with PHI touches them, unless you have a separate BAA with that vendor. Zapier offers a HIPAA plan; Google Sheets is only compliant via a Google Workspace BAA; Slack is only compliant on Enterprise Grid. The integration audit is part of every WorkflowKits HIPAA setup.

What does a typical HIPAA setup look like?

A clean HIPAA Jotform setup has: the HIPAA-tier account, a signed BAA on file, every integration audited (and either confirmed compliant or removed), email notifications stripped of PHI, 2FA on every account that can read submissions, and a documented decision log. WorkflowKits delivers this end-to-end in a 2-week engagement for most practices.

Why hire a Jotform HIPAA expert instead of a generalist consultant?

Buri spent 2020-2025 inside Jotform as an engineer and product team lead. The HIPAA plan, the BAA flow, the integration architecture, the email infrastructure. Those were the codepaths he worked on. Most generalist consultants Google their way through HIPAA Jotform setups; this one shipped them. If you are searching for a Jotform HIPAA expert, you are looking for someone who built the HIPAA plan from inside the company. That is what you get here.

How much does Jotform HIPAA cost?

Jotform HIPAA is available on the Gold plan at $99/month billed annually ($129 monthly) or on Enterprise with custom pricing. The Gold plan includes a signed BAA, HIPAA-eligible field markers, e-signature with audit metadata, encrypted submission storage, and 100,000 submissions per month. Bronze and Silver do not include HIPAA. For a detailed plan comparison, see the Jotform pricing guide.

Is there a free HIPAA-compliant form builder?

No form builder offers a free HIPAA plan with a signed BAA. The BAA is the legal instrument that extends HIPAA liability to a third party, and it requires a paid plan from every vendor that offers one. Jotform Gold ($99/month billed annually) is the most affordable HIPAA-compliant form builder that includes a BAA. Free tiers from any form tool do not cover HIPAA.

HIPAA · BAA-ready · therapy, telehealth, healthcare, wellness

Is Jotform HIPAA compliant?

If your forms collect protected health information, the Jotform HIPAA plan is the right starting point, and not the finish line. WorkflowKits ships the whole compliant loop: BAA, form, notifications, integrations, access control. Same engineer who worked on the HIPAA plan from inside Jotform, now on your side.

ShareTwitter LinkedIn Facebook

Book a 20-min HIPAA call Or run the HIPAA risk assessment

Quick answer

Is Jotform HIPAA compliant?

Yes: Jotform is HIPAA-compliant on the Gold plan ($99/month billed annually, $129 monthly) and Enterprise, with a signed Business Associate Agreement (BAA). Submission data, file uploads, and account access all fall under the BAA. Bronze and Silver do not include HIPAA. But the plan alone doesn't make your workflow compliant. Your integrations, email notifications, and exports also have to be HIPAA-aware. WorkflowKits sets that whole loop up for you.

Source: WorkflowKits /hipaa : by Buri (Mustafa Burak Ilter), former Jotform engineer (2020-2025).

HIPAA kits

The kits, ready to install in your account.

Each kit deploys into your own Jotform HIPAA account. No middleware, no platform fees, no vendor lock-in. Pricing covers the build and a window of support.

What HIPAA actually requires from your form tool

Four things, all of them load-bearing.

The Jotform HIPAA plan covers the platform side. The other three pillars are on you - and they are where almost every audit finding comes from.

BAA in place: The signed Business Associate Agreement with Jotform: the legal foundation. Without it, you do not have HIPAA compliance no matter what features you turn on.
Integrations audited: Every downstream tool that touches a submission (Zapier, Google Sheets, your CRM, your email tool) has to be HIPAA-aware too. One non-compliant Zap leaks the whole setup.
PHI out of notifications: Default Jotform email notifications often include the submission body. On HIPAA workflows, those go in the email itself. We strip PHI from notifications and route reviewers back to authenticated Jotform views.
Access locked down: Individual accounts, 2FA, role-based permissions on Enterprise. Shared logins are the most common audit finding we see. They are also the easiest to fix.

What I help with

The full HIPAA loop, not just a form.

Sign the BAA correctly and document the chain (Jotform + every integration vendor)
Audit every integration on the form for HIPAA fit, then keep, replace, or remove
Rewrite email and Slack notifications to keep PHI off general infrastructure
Build the intake itself: branching by condition, insurance capture, consent, e-signature
Lock down account access (2FA, role-based permissions, audit logs on Enterprise)
Run a pre-launch compliance review and produce the decision log an audit will ask for
Not sure if your setup is compliant? Take the free HIPAA compliance quiz

Reading

The notes that go deeper.

Plan calculator HIPAA risk assessment

Frequently asked

Questions, with straight answers.

Is Jotform HIPAA compliant?
Yes: on the Gold plan ($99/month billed annually, $129 monthly) and Enterprise, with a signed BAA from Jotform. The BAA covers Jotform's storage, encryption, account handling, and PDF generation. It does not cover what your downstream tools do with the data, so your integrations and notifications need their own audit. Bronze and Silver do not include HIPAA.
Do I need the Jotform HIPAA plan, or can I use a regular plan with care?
If you collect protected health information, you need the Gold plan or Enterprise with a signed BAA. There is no compliant way to handle PHI on Starter, Bronze, or Silver. The BAA is the legal instrument that lets Jotform act as your business associate, and it only attaches to Gold and Enterprise accounts.
What about Zapier, Google Sheets, or Slack?
Most general-purpose integrations break HIPAA the moment a submission with PHI touches them, unless you have a separate BAA with that vendor. Zapier offers a HIPAA plan; Google Sheets is only compliant via a Google Workspace BAA; Slack is only compliant on Enterprise Grid. The integration audit is part of every WorkflowKits HIPAA setup.
What does a typical HIPAA setup look like?
A clean HIPAA Jotform setup has: the HIPAA-tier account, a signed BAA on file, every integration audited (and either confirmed compliant or removed), email notifications stripped of PHI, 2FA on every account that can read submissions, and a documented decision log. WorkflowKits delivers this end-to-end in a 2-week engagement for most practices.
Why hire a Jotform HIPAA expert instead of a generalist consultant?
Buri spent 2020-2025 inside Jotform as an engineer and product team lead. The HIPAA plan, the BAA flow, the integration architecture, the email infrastructure. Those were the codepaths he worked on. Most generalist consultants Google their way through HIPAA Jotform setups; this one shipped them. If you are searching for a Jotform HIPAA expert, you are looking for someone who built the HIPAA plan from inside the company. That is what you get here.
How much does Jotform HIPAA cost?
Jotform HIPAA is available on the Gold plan at $99/month billed annually ($129 monthly) or on Enterprise with custom pricing. The Gold plan includes a signed BAA, HIPAA-eligible field markers, e-signature with audit metadata, encrypted submission storage, and 100,000 submissions per month. Bronze and Silver do not include HIPAA. For a detailed plan comparison, see the Jotform pricing guide.
Is there a free HIPAA-compliant form builder?
No form builder offers a free HIPAA plan with a signed BAA. The BAA is the legal instrument that extends HIPAA liability to a third party, and it requires a paid plan from every vendor that offers one. Jotform Gold ($99/month billed annually) is the most affordable HIPAA-compliant form builder that includes a BAA. Free tiers from any form tool do not cover HIPAA.

Compare

How Jotform compares.

Ready when you are.

Free 20-minute call. Bring your current Jotform setup (or a blank account); leave with a straight answer about what compliance actually requires for your practice.

Book a HIPAA call Or send a message

Loading…

HIPAA · BAA-ready · therapy, telehealth, healthcare, wellness

Is Jotform HIPAA compliant?

ShareTwitter LinkedIn Facebook

Book a 20-min HIPAA call Or run the HIPAA risk assessment

Quick answer

Is Jotform HIPAA compliant?

Source: WorkflowKits /hipaa : by Buri (Mustafa Burak Ilter), former Jotform engineer (2020-2025).

HIPAA kits

The kits, ready to install in your account.

Each kit deploys into your own Jotform HIPAA account. No middleware, no platform fees, no vendor lock-in. Pricing covers the build and a window of support.

What HIPAA actually requires from your form tool

Four things, all of them load-bearing.

The Jotform HIPAA plan covers the platform side. The other three pillars are on you - and they are where almost every audit finding comes from.

BAA in place: The signed Business Associate Agreement with Jotform: the legal foundation. Without it, you do not have HIPAA compliance no matter what features you turn on.
Integrations audited: Every downstream tool that touches a submission (Zapier, Google Sheets, your CRM, your email tool) has to be HIPAA-aware too. One non-compliant Zap leaks the whole setup.
PHI out of notifications: Default Jotform email notifications often include the submission body. On HIPAA workflows, those go in the email itself. We strip PHI from notifications and route reviewers back to authenticated Jotform views.
Access locked down: Individual accounts, 2FA, role-based permissions on Enterprise. Shared logins are the most common audit finding we see. They are also the easiest to fix.

What I help with

The full HIPAA loop, not just a form.

Sign the BAA correctly and document the chain (Jotform + every integration vendor)
Audit every integration on the form for HIPAA fit, then keep, replace, or remove
Rewrite email and Slack notifications to keep PHI off general infrastructure
Build the intake itself: branching by condition, insurance capture, consent, e-signature
Lock down account access (2FA, role-based permissions, audit logs on Enterprise)
Run a pre-launch compliance review and produce the decision log an audit will ask for
Not sure if your setup is compliant? Take the free HIPAA compliance quiz

Reading

The notes that go deeper.

Plan calculator HIPAA risk assessment

Frequently asked

Questions, with straight answers.

Is Jotform HIPAA compliant?
Yes: on the Gold plan ($99/month billed annually, $129 monthly) and Enterprise, with a signed BAA from Jotform. The BAA covers Jotform's storage, encryption, account handling, and PDF generation. It does not cover what your downstream tools do with the data, so your integrations and notifications need their own audit. Bronze and Silver do not include HIPAA.
Do I need the Jotform HIPAA plan, or can I use a regular plan with care?
If you collect protected health information, you need the Gold plan or Enterprise with a signed BAA. There is no compliant way to handle PHI on Starter, Bronze, or Silver. The BAA is the legal instrument that lets Jotform act as your business associate, and it only attaches to Gold and Enterprise accounts.
What about Zapier, Google Sheets, or Slack?
Most general-purpose integrations break HIPAA the moment a submission with PHI touches them, unless you have a separate BAA with that vendor. Zapier offers a HIPAA plan; Google Sheets is only compliant via a Google Workspace BAA; Slack is only compliant on Enterprise Grid. The integration audit is part of every WorkflowKits HIPAA setup.
What does a typical HIPAA setup look like?
A clean HIPAA Jotform setup has: the HIPAA-tier account, a signed BAA on file, every integration audited (and either confirmed compliant or removed), email notifications stripped of PHI, 2FA on every account that can read submissions, and a documented decision log. WorkflowKits delivers this end-to-end in a 2-week engagement for most practices.
Why hire a Jotform HIPAA expert instead of a generalist consultant?
Buri spent 2020-2025 inside Jotform as an engineer and product team lead. The HIPAA plan, the BAA flow, the integration architecture, the email infrastructure. Those were the codepaths he worked on. Most generalist consultants Google their way through HIPAA Jotform setups; this one shipped them. If you are searching for a Jotform HIPAA expert, you are looking for someone who built the HIPAA plan from inside the company. That is what you get here.
How much does Jotform HIPAA cost?
Jotform HIPAA is available on the Gold plan at $99/month billed annually ($129 monthly) or on Enterprise with custom pricing. The Gold plan includes a signed BAA, HIPAA-eligible field markers, e-signature with audit metadata, encrypted submission storage, and 100,000 submissions per month. Bronze and Silver do not include HIPAA. For a detailed plan comparison, see the Jotform pricing guide.
Is there a free HIPAA-compliant form builder?
No form builder offers a free HIPAA plan with a signed BAA. The BAA is the legal instrument that extends HIPAA liability to a third party, and it requires a paid plan from every vendor that offers one. Jotform Gold ($99/month billed annually) is the most affordable HIPAA-compliant form builder that includes a BAA. Free tiers from any form tool do not cover HIPAA.

Compare

How Jotform compares.

Ready when you are.

Free 20-minute call. Bring your current Jotform setup (or a blank account); leave with a straight answer about what compliance actually requires for your practice.

Book a HIPAA call Or send a message

Is Jotform HIPAA compliant?

Is Jotform HIPAA compliant?

The kits, ready to install in your account.

HIPAA Patient Intake Kit

HIPAA Therapy Intake Kit

HIPAA Telehealth Pre-Visit Kit

HIPAA Wellness & PHI Consent Kit

Four things, all of them load-bearing.

The full HIPAA loop, not just a form.

The notes that go deeper.

Jotform HIPAA: A Practical Setup Guide (From a Former Engineer)

HIPAA-Safe Jotform Integrations: What Breaks PHI, What Doesn't

How to Get the Jotform BAA Signed: A Step-by-Step Walkthrough

The 12-Item HIPAA Jotform Workflow Checklist (Pre-Launch)

Is Google Forms HIPAA Compliant? (Short Answer: Sort Of)

HIPAA-Compliant Form Builders: What to Actually Look For

Jotform Email Notifications Not Working: Fix It in 10 Minutes

Questions, with straight answers.

Is Jotform HIPAA compliant?

Do I need the Jotform HIPAA plan, or can I use a regular plan with care?

What about Zapier, Google Sheets, or Slack?

What does a typical HIPAA setup look like?

Why hire a Jotform HIPAA expert instead of a generalist consultant?

How much does Jotform HIPAA cost?

Is there a free HIPAA-compliant form builder?

How Jotform compares.

Jotform vs Google Forms for HIPAA

Jotform vs Typeform for Healthcare

Jotform vs SimplePractice

Jotform vs Google Forms

More HIPAA guides.

HIPAA for therapy practices

HIPAA for telehealth

HIPAA for wellness (chiro, massage, PT)

Free HIPAA form templates

Free therapy intake template

HIPAA consent form template

HIPAA compliance quiz

Ready when you are.

Is Jotform HIPAA compliant?

Is Jotform HIPAA compliant?

The kits, ready to install in your account.

HIPAA Patient Intake Kit

HIPAA Therapy Intake Kit

HIPAA Telehealth Pre-Visit Kit

HIPAA Wellness & PHI Consent Kit

Four things, all of them load-bearing.

The full HIPAA loop, not just a form.

The notes that go deeper.

Jotform HIPAA: A Practical Setup Guide (From a Former Engineer)

HIPAA-Safe Jotform Integrations: What Breaks PHI, What Doesn't

How to Get the Jotform BAA Signed: A Step-by-Step Walkthrough

The 12-Item HIPAA Jotform Workflow Checklist (Pre-Launch)

Is Google Forms HIPAA Compliant? (Short Answer: Sort Of)

HIPAA-Compliant Form Builders: What to Actually Look For

Jotform Email Notifications Not Working: Fix It in 10 Minutes

Questions, with straight answers.

Is Jotform HIPAA compliant?

Do I need the Jotform HIPAA plan, or can I use a regular plan with care?

What about Zapier, Google Sheets, or Slack?

What does a typical HIPAA setup look like?

Why hire a Jotform HIPAA expert instead of a generalist consultant?

How much does Jotform HIPAA cost?

Is there a free HIPAA-compliant form builder?

How Jotform compares.

Jotform vs Google Forms for HIPAA

Jotform vs Typeform for Healthcare

Jotform vs SimplePractice

Jotform vs Google Forms

More HIPAA guides.

HIPAA for therapy practices

HIPAA for telehealth

HIPAA for wellness (chiro, massage, PT)

Free HIPAA form templates

Free therapy intake template

HIPAA consent form template

HIPAA compliance quiz

Ready when you are.