Loading…
Loading…
A HIPAA consent form has to do four things: authorize use of protected health information, document consent for treatment, acknowledge receipt of the privacy notice, and capture a signature with a timestamp. Most free consent form templates you find online are PDFs that do one or two of those and skip the rest. This template does all four in Jotform, with e-signature, conditional logic, and a path to a signed BAA on the Silver plan.
A HIPAA consent form needs four elements: (1) PHI authorization, where the patient agrees to how their protected health information will be used and disclosed; (2) treatment consent, where the patient consents to the proposed care; (3) privacy notice acknowledgement, where the patient confirms they received the practice's Notice of Privacy Practices; and (4) a signature with timestamp. Jotform handles all four as form fields with e-signature capture, stored under HIPAA-plan encryption.
Source: WorkflowKits /hipaa/consent-form : by Buri (Mustafa Burak Ilter), former Jotform engineer (2020-2025).
Each kit deploys into your own Jotform HIPAA account. No middleware, no platform fees, no vendor lock-in. Pricing covers the build and a window of support.
General patient intake with consent, insurance, and e-signature built in.
View the kitTherapy intake with telehealth consent and PHQ-9/GAD-7 screening.
View the kitWellness consent: health history, treatment consent, photo release.
View the kitTelehealth pre-visit with video-specific consent and technology check.
View the kitThe Jotform HIPAA plan covers the platform side. The other three pillars are on you - and they are where almost every audit finding comes from.
If you handle protected health information, Jotform's HIPAA plan is the right starting point, but the plan alone doesn't make your workflow compliant. Here's what the plan covers, what it doesn't, and what most teams still get wrong.
Read the noteThe Jotform HIPAA plan covers Jotform. It does not cover what happens to a submission once it lands in Zapier, Google Sheets, Slack, or your CRM. Here is the integration-by-integration verdict from a Jotform HIPAA expert who built the integration codepath.
Read the noteTwelve items to check before any Jotform form that handles PHI goes live. If any of these are unchecked, the workflow is not ready. Save the page or copy the list into your decision log.
Read the noteThe Jotform BAA is a 10-minute task once you know which screen to click. Here is the exact path: what to enable, what to ask for, and how to verify it actually got signed.
Read the noteA printed or emailed PDF is not HIPAA compliant by itself. The form content might be correct, but the storage, transmission, and access controls around it are what make it compliant or not. A Jotform form on the HIPAA plan stores submissions encrypted, requires authenticated access, and falls under Jotform's BAA. A PDF on a shared drive or in an unencrypted email does not.
Yes. Electronic signatures are valid under ESIGN and UETA for HIPAA consent forms, as long as the signature is attributable to the signer, the form cannot be altered after signing, and a timestamp is captured. Jotform's e-signature widget does all three.
Consent is the patient agreeing to treatment or general use of their information. Authorization is a specific, HIPAA-required document that permits disclosure of PHI for purposes beyond treatment, payment, and healthcare operations. Most intake forms need both: a treatment consent section and a PHI authorization section. They can be on the same form, but they have to be separate and clear.
No. HIPAA does not require notarization of consent or authorization forms. Some state laws require witnesses or notarization for specific consents (like mental health or substance abuse treatment). Check your state. The Jotform template does not include notarization; add a witness signature field if your jurisdiction requires it.
The template includes a conditional path for minor patients. When the date of birth indicates the patient is under 18, the form shows a parent or legal guardian consent section. The guardian signs instead of (or in addition to) the minor, depending on your state's age-of-consent rules for the specific treatment type.
Free 20-minute call. Bring your current Jotform setup (or a blank account); leave with a straight answer about what compliance actually requires for your practice.