HIPAA-compliant Jotform for telehealth.
Telehealth lives or dies in the 24 hours before the first video call. Identity check, tech check, consent, screening - all of it has to happen without leaking PHI into a generic form tool or scheduling app. WorkflowKits builds that pre-visit loop on Jotform, with the BAA in place and the integrations audited.
Is Jotform HIPAA compliant for telehealth?
Yes - Jotform on the Silver plan ($39/month) and up with a signed BAA is HIPAA-compliant for telehealth intake, consent, screening, and pre-visit forms. The BAA covers submission storage and file handling. Your video platform (Zoom for Healthcare, Doxy.me, etc.) needs its own BAA, and any scheduling or EHR integration needs separate audit. WorkflowKits delivers the full compliant pre-visit loop.
Source: WorkflowKits /hipaa/telehealth - by Buri (Mustafa Burak Ilter), former Jotform engineer (2020-2025).
The kits, ready to install in your account.
Each kit deploys into your own Jotform HIPAA account. No middleware, no platform fees, no vendor lock-in. Pricing covers the build and a window of support.
Four things, all of them load-bearing.
The Jotform HIPAA plan covers the platform side. The other three pillars are on you - and they are where almost every audit finding comes from.
- BAA in place
- The signed Business Associate Agreement with Jotform - the legal foundation. Without it, you do not have HIPAA compliance no matter what features you turn on.
- Integrations audited
- Every downstream tool that touches a submission - Zapier, Google Sheets, your CRM, your email tool - has to be HIPAA-aware too. One non-compliant Zap leaks the whole setup.
- PHI out of notifications
- Default Jotform email notifications often include the submission body. On HIPAA workflows, those go in the email itself. We strip PHI from notifications and route reviewers back to authenticated Jotform views.
- Access locked down
- Individual accounts, 2FA, role-based permissions on Enterprise. Shared logins are the most common audit finding we see - they are also the easiest to fix.
The full HIPAA loop, not just a form.
- Identity verification before the first video session
- Technology setup confirmation (browser, camera, mic, bandwidth)
- Telehealth e-consent capturing video-specific risks and limitations
- PHQ-9, GAD-7, or other validated screening pre-loaded into the pre-visit form
- Integration with Zoom for Healthcare, Doxy.me, or other BAA-covered video platforms
- Reminder cadence (24h, 1h) without PHI in the email or SMS body
The notes that go deeper.
Questions, with straight answers.
Does this integrate with Zoom for Healthcare or Doxy.me?
Yes. Both platforms have BAAs and integrate cleanly with Jotform via webhook or native Zapier flows. The trick is the integration itself has to be on a HIPAA tier (paid Zapier HIPAA plan, not free); we configure that as part of the kit.
How do telehealth consent forms differ from in-person consent?
Telehealth consent has to disclose video-specific risks: technology failure, limits of remote assessment, what happens in a clinical emergency at the patient's location, and where the patient must be located legally. The pre-visit kit includes the standard telehealth consent template; we customize for your jurisdiction.
Can I send the pre-visit form 24 hours before the appointment automatically?
Yes - that is the whole point of the pre-visit kit. It triggers from your scheduling tool, lands in the patient's email with no PHI in the body, and they complete it before the session.
Does Jotform handle patient identity verification?
Yes - government ID upload, selfie verification, and date-of-birth confirmation are all standard form fields. For higher-assurance verification (e.g., for controlled substance prescribing), we pair Jotform with a dedicated identity provider that has its own BAA.
What if a patient cannot complete the pre-visit form?
Jotform auto-saves drafts. The workflow sends a resume link if the patient abandons mid-form, and your front desk sees partial submissions so they can call and complete it together over the phone before the session.
Ready when you are.
Free 20-minute call. Bring your current Jotform setup (or a blank account); leave with a straight answer about what compliance actually requires for your practice.