Loading…
Loading…
Chiropractors, massage therapists, and PTs collect protected health information the same way doctors do. Even if the rest of the practice feels less clinical. The standards are the same. WorkflowKits sets up Jotform with the BAA in place, the consent forms tightened, and the intake fitted to how a body-work practice actually runs.
If you collect health history, treatment plans, or insurance information that ties to identity, you handle protected health information and HIPAA applies. Most wellness practices that bill insurance, write SOAP notes, or share records with referring providers are covered entities. The Jotform Gold plan ($99/month billed annually, $129 monthly) and Enterprise with a signed BAA is the right tool; WorkflowKits builds the compliant intake, consent, and treatment-tracking forms on top.
Source: WorkflowKits /hipaa/wellness : by Buri (Mustafa Burak Ilter), former Jotform engineer (2020-2025).
Each kit deploys into your own Jotform HIPAA account. No middleware, no platform fees, no vendor lock-in. Pricing covers the build and a window of support.
Wellness flagship: health history, treatment consent, photo release where applicable.
View the kitGeneral HIPAA intake with branching by condition and insurance capture.
View the kitInsurance card capture and eligibility intake routed to billing without PHI exposure.
View the kitMental health intake: useful where wellness and behavioral health overlap.
View the kitThe Jotform HIPAA plan covers the platform side. The other three pillars are on you - and they are where almost every audit finding comes from.
If you handle protected health information, Jotform's HIPAA plan is the right starting point, but the plan alone doesn't make your workflow compliant. Here's what the plan covers, what it doesn't, and what most teams still get wrong.
Read the noteThe Jotform HIPAA plan covers Jotform. It does not cover what happens to a submission once it lands in Zapier, Google Sheets, Slack, or your CRM. Here is the integration-by-integration verdict from a Jotform HIPAA expert who built the integration codepath.
Read the noteTwelve items to check before any Jotform form that handles PHI goes live. If any of these are unchecked, the workflow is not ready. Save the page or copy the list into your decision log.
Read the noteThe Jotform BAA is a 10-minute task once you know which screen to click. Here is the exact path: what to enable, what to ask for, and how to verify it actually got signed.
Read the noteGoogle Forms on a free Gmail account is not HIPAA compliant. With a Google Workspace BAA and specific configuration changes, it can be made compliant. But it lacks clinical workflow features, e-signature, and integration audit trails. Here is the honest breakdown.
Read the noteMost form builders that advertise HIPAA compliance are telling you about one thing: they signed a BAA. A BAA is necessary but nowhere near sufficient. Here is what a compliant form setup actually requires, from a former Jotform engineer.
Read the noteJotform email notifications fail for six common reasons. Here is how to diagnose and fix each one in under 10 minutes.
Read the noteIf you bill insurance, write clinical notes, or share records with other providers, yes. Cash-pay-only single-modality practices that never write notes might be in a gray area, but the safe answer is to operate as if HIPAA applies. The cost difference between a HIPAA Jotform plan and a non-HIPAA one is small, and the audit difference is enormous.
Yes: photo and video release is a standard conditional block in the wellness consent kit. It captures explicit, separate consent (not bundled into the general intake consent) and stores the signature with timestamp.
We split the intake into a shared core (identity, history, insurance, consent) plus modality-specific branches that fire based on the service the patient booked. The patient fills out one form; the office sees the modality-specific answers in one place.
Same answer on HIPAA, lighter integration footprint. Cash-pay practices skip the insurance verification kit but still need the intake, consent, and PHI-safe notification setup. The Jotform HIPAA plan is still the right plan.
Most scheduling tools have webhook or Zapier integrations. We audit the scheduling tool's HIPAA posture (Jane App, Mindbody, Acuity all have HIPAA tiers; some require enterprise). If it cannot be made compliant, we recommend a swap as part of the engagement.
Want help with this? . Email me. We scope the engagement (intake, treatment consent, photo release where applicable, scheduling integration audit, BAA sign-off), send a fixed-price proposal, and ship in 1-2 weeks for most single-modality and multi-modality wellness practices.
Free 20-minute call. Bring your current Jotform setup (or a blank account); leave with a straight answer about what compliance actually requires for your practice.