Is Formstack HIPAA compliant?

Is Formstack HIPAA Compliant? - Paubox

Every organization, and certainly every business, needs a website. It’s a more complicated prospect for covered entities like healthcare providers, health plans, and healthcare clearinghouses, which will want to set up a HIPAA compliant website.

While some of the most popular website hosting companies are not HIPAA compliant, it’s possible to address HIPAA concerns by making sure your webhost doesn’t handle, process, or store protected health information (PHI).

For example, instead of accepting information from customers and clients through your website, you can use secure online forms provided by other companies like Formstack.

What is Formstack?

Founded in 2006, Formstack bills itself as a “no-code workplace productivity platform.”  The company’s mission is to provide “a better way” to capture data and automate repetitive work.

Today, the company has over 250 employees between offices in Colorado Springs and Indianapolis, and serves over 27,000 organizations, including Netflix, Twitter, and the National Hockey League.

The Formstack platform includes web forms, document management, digital signatures, and integrations with other popular business tools like Microsoft, Salesforce, HubSpot, PayPal and Stripe. The company’s signature offering is an easy-to-use online form builder with a drag-and-drop interface, conditional logic (providing different information or forms based on the information provided), accessible and mobile responsive designs, and analytics.

Formstack also says it uses “the highest levels of form security,” including 256-bit SSL, data encryption, PGP email encryption, password protection, and invisible reCAPTCHA.

Is Formstack HIPAA Compliant?

Formstack answers this question directly.

“Formstack offers an Enterprise level solution that is compliant with the Health Insurance Portability and Accountability Act of 1996 (HIPAA),” the company says. “Forms can collect Electronic Personal Health Information (ePHI) with HIPAA and HITECH compliant encryption technology.”

In addition to data encryption, the company has implemented access controls, auditing, and logging, and it is willing to sign a business associate agreement (BAA).

Its HIPAA compliant form offerings, first introduced in 2016, can also pass protected health data to HIPAA compliant tools from other vendors, including Salesforce, Dropbox, PayPal, Stripe, and Google Drive.

Formstack points out that it is only ensuring HIPAA compliance within the limited role it plays in your business, and that customers have to ensure that their entire system meets HIPAA security requirements. But to help customers understand the big picture, Formstack outlines Best Practices for Healthcare Forms.

In addition to HIPAA compliant forms, Formstack offers other HIPAA compliant solutions, including document management and electronic signature services.

Conclusion

As secure online form providers go, Formstack is emphatic about its “powerful HIPAA security features.”

If you want to easily collect and organize health information via a website or even a link in an email, Formstack is a solid choice.

The makers of Formstack are correct to point out that their services are only part of business processes that need to be secure from end to end. For example, if you will be exchanging email with your clients and patients, you’ll need to use HIPAA compliant email.

Try Paubox Email Suite for FREE today.

About the author

Ryan Ozawa

Read more by Ryan Ozawa

Get started with
end-to-end protection

Bolster your organization's security with state-of-the-art email encryption and inbound email security.

Highest rated HIPAA compliant messaging solution on G2

EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport
EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport