Talk to sales
Start for free

The healthcare system is rife with forms. Application forms. Admission forms and discharge forms. Pharmacy forms. Request forms. Fortunately, paper forms and clipboards are slowly giving way to electronic forms and tablets, touchscreens and kiosks. Not only is this more environmentally friendly, but it's more secure, less error-prone, and very efficient when it comes to compiling, processing, and storing information. Of course, covered entities must keep patient information private according to federal HIPAA rules, which means implementing a digital form system requires careful due diligence.


Web form providers and HIPAA compliance


Thanks to the Internet, it's possible to begin requesting, collecting, and organizing information before a client sets foot in your facility. Via your HIPAA compliant website, you can provide online forms for patients and partners to fill out at any time. And while we've previously covered the popular website management tool WordPress and how WordPress plugins can be configured to send email alerts through Paubox, many clinics and healthcare providers want to start with something simpler. Web form providers make it easy to design a form and post it online for clients to complete. Forms can be added to an existing website or sent out as a link via email. But not all web form companies are created equal, and we've taken a closer look at the most popular options available today.


Microsoft Forms


Microsoft introduced Microsoft Forms in 2016, which allows users to create surveys and quizzes. We previously established that Microsoft 365 (formerly Office 365) can be configured to comply with HIPAA. Though it took some digging, we found that Microsoft states that Microsoft Forms is HIPAA compliant, as it's covered by the same business associate agreement as Microsoft 365.

With a signed BAA, Microsoft Forms can be HIPAA compliant.


Google Forms


Google Forms is an immensely popular tool. From conducting surveys to event registration, Google provides dozens of templates to help beginners get started. Our research turned up a help article titled" HIPAA Compliance with Google Workspace," in which the company asserts that “Google offers a BAA covering Gmail, Google Calendar, Google Drive (including Docs, Sheets, Slides, and Forms).”

With a signed BAA, Google Forms can be HIPAA compliant.

SEE ALSO: Google & HIPAA Compliance: The Ultimate Guide


Adobe Experience Manager Forms


The  Adobe Experience Cloud (AEC), formerly known as the Adobe Marketing Cloud (AMC), includes a number of tools built around Customer Experience Management (CXM). One of these tools is Adobe Experience Manager Forms, or AEM Forms. Although AEM Forms are not HIPAA compliant out of the box, version 6.4 supports the ability to have form responses sent via a custom email provider. By connecting AEM Forms to the Paubox Email API, and with a signed BAA with Paubox, this could be a HIPAA compliant form solution.

AEM Forms can be configured to achieve HIPAA compliance.




JotForm is one of the most popular web form services, with a simple drag-and-drop design tool and several themes, templates and widgets. JotForm provides a lot of information about its data security practices, and about HIPAA compliant online forms in particular. The company will provide a BAA, and even provides a  request form for it. In order to obtain a signed BAA, customers need to sign up for the $39-per-month "HIPAA Compliance" service level.

With its "HIPAA Compliance" plan, JotForm can be HIPAA compliant.




Typeform provides some of the most visually striking online forms, using simple designs and animations to walk users through a series of questions. The company provides very little information on HIPAA compliance. There is a relevant entry on its  COVID-19 FAQ page, under the question, "Can I collect health related information with my Typeform?" "Collecting personal health related information in the United States is tied to HIPAA compliance," Typeform answers. "If you’re using your Typeform to collect such information in the US, please check with us to make sure that we have a Business Associate Agreement in place." While Typeform implies here that it will sign a BAA, we could find no details, requirements, or prices related to it.

With a signed BAA, Typeform can be HIPAA compliant.




Formstack offers a big menu of products and services, including document management, digital signatures, and integrations with other popular tools. Formstack forms are built with an easy-to-use online form builder with a drag-and-drop interface, producing   accessible and mobile-responsive designs as well as detailed analytics. Formstack says it offers an enterprise-level solution that complies with HIPAA and is willing to sign a BAA.

With a signed BAA, Formstack can be HIPAA compliant.


Cognito Forms


Though perhaps lesser-known, Cognito Forms has carved out a space for itself among more technically oriented customers. In addition to a strong template library, the company also provides a WordPress plugin. Most importantly, our review found Cognito provided information on HIPAA compliance (available under its Enterprise service level), including its BAA and HIPAA compliance support notes.

With a signed BAA, Cognito Forms can be HIPAA compliant.




Wufoo came out of the Y Combinator startup accelerator and was acquired by SurveyMonkey in 2011  for $35 million. Wufoo provides ready-to-use templates for registrations, surveys, lead generation, invitations, and more. It advertises itself as suitable for event managementeducation, and nonprofits. But healthcare doesn't seem to be well represented, and nothing on Wufoo's website mentions HIPAA, with most hard questions sending readers to its parent company. While SurveyMonkey might be able to comply with HIPAA, that doesn't appear to be true for Wufoo.

Wufoo does not appear to be HIPAA compliant.




Although our review of the most popular website hosting companies found that most were not HIPAA compliant, our survey of the online form space found many of the major players positioned well to protect electronic personal health information ( ePHI). Of course, web forms are a small part of the online healthcare toolbox, and using different service providers for web hosting, web forms, and  HIPAA compliant email can be complex. A comprehensive solution like Paubox Email Suite eliminates the need for clumsy portals, special apps, or additional logins and integrates with Google WorkspaceMicrosoft 365, or  Microsoft Exchange. And yes, Paubox provides a secure contact form as part of the package.


Try Paubox Email Suite for free and make your email HIPAA compliant today.

Start a 14-day free trial of Paubox Email Suite today