Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

2 min read

Is Formstack HIPAA compliant?

Is Formstack HIPAA compliant?

Every organization, and certainly every business, needs a website. It's a more complicated prospect for covered entities like healthcare providers, health plans, and healthcare clearinghouses, which will want to set up a HIPAA compliant website. While some of the most popular website hosting companies are not HIPAA compliant, it's possible to address HIPAA concerns by making sure your webhost doesn't handle, process, or store protected health information (PHI). For example, instead of accepting information from customers and clients through your website, you can use secure online forms provided by other companies like Formstack.


What is Formstack?

Founded in 2006, Formstack bills itself as a "no-code workplace productivity platform."  The company's mission is to provide "a better way" to capture data and automate repetitive work. Today, the company has over 250 employees between offices in Colorado Springs and Indianapolis, and serves over 27,000 organizations, including Netflix, Twitter, and the National Hockey League. The Formstack platform includes web forms, document management, digital signatures, and integrations with other popular business tools like Microsoft, Salesforce, HubSpot, PayPal and Stripe. The company's signature offering is an easy-to-use online form builder with a drag-and-drop interface, conditional logic (providing different information or forms based on the information provided), accessible and mobile responsive designs, and analytics. Formstack also says it uses "the highest levels of form security," including 256-bit SSL, data encryption, PGP email encryption, password protection, and invisible reCAPTCHA.


Is Formstack HIPAA Compliant?

Formstack answers this question directly. "Formstack offers an Enterprise level solution that is compliant with the Health Insurance Portability and Accountability Act of 1996 (HIPAA)," the company says. "Forms can collect Electronic Personal Health Information (ePHI) with HIPAA and HITECH compliant encryption technology." In addition to data encryption, the company has implemented access controls, auditing, and logging, and it is willing to sign a business associate agreement (BAA). Its HIPAA compliant form offerings, first introduced in 2016, can also pass protected health data to HIPAA compliant tools from other vendors, including Salesforce, Dropbox, PayPal, Stripe, and Google Drive. Formstack points out that it is only ensuring HIPAA compliance within the limited role it plays in your business, and that customers have to ensure that their entire system meets HIPAA security requirements. But to help customers understand the big picture, Formstack outlines Best Practices for Healthcare Forms. In addition to HIPAA compliant forms, Formstack offers other HIPAA compliant solutions, including document management and electronic signature services.



As secure online form providers go, Formstack is emphatic about its " powerful HIPAA security features." If you want to easily collect and organize health information via a website or even a link in an email, Formstack is a solid choice. The makers of Formstack are correct to point out that their services are only part of business processes that need to be secure from end to end. For example, if you will be exchanging email with your clients and patients, you'll need to use HIPAA compliant email.
Try Paubox Email Suite for FREE today.

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.