Is Wufoo HIPAA compliant?

Featured image

Share this article

Is Wufoo HIPAA Compliant? - Paubox

Online forms are not the most exciting piece of technology, but every organization that wants to collect information through its website needs one.

Setting up a web form can be complicated, so companies like Wufoo provide an easier way to build them.

What is Wufoo?

Wufoo describes itself as an “online form builder with cloud storage database,” which allows users to “build custom online forms that you can use to collect data, payments and to automate your workflows.”

SEE ALSO: Guide to Online Payment Options & HIPAA Compliance

Wufoo was launched in 2006 to provide an easy way to create online forms. The startup was part of the Y Combinator program, raising $118,000 before being acquired by SurveyMonkey in 2011 for $35 million.

Wufoo provides ready-to-use templates for registrations, surveys, lead generation, invitations, and more. It highlights the industry solutions it provides specifically for event management, education, and nonprofits.

Healthcare doesn’t appear to be on the shortlist of Wufoo’s specialties, but can covered entities nonetheless safely use its offerings to design and host secure web forms?

What does Wufoo say about HIPAA?

For a healthcare provider, health plan, or healthcare clearinghouse to use Wufoo, Wufoo must be HIPAA compliant and sign a business associate agreement (BAA).

Wufoo has an extensive write-up on its Security page, outlining how Wufoo protects your data via “top security resources, including the deep expertise of our security team and state-of-the-art hardware and networking analysis.”

From 256-bit SSL secured connections to PCI scans to using a SOC 2, Type II audited U.S. data center, Wufoo invokes many industry standards but makes no mention of HIPAA.

Similarly, the Wufoo Help Center reports “0 results for HIPAA.”

And Wufoo defers to parent company SurveyMonkey for its Terms of Use and Privacy Notice, rather than using its own.

And while Wufoo offers integrations with over 2,300 other services, including Stripe, Salesforce, and Dropbox, none of the services in its directory mention “HIPAA,” “health,” or “medical.”

(Okay, the integration directory includes Lockbin, which calls itself a “HIPAA compliant messaging service” and says it will sign a BAA with paying customers. But its Wufoo integration relies on Wufoo’s Zapier integration, and that’s too many steps removed to consider it a Wufoo offering.)

Has anyone asked Wufoo about HIPAA?

On Twitter, Wufoo was directly asked, “Is Wufoo HIPAA compliant?

The response was, “Yes! We are HIPAA compliant.” But the response came from parent company SurveyMonkey, not Wufoo, and it linked to SurveyMonkey’s HIPAA Compliance page.

We’ve previously explored whether you can use SurveyMonkey and be HIPAA compliant. But that’s a different question from whether you can use Wufoo specifically.

In response to an earlier Twitter inquiry, Wufoo directly conceded, “We meet most of the requirements but we’re not 100% HIPAA compliant.”

Conclusion

Apart from a couple of tweets, Wufoo doesn’t have anything to say officially about HIPAA compliance, and related terms are completely absent from its website.

Wufoo’s parent company, SurveyMonkey, offers a standard form BAA that meets the requirements of HIPAA (available upon request), but only to customers of its Enterprise services. And covered entities would be using SurveyMonkey forms, not Wufoo forms.

Therefore we believe Wufoo is not HIPAA compliant.
SEE ALSO: HIPAA Compliant Email: The Definitive Guide

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Ryan Ozawa

Read more by Ryan Ozawa

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022