Is 123FormBuilder HIPAA compliant?

Being HIPAA compliant is critical for any company collecting electronic patient health information. In this article, you’ll learn about some of our security features and how the Compliance Cloud handles the HIPAA regulations. Of course, we’ll be more than happy to schedule a call with you and talk about your specific needs.

Our Corporate Compliance package provides 2 types of users: builders and contributors. Builders are the users that need to log in and edit or create forms, change settings, view or edit submissions and reports. The contributors are the ones that only need access to view the submissions and/or reports.

With 123FormBuilder, you will be asked to sign​ the ​Business​ Associate​ A​greement (BAA​) and you will have the opportunity to choose from several different indemnification clauses and liability caps for both professional services and data loss​ for as much as 1 million dollars each.​

We are using a 256-bit SSL connection throughout the whole form building experience with various options to choose from to protect your web forms from external threats. All data is encrypted on our Amazon servers (daily backups) in multiple data centers across the United States to better protect sensitive information, while being ISO27001​ and ISO9001 certified.

Our server security includes:
✔ electronic surveillance of server rooms and multi-factor access control system
✔ 24/7 monitoring of data centers by trained security guards, with access authorized strictly on a privilege basis
✔ systems reinforcement against any environmental hazards

Technical information:

• If needed, we can also provide a single tenant installation for enhanced security.
• ePHI or any other information can be deleted and/or purged upon request.
• 123FormBuilder gives each user accessing the system a unique ID specific to the identity of the employee or individual with access to the system
• The back-end portal for administrative access forces a logout after 15 minutes of inactivity.
• 2-Step Verification – if you want to increase the security of your account, you can opt to activate the multi-factor authentication option in My Account which adds an extra step to your login. A multi-factor authentication process implies the presence of two or more verification steps, independent one from another.
• We use spam, virus and malware protection services provided by McAfee. All latest threats are carefully monitored and cleaned on a daily basis, so that our partners and users can navigate in a secured environment.
• Password authentication. One of the HIPAA requirements for data integrity addresses the way users identify themselves prior to providing data input. With 123FormBuilder you can enable passwords at the form level in order to ensure that only verified individuals in your organization or outside of it can have access to your form.

All access to your account and forms is logged and a report can be generated at any time, should you need to investigate a certain event​. 123FormBuilder employs technical, administrative and physical safeguards to enable your organization to be compliant when receiving PHI through the forms (we can provide details upon request). All employees have signed confidentiality agreements and are up to date with the HIPAA regulations.