#1 HIPAA Compliant Form Builder

We’ve maintained HIPAA compliance since we first announced it in 2016. This ongoing compliance requires GAP and Risk assessments, as well as adherence to NIST, ISO, PCI, and HITECH best practices. Our security procedures for our HIPAA compliance environment are audited by Crimson Security Inc. yearly and throughout the year.

Your PHI is further protected by our use of encryption best practices. Encryption keys are deployed at a level proportionate to their importance, and their access is restricted and controlled to guard against improper disclosure. Additionally, data sent through our HIPAA compliant online forms is encrypted at rest and in transit, using HTTPS TLS 1.2.

Enterprise plans utilise secure, US-based servers, which means your organization benefits from our HIPAA compliant form builder, data security, and strict procedures, without having to build a complex internal system for data collection. Although customer data exists in a shared infrastructure, we ensure it is not commingled by assigning a separate application server and database for each customer.

We partner with Amazon Web Services (AWS) to host the FormAssembly environment, which means our Enterprise customers benefit from AWS’ security, surveillance, and access and environmental controls.

Beyond HIPAA compliance, Enterprise plans give you unique control over sensitive data. With Sensitive Data Management, control who can view data, unlock reports containing sensitive data for a specified amount of time, view a log of sensitive data access, and more.

With FormAssembly’s HIPAA compliant form builder, healthcare technology leaders can rest assured that sensitive data is being processed with the utmost care, whether it’s being sent through patient information forms, medical research forms, or any other type of form created with FormAssembly.