Compliance

HIPAA Mode

Enable HIPAA-compliant form collection for healthcare workflows, PHI fields, and BAA execution.

Open in app

HIPAA Mode enables technical controls that support HIPAA-compliant data collection workflows. It is available on the Business plan.

Legal note: Enabling HIPAA Mode provides technical controls. Compliance with HIPAA is your organisation's legal responsibility. Review your specific workflows with your compliance counsel and HIPAA Privacy Officer. BizForms provides the tooling; you own the compliance implementation.

What HIPAA Mode enables

When HIPAA Mode is activated for your workspace:

  • BAA available — a Business Associate Agreement (BAA) is available for execution in Settings → Compliance
  • Storage Mode enforced — all forms in the workspace automatically require end-to-end encryption. Unencrypted response storage is disabled.
  • Analytics tracking disabled — per-form and per-field analytics are disabled on all form pages to prevent PHI from appearing in analytics data
  • PHI field flagging — fields can be individually marked as PHI, which restricts their visibility in notifications and exports
  • Audit logging — all access to response data, exports, and settings changes are logged
  • Session timeout — dashboard sessions automatically expire after 15 minutes of inactivity

Enabling HIPAA Mode

  1. Go to Settings → Compliance
  2. Under HIPAA, click Enable HIPAA Mode
  3. You'll be prompted to confirm that you've reviewed and accept the compliance requirements
  4. Download and execute the BAA if required by your organisation

PHI field marking

To mark a field as PHI:

  1. Open the form builder and click the field
  2. In the right panel, scroll to Compliance
  3. Toggle Mark as PHI (Protected Health Information)

PHI fields are:

  • Hidden from email notifications — the notification email shows "PHI field — view in app" instead of the field value
  • Redacted in exports — CSV exports show [PHI REDACTED] unless the exporting user has PHI access
  • Subject to data retention — if a retention window is set, PHI fields are purged automatically

Data retention for PHI

Configure automatic data purging on PHI fields via Settings → Compliance → Data Retention. Set a retention window (e.g., 7 years) and BizForms will automatically delete PHI field data after that period while retaining non-PHI fields.

Business Associate Agreement (BAA)

The BAA is available to Business plan customers. Go to Settings → Compliance → BAA to download the template. Execute it and return a signed copy to legal@bizforms.io. Retain a copy for your records.

PreviousManaging Your Encryption KeyNext GDPR & Data Erasure

Something unclear? Let us know.