formisoft
Security & Compliance

HIPAA Compliance at Formisoft

We understand the importance of protecting patient health information. Formisoft is designed with HIPAA requirements in mind from the ground up.

Technical & Administrative Safeguards

Encryption at Rest & In Transit

All patient data is encrypted using AES-256 at rest and TLS 1.3 in transit. Form submissions, files, and personal health information are protected at every stage.

Complete Audit Trail

Every action is logged with who, what, when, and from where. View, create, update, delete, and export events are all tracked for HIPAA compliance auditing.

Role-Based Access Control

Fine-grained permissions with admin, provider, staff, and patient roles. Staff only see data relevant to their role. Admins control who has access to what.

Minimum Necessary Standard

Form data is scoped to the organization. Cross-tenant data access is impossible by design. Each practice's data is completely isolated.

US-Only Data Residency

All data is hosted and processed exclusively in the United States on AWS infrastructure. Your patient data never leaves US borders. Database access requires authentication and is logged.

Business Associate Agreement

A signed BAA is included on every plan. We take our obligations as a business associate seriously and maintain appropriate safeguards.

Our Compliance Practices

All data stored and processed exclusively in the US

Patient data is never shared with third parties

Signed BAA included on every plan

Regular security training for all team members

Incident response plan for potential breaches

Annual risk assessments and security reviews

Data retention and destruction policies

Automatic session timeouts for inactivity

IP-based access logging for all API requests

Every feature in Formisoft is built with these safeguards — from the AI form builder to automated workflows and integrations. Browse our HIPAA-ready form templates or read more about building HIPAA-compliant intake forms.

Important: While Formisoft provides tools and infrastructure designed with HIPAA in mind, ultimate compliance responsibility lies with the covered entity. We recommend consulting with your compliance officer to ensure your specific use case meets all regulatory requirements.

Questions about compliance?

Our team is happy to discuss how Formisoft can fit into your HIPAA compliance program.

Contact usStart free trial

$79.99/mo · 14-day free trial · Cancel anytime