Does Typeform Sign a HIPAA Business Associate Agreement?
By BAA Generator Editorial · Published Apr 19, 2026 · Last reviewed Apr 19, 2026 · 5 min read
Key Takeaways
- ✗ No — Typeform does not sign a HIPAA BAA on any plan, including Enterprise
- ✗ Typeform cannot be used for patient intake forms or any PHI collection
- ✓ JotForm (HIPAA plan) is the leading purpose-built alternative for healthcare intake forms
- ✓ Google Forms (Workspace BAA) and Microsoft Forms (M365 BAA) are additional alternatives
Why Typeform Cannot Be Used for Patient Intake
Typeform is a well-designed online form builder popular with marketers, researchers, and UX teams. However, it is not built for healthcare compliance and Typeform does not offer a HIPAA BAA on any plan — including its highest-tier Enterprise plans.
Patient intake forms inherently collect PHI: patient names, dates of birth, insurance information, medical history, current symptoms, medications, and other protected health data. Any form builder that processes this information is a Business Associate under HIPAA and must execute a BAA with covered entities.
Since Typeform will not execute a BAA, it cannot legally be used for this purpose.
HIPAA-Compliant Form Builder Alternatives to Typeform
| Form Builder | HIPAA BAA Available? | Notes |
|---|---|---|
| JotForm (HIPAA Plan) | Yes | Dedicated HIPAA plan; ~$39/month; purpose-built for healthcare |
| Google Forms | Yes (via Workspace BAA) | Covered under Google Workspace BAA; requires Workspace plan |
| Microsoft Forms | Yes (via M365 BAA) | Covered under Microsoft 365 BAA; requires qualifying M365 plan |
| Formstack | Yes (HIPAA plan) | Offers HIPAA-compliant forms; verify current plan details |
| Typeform | No | Not HIPAA eligible; no BAA on any plan |
Migrating Away from Typeform for Patient Intake
If your practice currently uses Typeform for patient intake forms, here is a migration checklist:
- Audit current Typeform forms: Identify which forms collect PHI (patient name, DOB, health history, etc.)
- Choose a HIPAA-eligible alternative: JotForm's HIPAA plan is the most popular direct replacement for form-builder use cases
- Rebuild intake forms in the new tool: Recreate your form fields with the same structure in the HIPAA-eligible platform
- Execute the BAA with your new provider: Do not begin collecting PHI until the BAA is signed
- Delete PHI from Typeform: After migration, delete any PHI that may have been stored in existing Typeform submissions
- Update your HIPAA Risk Analysis: Document the migration and new vendor BAA in your compliance records
Typeform for Non-PHI Healthcare Uses
Typeform is not inherently barred from all healthcare use — only uses that involve PHI. Acceptable healthcare uses for Typeform include:
- General marketing surveys (no health information)
- Non-patient satisfaction surveys that do not link responses to health records
- Employee feedback forms that do not involve PHI
- General website contact forms for prospective patients (before they become patients)
Frequently Asked Questions
Does Typeform sign a HIPAA BAA?
No — Typeform does not sign a HIPAA BAA on any plan, including Enterprise. Do not use Typeform for patient intake or any PHI collection.
Can I use Typeform for patient intake forms?
No — patient intake forms collect PHI and require a HIPAA-eligible form builder with a BAA. Migrate to JotForm (HIPAA plan), Google Forms (via Workspace BAA), or Microsoft Forms (via M365 BAA).
What HIPAA-compliant form builders offer a BAA?
JotForm's HIPAA plan (~$39/month) is purpose-built for healthcare. Google Forms (via Google Workspace BAA) and Microsoft Forms (via M365 BAA) are also HIPAA-eligible when used on qualifying plans. Formstack also offers HIPAA-compliant forms — verify current details with each vendor.
For a broader look at which vendors sign HIPAA BAAs, see our vendor BAA lookup guide.
Need to generate a BAA for a vendor that does sign?
When you switch to JotForm or another HIPAA-eligible form builder, generate your BAA document in minutes.
Generate BAA for Free →