Important: HIPAApropriateness reviews, including their summaries, are for informational purposes only. They are neither consultation nor legal advice. Be aware that while we do our best to be thorough and complete, information may be missing or possibly even inaccurate. Products also change quickly, and the review may become out of date. By continuing to read, you agree to use the information in HIPAApropriateness reviews and their summaries at your own risk.

Vital Stats

HIPAA compliance with this product appears possible?: Yes.
Recommend for your HIPAA risk management needs?: Probably.
This is a basic review. It does not contain a final recommendation, caveats, or usage notes. For many professionals, however, the basic information may be sufficient to make an informed choice about this product.

Relevant Product Characteristics

  • This product does not appear to have been designed specifically with healthcare in mind. Note that many products that are useful and appropriate for health care professionals are not designed specifically with health care in mind.
  • At least one technical leader or manager behind this product has an extensive background serving the health care industry.
  • The features and/or settings for this product are different for health care customers as compared to general customers.
    • Often this means the product adjusts for health care customers in order to meet HIPAA requirements, and/or to offer features that are only useable by health care practices (e.g. Square only allows health care customers to run HSA and FSA cards.)

Our Progress Notes

Cognito Forms is an easy-to-use online form builder, allowing you to quickly create, publish, and manage forms. Forms can be embedded directly into your website and securely transmitted and stored; form submissions can be viewed from any device, any time. Cognito Forms facilitates electronic signatures as well.

In addition, increasing its utility, Cognito Forms can integrate with WordPress and offers plugins to integrate with other third party apps. We’re pretty excited that their integration for WordPress works in a HIPAA friendly way — you can use their plugin to add forms to your WordPress site; the data submitted is securely transmitted to your HIPAA secure Cognito Forms account — bypassing WordPress — so that a business associate relationship with WordPress is not triggered (WordPress won’t execute a BAA.) You can also configure forms to securely collect payments, as Cognito Forms integrates with Stripe, Paypal and Square.

Please note that a BAA and HIPAA security configured account are only available on the Enterprise Plan ($99 per month, currently) and the trial period does not include a BAA. Please see here for Cognito Forms’ instructions for obtaining a BAA, as well as security feature information and settings guidance for HIPAA secured accounts.

Their leadership was very responsive to our requests and quite knowledgeable about the ins and outs of their security options. Cognito Forms also offer a number of solid recommendations about account settings to utilize in order to best protect PHI, which demonstrates that serving HIPAA covered entities is not an afterthought for them and that they strive to give actionable guidance to their users so that they can meet their responsibilities in the two-party process of HIPAA compliance. We have good confidence in their security culture.

This product offers a free service tier or a free trial account:

We encourage all clinicians interested in this product to try out the free trial or experiment with the free tier to see if it suits your needs.

If you discover anything of concern that isn’t addressed in this review yet, please tell Liath about it at [email protected].


Scheduled Maintenance

We will be temporarily taking the website offline at 10:00 PM Pacific (1:00 AM Eastern) tonight, July 6, in order to make some improvements. We plan to be back online by midnight Pacific (3:00 AM Eastern). We apologize for any inconvenience this may cause. Dismiss