SECURE ONLINE FORMS, DATA SECURITY, AND HIPAA COMPLIANCE
Formotus does not store customer data. Customers are responsible for their data storage.
FORMOTUS OFFERS UNPARALLELED ONLINE FORM SECURITY
The Formotus service is hosted on Microsoft Azure, for that reason Formotus can claim to have unparalleled security for a SaaS offering. Microsoft has decades-long experience building enterprise software and running some of the largest online services in the world. They use this experience to implement and continuously improve security-aware software development, operational management, and threat-mitigation practices that are essential to the strong protection of services and data. You can read more about Microsoft security and compliance here. The other elements of an organization’s mobile forms deployment are out of the control of Formotus—the organization is responsible for securing the devices of their mobile users. The connection from the mobile device to where an organization stores its data store is also managed by the organization. And finally, where the data is stored and how the data store is secured—is also the responsibility of the organization. Formotus does not store customer data by design. Our focus is on maintaining the security of the Formotus service. The Formotus service is also fully compliant with the GDPR standards, read more about that here.
SECURITY VERSUS CONVENIENCE
In designing a mobile forms strategy there is often a trade-off between security and convenience. The more securely you lock down your sensitive data, the less convenient it can be for your mobile users to work with that data. Although our customers are the ones who decide how to balance their security and convenience, the Formotus Team’s goal is to give our customers the tools and options they need to achieve whatever level of security they require.
CUSTOMERS CONTROL & SECURE THEIR OWN DATA
We built the Formotus service to enable our customer to access their data no matter where it is stored. The mobile forms that customers create with the Formotus service, and deploy to their mobile users to collect data, are submitted by the mobile users to the data store location specified by the customer when they create their Formotus mobile form. When you create your mobile forms, you define the custom user interface, business logic and data connection elements and deploy those as mobile forms to your mobile users’ devices. You can also monitor the use of those forms with metadata about when those forms have been installed, opened and submitted by whom. You can store your data just about anywhere you like. Many customers submit their data through email, using the PDF, HTML and XML data submission capabilities of the Formotus service. Formotus offers a growing number of data connectors, including SharePoint, Salesforce, Google Sheets and Google Drive.
|Where Your Data Is Stored|
|Customers store data (completely private)||no||no||no||yes||no||no||no|
|Vendors stores or sends your data through their cloud||yes||yes||yes||no||yes||yes||yes|
|Store data directly to customers data stores||no||no||no||yes||no||no||no|
|Support federated authentication||yes||no||no||yes||yes||no||no|
|HIPAA compliant||yes||yes||no||yes||no||yes||on demand|
|GDPR compliant||yes||no||no||yes||yes||yes||upon request|
|Live Data Connectors (native)|
|Query from Salesforce||no||no||no||yes||no||no||limited|
|Query from SharePoint libraries and lists||no||no||no||yes||no||no||limited|
|Query from Google Sheets||no||no||no||yes||no||no||yes|
|Query from SOAP web services||no||no||no||yes||no||no||limited|
|Query from REST web services||no||no||no||yes||no||no||limited|
|Submit to Salesforce||no||no||no||yes||no||via Zapier||limited|
|Submit to SharePoint libraries and lists||no||no||no||yes||no||no||limited|
|Submit to Google Sheets||no||no||no||yes||no||via Zapier||yes|
|Submit to SOAP web services||no||no||no||yes||no||via Zapier||no|
|Submit to REST web services||no||no||no||yes||no||via Zapier||no|
|Infopath Integration and Migration|
|Works with Microsoft InfoPath||no||no||no||yes||no||no||no|
|Has built in Infopath migration tools||no||no||no||yes||no||no||no|
OTHER SECURITY AND HIPAA COMPLIANCE FEATURES
- Mobile user authentication: to use the Formotus mobile forms you deploy to your users, the mobile users will need to login on their mobile device to authenticate as members of your Formotus organization.
- Formotus portal authentication: Formotus administrators log in to the Formotus portal, which is hosted on Microsoft Azure. Azure provides you the option to require strong passwords for this login. [Note: the credentials used by the Formotus administrator to log into the Formotus portal are unique to your Formotus account and are separate from any credentials used to access your company data on a SharePoint site for example.]
- Control over form design: the Formotus creator enables you to control the level of security built into your forms. For example, based on the credentials used to log into your Formotus mobile form, the user will see certain data pre-populates the form. When the form is submitted, their manager can open the form and see additional data fields, such as the amount of time a form was open, where the mobile user was located when they submitted the form, etc.
- Control mobile form deployments, and remotely disable users: Formotus portal administrators have complete real-time control over exactly who has access to which forms. Admins can un-deploy forms from a mobile user and it will disappear from their device. Admins can remove a user from organization they will be unable to log into the Formotus app. Disablement occurs immediately if the user is online, or when they next connect.
HIPAA is “technology neutral”. HIPAA does not specify or endorse any particular technology. However, the Security Rule included in the HIPAA guidelines lists 5 technical safeguard standards. Formotus has developed its hosted service to provide physical, administrative and technical safeguards that facilitate full compliance with the HIPAA standards for: access control; audit controls; integrity, person or entity authentication and transmission security.