Regarding HIPAA compliance, I need to know if the data entered onto the form are encrypted both in transit and at rest. I am fairly certain that they are encrypted in transit, but I do not know if they are "at rest," i.e., while stored on Adobe's servers. Is there any way for an individual, such as an Adobe employee, to gain access to form data? This matter is critical in the evaluation of FormsCentral as a potentially HIPAA compliant solution.
FormsCentral is not HIPAA compliant.
But is the information stored on the server encrypted? If you are collecting sensitive information, such as financial information, is this information secure while it is being archived in the response tables?