Discussion about using Drupal 8 Webform for HIPAA-compliant end-to-end encryption

This discussion took place in the chat of a presentation at the Healthcare Summit during DrupalCon Global 2020.

user avatar Marie-Elise McNeeley in a few seconds Does Drupal provide end-to-end encryption with webforms? user avatar Steve Kessler in a few seconds Webform does not provide e2e encryption but it could be done. user avatar Sarah Kraushaar in a few seconds We’ve integrated with third parties like Jotform fr HIPAA compliance webforms

Jeff Markel in a few seconds I would check with @Jacob Rockowitz - there may be some encryption ooptions in Webform

Steve Kessler in a few seconds To go on about the E2E for Webform, Webform stores from data by default in one table in the database. This database could be encrypted at rest. In Drupal 8, you could be using an alternative data store for the database, though I have not used this, we have looked at storing the table in another database. user avatar Chris Desiano in a few seconds woo hoo!! user avatar Steve Kessler in a few seconds The connection from the web server needs to be encrypted and there needs to be solid setup of frontend encryption. You could also be saving Webform data in secondary place with some of the web services for Webform. That would just be another layer to encrypt. Glad to talk more about this if you PM me on Twitter or something else. All connected here. user avatar Jeremiah Davis in a few seconds Webform is really easy to extend too. I haven’t tried to extend storage but had some call to extend the handler plugin to integrate with an API. There’s an example implementation over here (that I need to clean up and make sure works on D9) https://www.drupal.org/project/webform_api_handler user avatar Marie-Elise McNeeley in a few seconds Ok. I was curious about E2E because we’ve had requests to incorporate them on our site (for patient referrals, etc), but IT is pushing back for security reasons. I haven’t used webforms yet so I’m just fact-finding :)