encrypt fill in .pdf form
-
I use encrypted PDF all the time and don't even have any Adobe products at all. On Linux, Encrypted PDFs open natively. I know that my CPA uses them and they don't have issues with clients opening them or responding in them.
On Linux, I can fill in a form and return it encrypted, I believe, just by default.
-
I already created the form and "extended it" so that it's a fill in form and saveable. Something that only an actual Adobe product will let you do. I can encrypt it with a password there, but it seems that the person opening it would need the password to open it. Then they would fill it out, save it, and send it back. At that point I would open it with the password. Since the password would have to be sent with the form (I suppose it could be sent out of band, but this isn't practical for our group) it defeats the point of encrypting it.
I'm looking for a way to allow the person to encrypt it automatically when they save it with my public key so that I'm the only one that can open it when they are done filling it out.
As far as liability, the organization has a background company and the checks are completed by that company, but we have to have the forms on file for the auditors.
-
@scottalanmiller said:
I use encrypted PDF all the time and don't even have any Adobe products at all. On Linux, Encrypted PDFs open natively. I know that my CPA uses them and they don't have issues with clients opening them or responding in them.
On Linux, I can fill in a form and return it encrypted, I believe, just by default.
Searching on the web it seems that on a Mac there is native support, but not on Windows...
-
@Mike-Davis said:
@scottalanmiller said:
I use encrypted PDF all the time and don't even have any Adobe products at all. On Linux, Encrypted PDFs open natively. I know that my CPA uses them and they don't have issues with clients opening them or responding in them.
On Linux, I can fill in a form and return it encrypted, I believe, just by default.
Searching on the web it seems that on a Mac there is native support, but not on Windows...
Windows 10 natively supports PDFs inside Edge now. It's not perfect, but it is usable.
As for Scott's use, I'm guessing his use is what you were talking about. Pre encrypted, password shared through a different channel.
-
Maybe a secure online form for those that want to fill out online, and a PDF for printing and mailing. Keep the process simple and separate.
-
I think that probably PDF is just the wrong tool in this use case. Having people fill things out offline adds some serious complications.
-
Would a google doc form be a viable alternative? I'm in the process of helping them sign up for Google Docs for Non Profits.
-
@Mike-Davis said:
Would a google doc form be a viable alternative? I'm in the process of helping them sign up for Google Docs for Non Profits.
If you had a need for it to be encrypted I don't think Google would be the right choice.
-
@Jason I'm just looking for a secure way to get their SSN across the internet.
-
@Mike-Davis said:
@Jason I'm just looking for a secure way to get their SSN across the internet.
Google is not the place you want to have SSNs going..
Also you really need something both encrypted in transit and at rest.
-
@Jason said:
@Mike-Davis said:
Would a google doc form be a viable alternative? I'm in the process of helping them sign up for Google Docs for Non Profits.
If you had a need for it to be encrypted I don't think Google would be the right choice.
it might be if you can limit who has read access to the saved data. I know you can create a form that saves the data into a sheet that the rest of the world can't see.
-
@Dashrender said:
@Jason said:
@Mike-Davis said:
Would a google doc form be a viable alternative? I'm in the process of helping them sign up for Google Docs for Non Profits.
If you had a need for it to be encrypted I don't think Google would be the right choice.
it might be if you can limit who has read access to the saved data. I know you can create a form that saves the data into a sheet that the rest of the world can't see.
Depeding on where this is there are many laws that will block that. This isn't a secure method of storing Sensitive data anyway. If something happens a court will no doubt find you negligent.
-
This is a case where a simple custom app might be incredibly powerful and simple. But would be complex if you tried to address offline use as well.
-
@Jason said:
@Dashrender said:
@Jason said:
@Mike-Davis said:
Would a google doc form be a viable alternative? I'm in the process of helping them sign up for Google Docs for Non Profits.
If you had a need for it to be encrypted I don't think Google would be the right choice.
it might be if you can limit who has read access to the saved data. I know you can create a form that saves the data into a sheet that the rest of the world can't see.
Depeding on where this is there are many laws that will block that. This isn't a secure method of storing Sensitive data anyway. If something happens a court will no doubt find you negligent.
For my own education - what's not secure about it?
Google will sign a BAA for HIPAA for example, just like MS will.
https://support.google.com/a/answer/3407054?hl=enSo while their willingness to sign a BAA itself isn't proof that they are secure, I really can't see them being willing to get sued over this and not be at least as secure as required, and probably a whole lot more so.
I'm not sure who it is that keeps posting around here that they can't use hosted email because the of the sensitivity of their environment, but those customers are much more far and wide compared to healthcare customers which themselves are far and wide compared to non healthcare customers when it comes to these regulations.
-
@Dashrender said:
So while their willingness to sign a BAA itself isn't proof that they are secure, I really can't see them being willing to get sued over this and not be at least as secure as required, and probably a whole lot more so.
HIPAA isn't about keeping data secure.. it does the opposite.
-
@Dashrender said:
I'm not sure who it is that keeps posting around here that they can't use hosted email because the of the sensitivity of their environment, but those customers are much more far and wide compared to healthcare customers which themselves are far and wide compared to non healthcare customers when it comes to these regulations.
It's amazing how insecure the healthcare field really is.
I think the thing to remember is that if you aren't bound by regulations (for example with HIPAA, if you aren't a covered entity) just the concept of security applies to you, not the law itself.
-
@Jason said:
@Dashrender said:
So while their willingness to sign a BAA itself isn't proof that they are secure, I really can't see them being willing to get sued over this and not be at least as secure as required, and probably a whole lot more so.
HIPAA isn't about keeping data secure.. it does the opposite.
It doesn't exactly force the opposite, just encourages it. HIPAA is more an excuse for not being secure than an encouragement to actually be secure. I definitely mostly run into HIPAA as "well HIPAA doesn't stop me from being insecure so I'm not worried about" rather than "oh man, I have to do extra secure because of HIPAA."
-
@BRRABill said:
@Dashrender said:
I'm not sure who it is that keeps posting around here that they can't use hosted email because the of the sensitivity of their environment, but those customers are much more far and wide compared to healthcare customers which themselves are far and wide compared to non healthcare customers when it comes to these regulations.
It's amazing how insecure the healthcare field really is.
I think the thing to remember is that if you aren't bound by regulations (for example with HIPAA, if you aren't a covered entity) just the concept of security applies to you, not the law itself.
Actually, HIPAA provides a defence against litigation that previously would have been more viable. It doesn't completely block litigation but it is a very, very strong tool used by healthcare to protect itself from needing to meet the standards of the world in general.
-
@Dashrender said:
Google will sign a BAA for HIPAA for example, just like MS will.
https://support.google.com/a/answer/3407054?hl=enThat implies that they do certain things, but only so much. The question here was about protecting the data which goes farther than HIPAA would go. Google wouldn't be able to be sued usefully in a breach as long as they were HIPAA compliant.
-
That link does list other ISO certifications they have.
None the less, I don't consider them an insecure platform - if you do, why do you?