HIPAA FORMS – Add HIPAA Compliant Webforms to Your WordPress Website

Add HIPAA Compliant web forms to your WordPress website using the HIPAA FORMS SaaS Service (subscription license key required for SaaS service).

Author:Code Monkeys LLC (profile at wordpress.org)
WordPress version required:4.7
WordPress version tested:5.2.2
Plugin version:2.2.4
Added to WordPress repository:27-12-2017
Last updated:29-07-2019
Rating, %:100
Rated by:3
Plugin URI:https://www.hipaaforms.online
Total downloads:9 834
Active installs:400+
plugin download
Click to start download

The HIPAA FORMS plugin allows you to create web forms using Caldera Forms or Gravity Forms just like you would a simple contact form. A simple checkbox next to the form within the plugin admin interface instantly takes over your form, appends the form with a HIPAA Compliant badge and signature field where users can sign by dragging their mouse or with their finger on touch screens, and upon submit encrypts the data and pushes it to the HIPAA FORMS Service API which then stores it within a HIPAA Compliant storage solution.

Users with login credentials and the appropriate user roles (administrator or hipaa) can then log into your WordPress administrator dashboard and search/view the submitted forms and even generate an encrypted and password protected PDF file of the form which can then be printed or saved to a hard drive.

Here’s how the HIPAA FORMS Service and integrated WordPress plugin secures the protected health information of your forms:
1. On submit the entire form is encrypted requiring 2 separate keys to decrypt.
2. Once the form data is encrypted it sends the encrypted data to the HIPAA FORMS Service API where it remains encrypted on a HIPAA Compliant storage solution.
3. When someone with login credentials logs into your WordPress administrator dashboard with either and administrator or hipaa user role that user can then go to the HIPAA FORMS plugin interface and view the forms that have been submitted. While you can view the decrypted forms here the data never actually leaves the HIPAA FORMS Service servers, you’re simply pulling them from the api, decrypting and viewing in your browser, the data never actually touches your hosting server.
4. The only way the data can leave the HIPAA FORMS Service servers is if you click the “generate pdf” button and create an encrypted password protected pdf file. At this point you can print or save the pdf to your hard drive but since the pdf remains encrypted and password protected the form data remains safe in transit.
5. Once you close the pdf generation window the pdf file is then destroyed on the HIPAA FORMS Service server removing any chance of a bad actor gaining access to the file.
6. Each time a user accesses the HIPAA FORMS plugin admin interface a log entry is created and stored on the HIPAA FORMS Service which you can review at any time from the HIPAA FORMS plugin interface. This is required by HIPAA Regulations to ensure any potential data breach can be back-traced.
7. Since the form data is encrypted and remains on the HIPAA FORMS Service database we ensure that protected data can not be tampered with and changed by anyone.
8. Both a SSL certificate and a BAA agreement between the user and Code Monkeys LLC (the company that developed and maintains the HIPAA FORMS Service and WordPress plugin) is required. The ability to submit or view forms is disabled until both of these requirements have been met.

NEW IN V1.5.5:
Version 1.5.5 is our first “major” update to the plugin since releasing it. This update includes an improved user interface and the following specific form settings:
1. Option to show/hide the signature field
2. Option to specify a success message or a redirect url after a form is submitted
3. Option to set who can see the submitted forms with the following options:
A. All users with admin/hipaa user role
B. Only specific users
C. Only a specific doctor/user selected within a form (ie. Patient selects a specific doctor in a form, only that doctor will see the submitted form). NOTE: Admins see all forms regardless of settings.

While we believe we’ve made the entire process as simple as possible we also understand that there may be questions or issues sometimes that the user needs addressed. Given the urgency and importance of a service such as this we’ve built a complete support ticket system directly into the HIPAA FORMS WordPress plugin interface to allow the users to submit and track support tickets without ever needing to leave their own administrator dashboard. The HIPAA FORMS Service team at Code Monkeys LLC strives to respond to tickets within 1 business day. Users can also call Code Monkeys LLC directly for support between 9am and 5pm CST.

NOTE: A subscription-based license key to access the HIPAA FORMS Service API is required from https://www.hipaaforms.online in order to submit and view forms (a free version is available, no credit card required). Your website must also have SSL enabled (url should show https://).

Web Designer Friendly

We know that the owners or board members of dental clinics, health clinics, hospitals and insurance agencies aren’t the ones that will be implementing this service. It’s YOU, the web designers and developers that have the task of finding a solution and making it work.

Our initial primary goal was to build a solution for our own website builds so we’ve done everything we can to make the installation, setup and implementation of this service as seamless and efficient as possible. If you can build a contact form with Caldera Forms you can build HIPAA Compliant web forms with our service, in fact once you have the plugin setup and build the form all you really need to do is check a box and your form is instantly compliant.

We also want to ensure that YOU have the knowledge and ability to protect both yourself and your client. While we require your client to sign a BAA agreement with us we don’t require that the web designer/developer have a BAA in place but we STRONGLY recommend it. A BAA agreement protects your client, not you or us but it is actually REQUIRED according to HIPAA Regulations and without the BAA in place your client is not in compliance and may be violating both federal and state privacy laws. While YOU may not have a legal obligation to have a BAA in place with your client, as your client’s technical expert on all thing relating to their website have a moral obligation to make your client aware that a BAA agreement should be in place between you and them.

If you’re not an agency or freelance but work on the website directly for a company you should still ensure that your company has a BAA agreement in place for all employees and any 3rd party IT professionals that may have access to protected health information. Fines for violating HIPAA Regulations can be in the six figures and your company could be out of business leaving you looking for a new job if your company is not compliant.

Regardless of if you’re an agency, freelancer or work directly for a company that takes protected private health information, if you have any questions or need help with anything relating to compliance or how to put a BAA agreement in place between yourself and your client please don’t hesitate to submit a support ticket or give us a call.

Planned For Next Major Release

  1. Finish form-specific history interface

Currently In Development Premium Add-Ons

  1. Secure file upload
  2. Secure save for later ability
  3. Appointment manager
  4. Improved Notes Interface/Functionality
  5. Patient Communication Portal (Virtual Visit/HouseCall)
    A) Real-Time 2-Way Messaging
    B) Patient Access to Submitted Forms
    C) Video E-Visit