How Do I Make Sure The Web Forms For My Private Practice Are HIPAA-Compliant?

by May 12, 2022

When you’re running your own private practice, things can get overwhelming.

Even after you’ve figured out all the basics of starting your own practice, there always seems to be some other little detail that’s been overlooked. One that many people find a bit stressful is ensuring that all your paperwork – especially your web forms – is HIPAA-compliant.

If moving your intake paperwork and other forms into the digital world has left you feeling overwhelmed, confused, or uncertain, this article can help! We want to make sure that whether you’re just starting your private practice, or have been in business for years but have just made the decision to move your paperwork online, that you get it right from the beginning.

Why It’s Important to Have Your Private Practice Forms Online


To Create a Paperless Practice

It may not be feasible for everyone, but a common goal these days is to achieve a ‘paperless practice.’ When you get rid of all the paper used in your office – physical patient files and the cabinets or other systems they’re stored in, handwritten notes, appointment reminders, sticky notes, etc., you can consolidate your information, streamline your practices, and access your data from anywhere. Having a paperless practice can greatly increase your efficiency, and it’s, of course, better for the environment. Not only that, but in this time of social distancing and telehealth, it makes sense.

To Make Things Easier For Your Clients

In today’s busy world, what many people find most valuable is their time. Anything that makes things faster and easier for them is what they want. The intake process is a crucial part of the customer journey in healthcare – you want to make it a smooth process for everyone! There’s also an added layer to this when you’re in the mental health field. Some people find it very hard to make that first appointment, and you can encourage them by making it as easy as possible!

To Get People Into Your Sales Pipeline Faster

A sales pipeline represents the flow and volume of your revenue opportunities. When someone is in your pipeline, they are providing an opportunity for revenue for your business. What this means is that your clients or potential clients all have specific sales potential, and they are all in different locations on that pipeline at any given moment. BUT once they are there, you have the opportunity to drive revenue.So how do you get someone into your sales pipeline? In a private practice, it starts with intake – so make it a simple process for them!

Setting Up Your Web Forms – What to Look For

The Ability to Fill Out Online

In the past, it was common to have forms available online for printing and then filling out and bringing to the office. It used to add a layer of convenience for the client, but now people want to be able to do more, faster. It’s not enough for the forms to be available online – you need to set them up so the client can fill them out online as well, from the comfort of their home.

The Ability to Sign Electronically

In order to complete the paperwork, the client will need the ability to sign electronically. This looks different, depending on what software you use, and what device the customer is using, but there are a few different ways to capture an electronic signature.

The Ability to Submit Online

You want your clients to be able to do everything they need to in one sitting, at their ease and convenience, so it’s important to let them finish up the process by submitting online.

The Ability to Be Embedded on Your Website

To make your forms easy-to-find and accessible for clients, you want them to be able to be embedded on your website. When something is embedded, it is integrated into something. Embedded forms on your website introduce an eye-catching visual element and encourage people to click and complete the forms.

HIPAA-Compliant Forms

And, of course, the forms must be HIPAA-compliant. As all health practitioners know, this is the most important thing to keep in mind when creating your client forms. Following HIPAA regulations is crucial for keeping your clients’ personal information protected – and yourself protected from legal repercussions! 

How Do I Know if My Online Forms Solution is HIPAA-Compliant?

A quick Google search will come up with lots of results for online forms solutions. Not all of these are created equal, and this is especially true when it comes to your clients’ Personal Health Information (PHI). You want to be very careful when transmitting PHI online. If you’re not sure if the forms solution you’re using or are considering using is HIPAA-compliant, you want to make sure as soon as you can. Violating HIPAA laws, even if you weren’t aware, has serious consequences.

In order for a third-party forms solution to be HIPAA-compliant, you must meet the following requirements:

  • The Form Must Be Secured By Proper Controls

This means that reasonable, proper encryption and security software must be in place to protect any data at rest and in transit. This implies that the form must be secure on any device, any application and when it is transferred from place to place digitally. 

  • The Form Must Be Submitted Using Adequate Protection

Whatever device or server the form was submitted on must have adequate technical and physical safeguards. This includes authorization protection, encryption, and controls over who can access the device. The device or server to which the form was submitted must have adequate technical and physical safeguards

  • A Business Associate Agreement Must Be Signed

If the form is provided by a third-party software vendor, there must be a standing Business Associate Agreement, or BAA, with the vendor to clarify their responsibilities and liability as well as your own. A BAA is a written arrangement that specifies what each party’s responsibilities are when it comes to PHI. If you don’t sign this type of agreement when using a form system from a third-party, then the system you’re using is not HIPAA-compliant

Further Considerations for Protecting Client Data

  • Email Notifications

Many form solutions send email notifications when a submission is recorded. Make sure that you disable any notifications that may contain PHI.

  • Passwords and Login

Only a few people (or better yet, only one person) should have access to the account where client PHI is stored. You don’t want to risk a security breach through an unsecured device login! Make sure your passwords are strong and are changed every 6-8 weeks.

  • Stored Credit Card Authorizations

It’s often standard practice to have clients sign an authorization form that allows you to store their credit card information online for future payments. Having this kind of access to clients’ credit card information adds another level of responsibility for you – you must ensure that this financial information is protected. More importantly, this financial information is also PHI! Why is it considered to be protected health information? Because PHI is any information about health status, provision of healthcare, or payment of health care that can be linked to an individual.

It’s also important to understand that you can not legally store a credit card authorization form online – on any platform. If you attempt to do this on a forms solution, you will most likely be kicked off the platform. This is not the same as having a client pay online, which is fine. It’s always best to make sure that you have as many safeguards in place as possible. A non-compliant form could jeopardize client PHI and put your healthcare organization in non-compliance, with penalties up to $50,000 per incident and potential jail time.

HIPAA-Compliant Digital Forms for Your Private Practice

Not sure where to find HIPAA-compliant online forms for your practice? Here are a few options to get you started.

Jot Forms

Jot Forms is a common choice for many small business owners. This forms solution is designed to be simple, with drag-and-drop form creation. Advanced users can go straight into the HTML code, and make changes if they want, but it isn’t necessary. With jot forms, client information is stored off of your website. This means that you don’t face liability on your end for HIPAA noncompliance. Jot forms allow you to create all your standard client information fields, as well as signature fields and an option for capturing payments. You can also change colors, add your logo, and further customize your branding. Their packages range from a free package (that allows you to create up to five forms and receive 100 submissions per month, so could work for a very small business) to an enterprise package that allows you to have several users, as well as unlimited forms, submissions, fields, etc.

Microsoft and Google Forms

Both Google Forms and Microsoft Forms are HIPAA-compliant if you sign the BAA. While these are easy options, and Google Forms in particular is a popular choice, they can look unprofessional and just unsightly. There is also no ability for a client to sign online with these types of forms, however, you can accept another legally verified way instead, like the user’s entered initials. By putting in their initials in the required field, they indicate that they are allowing their initials to be used in place of an e-signature. One positive of these options is that you can embed them on your website. Microsoft Forms offer the same features, but, unlike Google Forms, they charge for this service when used for business purposes.

Secure Client Platforms

Secure client platforms are not only for online forms. You can also use them to ensure that other aspects of your business – such as file uploads, emails, file transfers and APIs – are secure. They provide automation of manual processes and other features that can help your team to do more, faster. With secure client platforms, you also have the ability to embed your forms on your website. Common secure client platforms include Formstack, Kiteworks, and FormAssembly.

Private Practice Software

Some software is designed especially for private practices. Two common examples are My Clients Plus and Simple Practice. They both offer what is called an Electronic Health Record (EHR), which is essentially a digital version of a patient’s paper chart. This information is available in real-time, not just to practitioners, but to the patient as well. So these private practice softwares offer more than just forms management, they offer an entire system for managing health care information. However, you’re not able to embed forms created with these software systems on your website. The client has to log in to a portal, so that is an extra step for them. These are potentially a good option for a smaller practice, but we don’t recommend them for larger practices because what you can do when it comes to managing larger teams and different specialties is limited.

Build Your Own Client Portal

If you don’t feel that any of these solutions will work for your practice, you can always build your own client portal. Just remember, you want to ensure that your clients’ information is secure and provide them with a simple and convenient experience. A custom client portal will cost you more time and money, but could pay off in the long run. Custom client portals tend to create a better client experience. For one, they can be seamlessly integrated with the back-end of your service. You can also create additional aspects as needed. For example, if your clients need to access certain information from home, you can make that available. If you want to create a unique portal to meet the unique needs of your business, building a custom portal may be for you, but keep in mind: your ultimate goal should be to improve the client experience. If creating your own client portal doesn’t meet the client’s needs, it’s unnecessary.

Looking For Someone To Build and Manage Your Forms For You?

Making sure your digital systems are in working order is a crucial part of your business – and it’s one of the 8 areas of focus for a well-rounded marketing strategy! Taking the time to set it up right from the beginning will save you a lot of heartache in the future. 

Not sure where to start? We can help! Schedule your free strategy session today.

Read More!

What is Google Business Profile – a.k.a. Google My Business – and Do I Need One for My Private Practice?

What is Google Business Profile – a.k.a. Google My Business – and Do I Need One for My Private Practice?

Google Business Profile, formerly known as Google My Business, is a free, multi-featured business listing that local businesses can use to manage their presence on Google Search and Google Maps. Google Business Profile is not unlike listings on online business directories such as Yelp, but it’s found directly in Google and Google Maps search results. This is why having a Google Business Profile is so important for small businesses – potential clients don’t have to visit a third-party site.


Pin It on Pinterest