May 3rd, 2017

HIPAA-compliant Save and Resume for your Web forms

If you have a long or complex web form, users may wish to fill out only part of it and then save their work so that they can come back later and finish the form.  This is “Save and Resume” functionality.  While some form systems support Save and Resume, few provide HIPAA-compliant Save and Resume.

Form Save and Resume

What does HIPAA-compliant Save and Resume require?

For HIPAA-compliant Save and Resume, at a high level you need:

  1. The form data to be saved must be securely transmitted from the user’s browser to a server
  2. That data should be encrypted while stored
  3. That data must be securely transmitted back from the server when the user wants to resume editing the form
  4. Usually, the end user gets a link that can be used to resume editing the form where the s/he left off.  This link needs to be password protected or otherwise include authentication so that access to the sensitive form data is restricted.  HIPAA requires access control.
  5. Audit trail logs of saving and resuming form data should be kept.
  6. You need a HIPAA Business Associate Agreement with the service provider hosting the database where the form data is being saved.

The majority of Save and Resume functions provided by form service providers either (a) do not encrypt the data, (b) do not provide authentication for resuming the form, (d) do not keep any kind of logs, or (d) do not provide a HIPAA Business Associate Agreement for the data hosting servers.

LuxSci now provides HIPAA-compliant Save and Resume

LuxSci’s SecureForm FormBuilder now includes a HIPAA-compliant Save and Resume feature.  After you add a Save button to your web form, your users can:

  1. Press that “Save” button if they want to save their progress in filling out the form
  2. Enter a password that they will use to continue working on their form
  3. Get a unique Link can be used in any browser on any computer or device to resume editing the form

Later, the user can enter that link into any browser, and:

  1. Enter their password to unlock the saved form data and have it refilled
  2. Continue where s/he left off

LuxSci SecureForm ensures HIPAA-compliance and security by

  • Encrypting the saving and retrieval of the form data during transport to/from LuxSci using TLS
  • The saved form data is encrypted in a LuxSci database using AES encryption.  The encryption key is built using the end user’s entered password: the data can not be decrypted by anyone, even LuxSci,  without knowledge of that password.
  • End-user authentication when the form is resumed is assured via password protection
  • LuxSci logs all saves and resumes of form data and these logs are kept for 6 years.
  • LuxSci makes backups of the databases in which the form data is stored
  • LuxSci signs its HIPAA Business Associate Agreement with customers in need of that.  This agreement lays out LuxSci responsibilities with respect to SecureForm data.

LuxSci gives you control.  You can define how strong (or weak) the user supplied passwords need to be.  You can define how long the form resume links remain valid.

The password protection does not require or create any kind of “account” for the end user; it does not even ask for a username or email address.  The password-protection process simply requests a password that is used for encryption and for authorization of the end user to continue the form.

For customers who do require high levels of security (e.g. some non-HIPAA customers), FormBuilder does permit using Save and Resume without a user-supplied password.

Adding Save and Resume to your LuxSci SecureForm

If you have a form in LuxSci’s SecureForm FormBuilder and you would like to enable Save and Resume, here are the steps:

  1. Be sure that your have a database and have added that database to your SecureForm configuration in the “To Database” tab.  The temporarily-saved form data will be in your own hosted SecureForm database.
  2. Click on “Form Builder” and then on the “Settings” tab
  3. Enable “Save & Resume” and press “Save Changes”
  4. Click on your “Form” tab to edit your FormBuilder form
  5. Use the toolbar to add a “Button” to the form.  In the button properties dialog box, choose the button type “Save Form Progress”.  Press “Save Changes”

From now on, pressing this new button in your form will active the “Save and Resume” feature, prompting the user to enter a password and giving the user a link to use in the future.

If you would like to get fancy and have some JavaScript and CSS skills, you can custom-design your form so that it is super easy to find and use the “Save Form” button.  E.g., you could have a little button bar that follows the user as s/he scrolls the page.  The user can find buttons there for saving or submitting the form.  You can also use JavaScript to directly trigger the Save and Resume functionality any time you want it.

Leave a Comment

You must be connected or logged in to post a comment. This is to reduce spam comments.

If you have not previously commented, you can connect using existing social media account, or register with a new username and password.