Online Form Design Best Practices

October 2nd, 2018

Most businesses and organizations today use online forms to collect customer information. The same applies to healthcare companies. But, healthcare companies need to abide by stringent regulations concerning PHI or Protected Health Information under HIPAA.

So, it is of the utmost importance for such organizations to follow certain best practices when designing these forms. Let’s take a look at a few of them.


First and foremost, the data filled into the form must be secured when being transmitted, processed, and stored. One way to do that is via encryption. Encryption secures form data by making it unreadable to those who do not have access. This typically includes the browser and server.

SSL is one of the encryption options you can consider. It stands for Secure Sockets Layer, and it’s a type of security protocol that secures the connection between sender and receiver. So, when data is transmitted, only the sender and receiver can access it. No third party can intercept and retrieve the data.

So, SSL encryption allows you to secure the submitted data during transmission.

You can make the data even more secure by adding an authentication layer. That means that only people who are authorized to view the data will be able to do so. This can go a long way in preventing unauthorized access.

Protect Yourself from Bots

Bots are automated programs that go poking around the internet, looking for information, system vulnerabilities, and ways to send spam, among other things. It is prevalent for such bots to fill out and submit online forms automatically, often with garbage or spam.

Several techniques exist to detect if forms have been filled out by a bot and block that submission. This includes the use of captcha and JavaScript techniques to take advantage of the fact that most bots do not process JavaScript effectively.

Of course, bots are evolving, and some don’t fall for these tricks. But, this is still one of the best ways to prevent spam and other attacks.

Secure Form

Secure Form from LuxSci is another option you can consider. The service works by determining whether or not a real person is accessing your form. If it fails to detect a real person, the tool blocks the submission. There are no requirements for the entry of security codes/images. The system verifies if the user uses an updated web browser with JavaScript and cookies enabled. Most web bots do not support JavaScript and cookies, which is precisely what modern browsers do.

Secure Form also supports archival by allowing for the saving of forms within an online document storage location. Beyond that, Secure Form includes many “integrations” which enable you to save or send your form data to the places you need it: databases, secure email, secure FTP sites, Slack, SecureChat, and any online service that supports a standard WebHook API.


The second option is to use CAPTCHA. CAPTCHA is a security protocol designed to differentiate between computers and humans by requesting users to identify a series of letters in a box. CAPTCHA has proven to be very effective at keeping away spam. We now also have ReCAPTCHA, which serves the same purpose, but instead of words, it involves identifying specific images.

However, there are a few things to consider when using CAPTCHA/ReCAPTCHA. It is an extra step in the form-filling process, which can be a problem. Your customers may not be okay with having to complete another step. CAPTCHA has been known to cause abandonment even though it offers a high level of security.

So, consider your forms’ nature when implementing CAPTCHA/ReCAPTCHA for security purposes. That brings us to the next topic.

Don’t Ask for Too Much Information

There is information that you don’t need, and there is information that you need. This is something to think about when designing online web forms. Of course, information collection can often be voluminous in the healthcare industry. However, you should always keep it down to the essentials.

This will prevent abandonment, make it easier and quicker for your users, and result in less sensitive data to secure.

Make it Easier to Fill Up Data

Simplify the filling-up process using autofill. There are bound to be some entries that are common or standard. For instance, when entering an address, provide select lists for Country and State instead of allowing free text. Similarly, simplify how specific fields are filled in; for example, provide a date picker for entering a birthday or appointment date.

This can save a lot of time, prevent errors, and help with data consistency.

Want to discuss how LuxSci’s Secure Form Solutions can help your organization? Contact Us