" form Archives - LuxSci

Posts Tagged ‘form’

Is a “Click Here to Agree” User Agreement Checkbox Legally Binding?

Tuesday, November 16th, 2021

Your website order form or registration form comes complete with terms and conditions. What is the best way to have the user see and agree with these terms? Ultimately, you want the user’s agreement to be legally binding so that if there should ever be an issue, you are protected. Is it good enough to have the user check an agreement checkbox? Do you have to do more? Do you have to be sure that the user reads the terms?

user agreement checkbox

These questions come up all of the time and rightly are a cause for concern. Just because other websites do it “one way” does not necessarily make that way right or best for you. This article will tackle how the different choices you make in getting user agreements translate (or don’t translate) into binding contractual relationships.*

* This material is legal in nature and taken from discussions with our own legal counsel and from the American Bar Association. However, we are not lawyers and this should not be considered “legal advise.” Please consult your own lawyers to confirm how your choices apply to your particular situation and needs. 

1. The “BrowseWrap Agreement”: Don’t do this!

Some websites include a textual statement to the effect of “Using this site signifies your acceptance of our terms and conditions” or “By submitting this form, you accept our terms of use.” Near to these statements is usually (but not always) a link to these “terms.” The website user does not have to do anything to signify reading and accepting the terms. In most cases, the user may not even be aware of this statement and may not know about the terms thrust upon them through the use of the site.

This kind of “just by using it, you agree” format is known as a “browsewrap agreement.” Courts have held that these user agreements are not usually* binding on users and have little value in protecting the website and its owners. Do not use a browsewrap agreement if you want any kind of meaningful contract with your site user.

* An exception seems to be, for example, if the case where a user is behaving in a way that implies that s/he is aware of the terms and is trying to get around them.

2. The “ClickWrap Agreement”: User Agreement Checkbox

More commonly, you see a checkbox that must be checked to signify that you accept the terms, the agreement, etc. The agreement will be presented on the page (e.g., in a scrolling box) or a link to it right near the check box. The user is not permitted to continue until that box has been checked, indicating that the user agrees.

This is called a “clickwrap agreement.” The agreement is wrapped up in the deliberate action of clicking to signify acceptance of the terms or contract.

Courts generally uphold clickwrap agreements as legally binding. You can use them for order forms, contracts, and other agreements.

What makes a User Agreement Checkbox binding?

The most significant thing that makes a clickwrap agreement binding is that the user must intentionally agree (i.e., by checking the agreement box and any other actions, like submitting an order). It does not matter if the user has read or understands the terms as long as the user agrees. Why? The user can read the agreement, ask questions, gain clarification, and NOT agree if they do not understand or do not agree. By actually agreeing, the user is waiving the “I didn’t read it” or “I don’t understand it” complaints.

Clickwrap requirements:

  1. The terms must be on the page near the user agreement checkbox so that the user can read them. Or, there must be a clear link to the terms near the checkbox.
  2. The user must not be able to proceed with any actions (e.g., ordering, registering) until the agreement checkbox is checked.

Several things strengthen the degree to which a clickwrap agreement is binding:

  1. If a link to the terms is used, it should be prominent and clear. The text near the box should state clearly that the user agrees to the terms present in that link.
  2. Make sure the terms are obvious and readable. I.e., use large type size, clear text, etc.
  3. Including the terms in an [scrolling] area above the agreement checkbox is better than a link.
  4. Ensure your site records and saves the fact that the agreement checkbox was checked (or not)! Include all contextual information such as the date, time, internet IP address, etc.
  5. Make sure that your terms agreement is a valid and standard legal document. Have your lawyer review it.

PDF DocuSign- Next Level User Agreement Checkbox

So far, we have been discussing “checking a checkbox” to agree. If you have used DocuSign or similar technologies, the process is more elaborate:

  1. Enter your name (and initials) and “assume a signature.” This is just your name rendered in some interesting font.
  2. You click on specific boxes to “Sign” your agreement as you read the PDF. This pastes in your assumed signature.

This has all of the hallmarks of a very good clickwrap:

  1. The user signs within the document — so there is no doubt that it was read or viewed.
  2. The signer intentionally clicks to agree to each signature area.
  3. You are not “done” until you have signed all areas (i.e., you can not proceed until you have explicitly agreed)

PDF DocuSign is essentially “clickwrap” made easy and correctly for a PDF. However, it does not add binding power beyond what you can get with regular clickwrap.

Beyond Clickwrap- Ink Signatures

What can improve on clickwrap? You can improve on clickwrap by:

  1. Intention: Making the user do more to confirm than check a box. This shows more intention.
  2. Identity: Find ways to more strongly associate the act of signing with who is performing that act. There is less and less of an argument that “it wasn’t me.”

One way to go beyond clickwrap is to use LuxSci’s “Ink Signatures” and Secure Form service for collecting your web form data. Ink Signatures add a box (or multiple boxes) to your web form in which your user can sign their name with a mouse, stylus, or finger.

How can using Secure Form + Ink Signatures make document agreements more binding?

  1. You are doing more work than checking a box by signing your name. This shows more intention and can make the contract more binding.
  2. The signature can be a required field so that the user cannot proceed without signing.
  3. As the user signs their name, identity verification can be done through the signature images.
  4. Secure Form automatically records the date and time the form was submitted and the internet IP address of the user who signed the form.
  5. Secure Form’s GeoLocation feature records the latitude, longitude, and approximate physical address of the user who signed the form when they signed the form.

Item 1 speaks to intention. Items 3 through 5 improve the binding of identity to the agreement. This takes clickwrap to the next level and improves the legal enforceability of your terms and conditions.

What type of user agreement process is best for your forms? That depends on the importance of your terms and the degree to which you need to have enforceably binding agreements with your end-users. Consult with a lawyer if you are unsure.

7 Steps to Make your Webste HIPAA-Compliant

Tuesday, March 2nd, 2021

Telehealth is the new standard thanks to the Covid-19 pandemic. Many medical providers are finding that telehealth is a safer option during the pandemic, and it can also help increase patient access to healthcare and improve outcomes. Along with video appointments, the virtual medicine push includes making protected health information available to patients via a website and collecting similar private information from patients or would-be patients online.

However, where the health information of an identifiable individual is involved, the Health Insurance Portability and Accountability Act (HIPAA) is the official compliance document. The Omnibus rule requires all websites, old and new, to be appropriately designed, or their owners can face potential financial liability into the millions of dollars.

So, what do these requirements mean, and how can HIPAA be followed in the context of a website?

Read the rest of this post »

Does my patient intake form need to be HIPAA compliant?

Wednesday, August 2nd, 2017

 

Our latest “Ask Erik” question involves questioning when web-based patient-intake forms need to be HIPAA compliant:

B.G. asks:

“Do we need to be HIPAA compliant if our intake forms have patient name, birthday, and address, but no social security number or other insurance information?”

The short answer is “YES“.

You need to be concerned about HIPAA compliance when you ask or send identifiable health information.  It is perhaps not surprising, but “identifiable” is a really broad concept.

Read the rest of this post »

Embedding Secure Forms into WordPress using an iframe

Monday, March 14th, 2016

WordPress is incredibly popular website management and blogging platform. Customers frequently inquire about the best way to add forms to their WordPress pages and posts. Not just any forms- they want to integrate complex forms that can be HIPAA-compliant and which can submit data securely through Secure Form.

There are numerous options here. The two most popular are GravityForms and embedding forms with an iframe. GravityForms is popular and very cool, but not free. Also, as GravityForms is complex and wants to manage all of your form data itself (insecurely), integration with Secure Form is limited:

  • Multiple forms on the same page can be tricky
  • Ink Signatures can not be captured
  • File uploads can not be captured

Another alternative, which is free as it is included with your Secure Form service, is to:

  1. Build your form with Secure Form Form Builder
  2. Embed this form into your WordPress page or post using an iframe

What is an “iframe?” It is a tool that allows you to embed one web page within another web page. When you build a form with FormBuilder — that form is automatically saved and hosted securely for you, and you are provided with the website address (URL) for that form. You need to “insert” that hosted form into your WordPress page/post, and you are all set. All FormBuilder features are also supported: Ink Signatures, file uploads, geolocation, etc.

Read the rest of this post »

Adding HIPAA Compliance to your Web Forms in 10 minutes

Tuesday, April 21st, 2015

Forms are pervasive on websites; the number of forms associated with medical websites is growing exponentially as everyone is scrambling toward digital transformation. The goal of a paperless office seeks to optimize time spent processing applications and managing patient data, speeding up the process of making appointments and getting referrals, meeting meaningful use, etc.

Web forms used in the medical industry generally have to be HIPAA-compliant, however, as they almost always involve the input and transfer of ePHI in one way or another. That presents a problem as the requirements for a HIPAA-compliant website are complex and take knowledgeable and experienced developers to implement and take extra time and money to get right — and you have to get things right where HIPAA is concerned.

So, this is where most people are:

  1. They have a website, which itself is likely not HIPAA-compliant yet
  2. They have some web forms already or maybe have some forms that they want to put up
  3. These forms will collect ePHI
  4. They need to set this up and have it be HIPAA-compliant and don’t want to spend a lot of money or time getting it going.

What they need is “HIPAA Form Processing.”

Read the rest of this post »