" form Archives - LuxSci

Posts Tagged ‘form’

Is a “Click Here to Agree” User Agreement Checkbox Legally Binding?

Tuesday, November 16th, 2021

Your website order form or registration form comes complete with terms and conditions.  What is the best way to have the user see and agree with these terms? Ultimately, you want the user’s agreement to be legally binding so that if there should ever be an issue, you are protected. Is it good enough to have the user check an agreement checkbox? Do you have to do more? Do you have to be sure that the user actually reads the terms?

user agreement checkbox

These questions come up all of the time and rightly are a cause for concern. Just because other web sites do it “one way” does not necessarily make that way right for you or best for you. In this article, we will tackle the how the different choices you make in getting user agreement translate (or don’t translate) into binding contractual relationships.*

* This material is legal in nature and taken from discussions with our own legal counsel and from the American Bar Association. However, we are not lawyers and this should not be considered “legal advise.” Please consult your own lawyers to confirm how your choices apply to your particular situation and needs. 

1. The “BrowseWrap Agreement”: Don’t do this!

Some websites simply include a textual statement to the effect of “Using this site signifies your acceptance to our terms and conditions” or “By submitting this form, you accept our terms of use.” Near to these statements is usually (but not always) a link to these “terms.” The website user does not have to intentionally do anything to signify reading and accepting the terms. In most cases, the user may not even be aware of this statement and may not know about the terms thrust upon him/her through use of the site.

This kind of “just by using it you agree” format is known as a “browsewrap agreement.” Courts have held that these types of user agreements are not usually* binding on users and have little value in protecting the website and its owners. Do not use a browsewrap agreement if you want any kind of meaningful contract with the user if your site.

* An exception seems to be, for example, if the case where a user is behaving in a way that implies that s/he is aware of the terms and is trying to get around them.

2. The “ClickWrap Agreement”: User Agreement Checkbox

What you see more commonly is a checkbox that must be checked to signify that you accept the terms, the agreement, etc. The agreement will be either presented right there in the page (e.g. in a scrolling box) or there will be a link to it right near the check box. The user is not permitted to continue until that box has been checked indicating that the user agrees.

This is called a “clickwrap agreement.” The agreement is wrapped up in the deliberate action of clicking to signify acceptance of the terms or contract.

Courts generally uphold clickwrap agreements as legally binding. You can use them for order forms, contracts, and other types of agreements.

What makes a User Agreement Checkbox binding?

The most significant thing that makes a clickwrap agreement binding is that the user must intentionally agree (i.e. by checking the agreement box in addition to any other actions, like submitting an order). It does not actually matter if the user has read or understands the terms as long as the user agrees. Why? The user has the opportunity to read the agreement, ask questions, gain clarification, and to NOT agree if s/he does not understand or in fact just does not agree. By actually agreeing, the user is waiving the “I didn’t read it” or “I don’t understand it” complaints.

Clickwrap requirements:

  1. The terms must be on the page near the user agreement checkbox, so the user can read it. Or, there must be a clear link to the terms near the checkbox.
  2. The user must not be able to proceed with any actions (e.g. ordering, registering) until the agreement checkbox is checked.

There are a number of things that strengthen the degree to which a clickwrap agreement is binding:

  1. If a link to the terms is used, it should be prominent and clear. The text near the box should state clearly that the user is agreeing to the terms present in that link.
  2. Make sure the terms very clear and readable. I.e. use a large type size, clear text, etc.
  3. Better than a link, include the terms in a [scrolling] area above the agreement checkbox.
  4. Make sure your site actually records and saves the fact that the agreement checkbox was checked (or not)! Include all of the contextual information such as the date, time, Internet IP address, etc.
  5. Make sure that your terms agreement is a valid and normal legal document. Have your lawyer review it.

PDF DocuSign- Next Level User Agreement Checkbox

So far, we have been discussing “checking a checkbox” to agree. If you have used DocuSign or similar technologies, the process is more elaborate:

  1. You enter your name (and initials) and “assume a signature.” This is just your name rendered is some interesting font.
  2. As you read the PDF, you click on specific boxes to “Sign” your agreement. This pastes in your assumed signature.

This has all of the hallmarks of very good clickwrap:

  1. The user signs within the document — so there is no doubt that it was read or viewed.
  2. The signer intentionally clicks to agree to each signature area.
  3. You are not “done” until you have signed all areas (i.e. you can not proceed until you have explicitly agreed)

PDF DocuSign is essentially “clickwrap” made easy and done correctly for a PDF. However, it does not really add binding power beyond what you can get with regular clickwrap.

Beyond Clickwrap- Ink Signatures

What can improve on clickwrap? You can improve on clickwrap by:

  1. Intention: Making the user do more to confirm than just check a box. This shows more intention.
  2. Identity: Find ways to more strongly associate the act of signing with who is performing that act. This way there is less and less of an argument that “it wasn’t me.”

One way to go beyond clickwrap is to use LuxSci’s “Ink Signatures” and SecureForm service for collecting your web form data. Ink Signatures add a box (or multiple boxes) to your web form in which your user can sign their name with a mouse, stylus, or finger.

How can using SecureForm + Ink Signatures make document agreements more binding?

  1. By signing your name, you are doing more work than checking a box. This shows more intention and can make the contract more binding.
  2. The signature can be a required field so that the user cannot proceed without signing.
  3. As the user is signing his/her own name, there can be some identity verification though the signature images.
  4. SecureForm automatically records the date and time the form was submitted, as well as the Internet IP address of the user who signed the form.
  5. SecureForm’s GeoLocation feature records the latitude, longitude, and approximate physical address of the user who signed the form when he/she signed the form.

Item 1 speaks to intention. Items 3 through 5 improve the binding of identity to the agreement. This takes clickwrap to the next level and improves the legal enforceability of your terms and conditions.

What type of user agreement process is best for your forms? That depends on the importance of your terms and the degree to which you need to have enforceably binding agreements with your end users. Consult with a lawyer if you are unsure.

7 Steps to Make your Web Site HIPAA-Compliant

Tuesday, March 2nd, 2021

Telehealth is the new normal thanks to the Covid-19 pandemic. Many medical providers are finding that not only is telehealth a safer option during the pandemic, it can also help increase patient access to healthcare and improve outcomes. Along with video appointments, the virtual medicine push includes making protected health information available to patients via a web site and collecting similar private information from patients or would-be patients online.

However, where the health information of an identifiable individual is involved, the Health Insurance Portability and Accountability Act (HIPAA) is the official compliance document. The Omnibus rule requires all web sites, old and new, to be properly designed or their owners can face potential financial liability into the millions of dollars.

So, what do these requirements mean and how can HIPAA be followed in the context of a website?

Read the rest of this post »

Does my patient intake form need to be HIPAA compliant?

Wednesday, August 2nd, 2017

 

Our latest “Ask Erik” question involves questioning when web-based patient-intake forms need to be HIPAA compliant:

B.G. asks:

“Do we need to be HIPAA compliant if our intake forms have patient name, birthday, and address, but no social security number or other insurance information?”

The short answer is “YES“.

You need to be concerned about HIPAA compliance when you ask or send identifiable health information.  It is perhaps not surprising, but “identifiable” is a really broad concept.

Read the rest of this post »

Embedding SecureForms into WordPress using an iframe

Monday, March 14th, 2016

WordPress is an incredibly popular Web site management and blogging platform.  Customers inquire of LuxSci frequently about the best way to add forms to their WordPress pages and posts.  Not just any forms — complex forms that can be HIPAA-compliant and which can submit data securely through SecureForm.

There are numerous options here.  The two most popular are GravityForms and embedding forms with an iframe.  GravityForms is popular and very cool, but not free.  Also as GravityForms is complex and really wants to manage all of your form data itself (insecurely), integration with SecureForm is limited:

  • Multiple forms on the same page can be tricky
  • Ink Signatures can not be captured
  • File uploads can not be captured

Another alternative, which is free as it is included with your SecureForm service, is to:

  1. Build your form with SecureForm FormBuilder
  2. Embed this form into your WordPress page or post using an iframe

What is an “iframe?”  it is a tool that allows you embed one Web page within another Web page.  When you build a form with FormBuilder — that form is automatically saved and hosted securely for you and you are provided with the Web site address (URL) for that form.  All you need to do is to “insert” that hosted form into your WordPress page/post and you are all set.  All FormBuilder features are then also supported: Ink Signatures, file uploads, geolocation, etc.

Read the rest of this post »

Adding HIPAA Compliance to your Web Forms in 10 minutes

Tuesday, April 21st, 2015

Forms are pervasive on web sites; the number of forms associated with medical web sites is growing exponentially as everyone is scrambling towards the goal of a paperless office, seeking to optimize time spent processing applications and managing patient data, speeding up the process of making appointments and getting referrals, meeting meaningful use, etc.

Web forms used in the medical industry generally have to be HIPAA-compliant, however, as they almost always involve the input and transfer of ePHI in one way or another. That presents a problem as the requirements for a HIPAA-compliant web site are complex and take knowledgeable and experienced developers to implement and take extra time and money to get right — and you really have to get things right where HIPAA is concerned.

So, this is where most people are:

  1. They have a web site, which itself is likely not HIPAA compliant yet
  2. They have some web forms already … or maybe have some forms that they want to put up
  3. These forms will collect ePHI
  4. They need to set this up and have it be HIPAA compliant and don’t want to spend a lot of money or time getting it going.

What they need is “HIPAA Form Processing.”

Read the rest of this post »

LUXSCI