" web form Archives - LuxSci

Posts Tagged ‘web form’

7 Steps to Make your Web Site HIPAA-Compliant

Tuesday, March 2nd, 2021

Telehealth is the new normal thanks to the Covid-19 pandemic. Many medical providers are finding that not only is telehealth a safer option during the pandemic, it can also help increase patient access to healthcare and improve outcomes. Along with video appointments, the virtual medicine push includes making protected health information available to patients via a web site and collecting similar private information from patients or would-be patients online.

However, where the health information of an identifiable individual is involved, the Health Insurance Portability and Accountability Act (HIPAA) is the official compliance document. The Omnibus rule requires all web sites, old and new, to be properly designed or their owners can face potential financial liability into the millions of dollars.

So, what do these requirements mean and how can HIPAA be followed in the context of a website?

Read the rest of this post »

Are you encouraging insecurity via your Web site contact and intake forms?

Friday, April 15th, 2016

Many Web sites have “contact us” pages and other Web forms for receiving requests from existing or potential customers.  This includes “new patient intake” forms on the Web sites of healthcare providers.

 

The garden variety Web form suffers from several serious problems:

  • Spam – Getting unwanted form submissions from Web robots.
  • Privacy – Often, sensitive data is submitted insecurely through these forms.
  • Archival – You may need an archived record and backup of all submissions.
  • Notices – You may need to be alerted of form submissions, even if you are not online.

Proactive privacy vs. neglect of privacy

When your Web forms transmit data insecurely, store or send data insecurely, or otherwise to do not treat the data submitted with the level protection that it deserves, you are putting the users of your forms at risk.

The typical argument is that “it is up to the user of the forms to decide if they want to submit sensitive information.” In fact, many insecure forms even have disclaimers requesting people to not submit sensitive information if they have concerns … and then the forms go on to ask lots of sensitive questions.   Especially without a disclaimer, but even with one, the form is actively soliciting people to submit their information insecurely and requesting them to take risks with their private data.   This is not good.

In areas such as healthcare, where these forms are often collecting sensitive health data (protected health information – PHI), the fact that an organization solicits the submission of PHI through insecure, non-HIPAA-compliant means is far from a “best practice”.  Why?

Read the rest of this post »

Adding HIPAA-Compliance to your Web Forms in 10 minutes

Tuesday, April 21st, 2015

Forms are pervasive on web sites; the number of forms associated with medical web sites is growing exponentially as everyone is scrambling towards the goal of a paperless office, seeking to optimize time spent processing applications and managing patient data, speeding up the process of making appointments and getting referrals, meeting meaningful use, etc.

Web forms used in the medical industry generally have to be HIPAA-compliant, however, as they almost always involve the input and transfer of ePHI in one way or another.  That presents a problem as the requirements for a HIPAA-compliant web site are complex and take knowledgeable and experienced developers to implement and take extra time and money to get right — and you really have to get things right where HIPAA is concerned.

So, this is where most people are:

  1. They have a web site, which itself is likely not HIPAA compliant yet
  2. The have some web forms already … or maybe have some forms that they want to put up
  3. These forms will collect ePHI
  4. They need to set this up and have it be HIPAA compliant and don’t want to spend a lot of money or time getting it going.

What they need is “HIPAA Form Processing“. 

Read the rest of this post »

Wish your Web Site Form submissions could turn into PDFs?

Thursday, April 2nd, 2015

Would you like this work flow?

  1. People fill out forms on your web site
  2. They press “Submit”
  3. You get that submissions as PDFs that looks just like you need them to

It is simple; we find many organizations are looking for this because either:

  • Their people are used to processing documents that look a specific way — and if their web site submissions could look like the forms people are used to … then processing accuracy is improved and change is minimized
  • PDFs are a standard way of saving and archiving documents
  • Maybe you also want to collect a signature on your web form and have the PDF signed

Most web form processing solutions do not have the capacity to produce flattened, custom PDFs from your web form submissions; almost none can also do it securely, in a HIPAA-compliant manner.

Read the rest of this post »

Does my online form have to be HIPAA Compliant if it doesn’t ask for medical information?

Monday, September 29th, 2014

HIPAA FormsFor folks in the medical field, there is often a lot of uncertainty regarding which kinds of web forms need HIPAA compliance and which ones do not.  We often have customers asking if this or that form really needs to be secure or not.

The short answer is that you should probably just make ALL of your forms secure, like like it is best to make all pages of your web site secure, no matter what is on the page.  This instills more trust in your web visitors and as a result results in more business.  It doesn’t take much work to secure your forms, so you might as well just do it for all of them in a clear and consistent way.  Your user’s data will be protected, and they will know that you are looking to make the best choices for them, even in cases where it might not strictly be necessary.  This is a good thing.

Back to the original question….

If you are a medical office, do some forms not need to be secure and HIPAA compliant, depending on what is collected?

Note: the following is suggested advice from LuxSci based on our understanding of HIPAA; however, this should not be taken as legal advice.  We advise you to consult your lawyer for accurate legal advice pertaining to your particular situation.

HIPAA requires that all electronic Protected Health Information (ePHI) be secured to protect the privacy of the individuals identified in the ePHI.  So, as long as either (a) HIPAA does not apply to you, or (b) your form does not collect ePHI, then you do not have to secure the web form.

Let’s look at each of the two criteria so that you can tell if either one may apply to you or your form.

Read the rest of this post »

LUXSCI