LUXSCI

SecureForm: HIPAA-Compliant Forms

Web Forms

  • Secure your existing web site forms
  • It only takes a couple of lines of code
  • Use Ink Signatures and Spam protection
  • Deliver/save your data where you need it
  • Data protection: Save your data in multiple places
  • Create PDFs from web form data

PDF forms

  • Capture form data from PDFs
  • Secure hosting for PDF forms
  • Create new PDFs from submitted data
  • PDF template support
  • Supply thank you/success PDFs to your users

FormBuilder

  • Design your own web forms
  • Securely hosted for you
  • Drag-and-drop, responsive editor
  • Use custom CSS and JavaScript
  • Discover: FormBuilder

Ink Signatures

Request a demo

Enter your contact information

I accept LuxSci's privacy policy.

How can SecureForm Help You?

Since we started using LuxSci SecureForms, we were finally able to let our clients to sign up through our website and stay HIPAA-compliant. It is awesome how much you get for such a low price. WebAides and SecureSend are included and allow us to easily let our partner physicians send us information securely without the hassle of setting up and training everyone. There are many options out there, but once you add the word HIPPA, the price skyrockets—not with LuxSci though. We made a good choice."

Jacob Rodriguez . I.T. Support . Healthcare2U

How SecureForm Works

1. SecureForm Setup

With FormBuilder, all you have to do is:
  1. Use our web interface to configure what happens to the data that is submitted via your form. There are a variety of options available, allowing you to totally customize how your forms behave and how the data is processed.
  2. Use Form Builder to visually create your form.
Otherwise, getting started with SecureForm is as easy as 1-2-3:
  1. You design your own web site forms and/or PDF forms.
  2. Use our web interface to configure what happens to the data that is submitted via your forms.
  3. Point your form to the web address that we provide to you.

That's it!

2. SecureForm Processing: End-user Perspective

Web Site Forms

If your form is setup as a web page on your site or created using FormBuilder:

  1. A user visits your web site and fills out your web form.
  2. When they have completed filling out the form, they press the "Submit" button.
  3. The data they entered is sent to LuxSci via the secure web address we provide to you.
  4. If the data is sent successfully, the visitor is redirected to a "Success" page on your web site.
  5. If the data could not be sent successfully, the visitor is redirected to a "Failure" page on your web site instead.

Note that this process is always the same regardless of where your web site is hosted. Also, unless your web form is misconfigured, the visitor will never be redirected from your web site and will always see your URLs in the address bar. With web site forms, the submission process to LuxSci's servers is always fully transparent to the user.

PDF Forms

If your form is in a PDF, the process is similar:

  1. The user opens your PDF file and fills out the form.
  2. When they have completed filling out the form, they press the "Submit" button.
  3. The data they entered is sent to LuxSci via the secure endpoint web address we provide to you. For PDFs, the user may be prompted to first confirm that they trust the address to where the form data is being sent.
  4. On success, the user is shown your custom "Success PDF".
  5. On failure, the user is shown your custom "Failure PDF".

3. Your SecureForm Results: Delivered

Choose your Integrations

Where would you like your data to be saved or sent?

Database.  Instead of a file, have your data uploaded directly to a MySQL database. Access that data online through our reporting tools.
Document Storage.  Store your file in LuxSci Documents, part of our WebAides collaboration suite.
Email.  Send the form data and files to you via regular or secure email. Send to any email address/multiple email addresses.
FTP/SFTP Server.  Have your data uploaded to any web server via FTP or SFTP.
Notice.  Send a simple post notification via Email, SMS/text message, SecureChat.
SecureChat/Mediprocity.   Send the form data and files directly to your mobile device or desktop using our real-time SecureChat service.
Dropbox.  Send form data and files to your Dropbox account.
Slack.  Send a custom data-laden message to any Slack channel.
Webhook.  Send a to any third-party service that supports inbound JSON or URL-encoded Webhooks.
Choose your Formats

What formats would you like your saved/sent data in? Some Integrations (e.g. WebHook) come with their own special data format customization options.

Plain text.  Receive your data as a raw text file.
Tabular HTML.  A nicely formatted, two-column HTML view of the form fields and data.
XML   Simple, automatically-created XML document.
PDF.  Receive your data as a complete FDF or PDF file, or as a refilled PDF template file.
Text/HTML Template.   Receive your data as a refilled template file in text, HTML, XML, or any other text-based file format.
CSV.  Receive your data as a CSV (Comma Separated Values) file to be viewed in programs such as Microsoft Excel.

Compare Plans

SecureForm services can also be an upgrade/add-on for customers with existing Secure Email or Secure Hosting accounts.

Feature Shared Business Shared Enterprise Dedicated Business Dedicated Enterprise
HIPAA Compliance Available?
* *
HIPAA compliance is available for all SecureForm accounts except the 3-form shared options.
FormBuilder
PDF Hosting
PDFs are hosted in Amazon AWS and are made available through Amazon CloudFront.
PDF & HTML Templates
Ink Signatures
Secure Email via SecureLine
All Integrations
Location
USA Texas, USA USA or Custom Texas, USA
LuxSci's services are provided on servers located in USA-based data centers (RackSpace or Amazon).

*Business Class dedicated servers can be provisioned in RackSpace and Amazon data centers around the world if requested by the customer. There may be an additional setup fee for a non-standard location.

Multiple firewalls

Enterprise class servers and Business Class servers at RackSpace enjoy software firewalls and redundant HA hardware firewalls.

Business Class servers at Amazon enjoy software firewalls and AWS Security Group logical network firewalls.

Backups Included?
Standard backups of your server data are included. These include 7 daily on-site backups and 4 weekly off-site backups.
Full Disk Encryption
*

*Business Class dedicated servers from RackSpace, used for large-scale emailing only have full disk encryption if requested by the customer. This will require ordering a separate disk.

Dedicated SecureForm Processing?
Dedicated SecureForm Processing requires a dedicated server with Private Labeling.

When ordering shared SecureForm services, SecureForms are processed through a shared Enterprise Class cluster and your data is saved on a shared Business Class or Enterprise Class server.

Dedicated solutions are ideal for isolating both your data and the processing of your data from everyone else. Dedicated SecureForm Processing servers require servers with a minimum of 2 CPU cores and 4 GB of memory.

Custom Backup/Retention Schedules?
Dedicated server customers can choose custom backup frequencies and retention schedules; this may come with an additional cost. Contact sales for more information.
Server Type
Single server Redundant Cluster Single Server Redundant Cluster
Business Class servers are single virtual servers running in the RackSpace or Amazon Public cloud. Enterprise Class servers are VMWare virtual servers running on a redundant cluster of servers in LuxSci's Private Cloud at RackSpace.
Account Isolation: No other LuxSci customers have access to your server. No shared servers.
In a shared solution, many 100s or 1000s of separate customers share the same server. Security replies on logical and software partitioning of access and resources. Shared solutions are inherently less secure, have less consistent performance, but are less expensive. Dedicated servers are recommended for when security and consistent performance are important.
Ultra-reliable: proof against hardware failure
Enterprise Class servers are virtual machines that run on a redundant VMWare cluster. If one of the underlying hypervisors should have a hardware issue, all servers running on it are immediately rebooted on another hypervisor, limiting potential downtime to seconds.

Choose Enterprise Class when server uptime is a very high priority.

Server Isolation: All servers running on the same hardware belong to LuxSci. No public cloud servers.
In the Business Class environment, your server is in a Public Cloud. This means that other servers running on the same underlying hardware (hypervisor) may be owned by organizations unrelated to LuxSci. This provides some security risk compared to use of LuxSci's Private Cloud Enterprise Class environment, where LuxSci owns the underlying hardware and is in control of all servers running on it. Additionally, the Business Class environment may have less consistent performance due to the possibility of "noisy neighbor" servers outside of LuxSci's control.
Privte Label Branding
available available
Private Label branding is optional on shared accounts. It starts at $25/mo. Private Label branding is required for dedicated SecureForm processing servers and is thus included in the "Starting Price" listed below.
Maximum Post Size:
50 MB 50 MB 50+ MB 50+ MB
On dedicated SecureForm processing servers, we can customize your maximum form post size limit.
Starting Price: 3 forms & 1K posts/day
$25/mo $40/mo $250/mo $600/mo
Starting Price: 25 forms & 5K posts/day
$50/mo $65/mo $275/mo $625/mo
Starting Price: 100 forms & 10K posts/day
$100/mo $115/mo $325/mo $675/mo
Starting Price: Custom limits
call call
 
Order Order Order Order


Custom Large-Scale Solutions

Custom large-scale solutions

Custom solutions can be tailored for very high numbers of forms or capacity, very high security, and business continuity. They can include:

  • Redundant high-availability dedicated hardware firewalls
  • Redundant high-availability dedicated load balancers
  • Network-based intrusion detection systems
  • DDOS Protection up to 100 Gbps
  • Redundant, load-balanced SecureForm processing servers
  • Redundant, load-balanced web hosting servers
  • Replicated high-availability database servers
  • System isolation and capacity scaling
  • An additional disaster recovery footprint in a different data center

If a custom solution might be right for you, contact sales.

FAQs: Perhaps you were wondering...?

Yes. SecureForm integrates with any web or PDF form hosted anywhere. A few minutes is all that it takes to update an existing form to send its data to SecureForm for processing and delivery or storage.

No. You can keep your web site where it is and either integrate its existing forms with SecureForm, or link your site to forms saved in SecureForm FormBuilder.

SecureForm will transmit or save your form data in any combination of formats: plain text, two-column HTML, CSV (Excel), XML, refilled custom templates (HTML, XML, or other), and re-filled PDF templates (even with the data from web form submissions).

SecureForm can transmit or save your form data to many different locations (Integrations). See: "How SecureForm Works".

Yes. HIPAA customers get a trustmark that looks like this:

LuxSci helps ensure HIPAA-compliance for email and web services.

We do not make your forms. You or your web designer can modify your existing forms, make new forms hosted elsewhere, or use SecureForm visual form builder to make and host new forms. We do provide custom consulting services for form design. This is $250/hour.

We do not manage or migrate your forms. You or your web designer can migrate your existing forms, make new forms hosted elsewhere, or use SecureForm visual form builder to make and host new forms.

You don't need programming skills when using the SecureForm visual form builder or PDF forms. When designing or updating your existing/external web forms, you or your web designer will have to edit a couple of lines of HTML code to direct the form submissions to SecureForm; if a content management system such as Gravity Forms for Wordpress generates or dynamically manages your forms, then you may need a little coding to integrate SecureForm.

Pricing is based on the number of forms and number of submissions per day. See the Compare Plans. The tiers are:

  • Starter: Up to 3 forms and up to 1,000 posts/day
  • Professional: Up to 25 forms and up to 5,000 posts/day
  • Enterprise: Up to 100 forms and up to 10,000 posts/day

For larger limits, please contact sales.

When using SecureForm, data transmits from the end-user's browser (or PDF) to LuxSci, encrypted using strong TLS ciphers. Once it arrives, what happens next depends on the integrations you configure; the security of the results is then, to a certain degree, your choice. For example:

  • Encrypted Email: The data can be sent encrypted using PGP, S/MIME, Forced TLS, or via Escrow secure Web pickup.
  • SecureChat: You can send form data to recipients securely using our SecureChat real-time communication and collaboration system. These messages are AES-256-encrypted at rest and encrypted via TLS during transmission.
  • Secure FTP: You can upload data and files to your server using Secure FTP and a strong cipher like AES 256. Once the files are there, their security is up to you.
  • MySQL Database: You can save your form data to a database and you have the option of having all files and data encrypted at rest with native AES encryption.
  • WebAide File Storage: You can save your form data to our WebAide Documents collaborative online file storage system. You can choose to have this data be automatically and seamlessly PGP-encrypted.
  • WebHook Integrations: Data can be translated securely (over TLS) to external services using WebHooks.

You do not need your own TLS certificate to use SecureForm; however, if you are hosting your forms on your own website, we do recommend that you secure that site with TLS to protect your form pages themselves from alteration/hacking before getting to your end users.

SecureForm includes detailed reports of all successful form posts, and of many kinds of post failures (including emailed alerts of important types of failures). If saving your data to a hosted database, SecureForm provides an audit trail of views and deletions (if such are permitted) of all rows of posted data accessed via our API or or Web-based Form Database viewer.

Yes. Users of your web-based forms can sign a written signature using their mouse, stylus, or finger, and it's possible to capture and deliver that signature along with your form post. The post can even auto-append to refilled PDF templates or inserted inline in refilled HTML templates. See Ink Signatures.

Yes. SecureForm has an API that allows listing, downloading, and optional deletion of SecureForm data stored to a hosted database.

Yes. You can order Private Labeling and then customize all URLs so that LuxSci's domain names are not visible anywhere. You will also need to buy your own TLS certificate or purchase one from LuxSci.

Other questions? Call Sales

HIPAA-compliant Form

When operating your website or database, you need to ensure that all sensitive client or patient information is secure and protected from unapproved eyes. This means using secure web forms. Unsecured forms and legal documents can provide easy access for hackers to infiltrate and collect confidential information, which is why LuxSci developed a secure web form solution. LuxSci's SecureForm processing allows you to add and store HIPAA- (Health Insurance Portability and Accountability Act) compliant patient forms, tax documents, legal forms, etc., in order to ensure your online services stay protected and legal.

SecureForm seamlessly integrates with any of your company's current web or PDF forms. SecureForm is compatible with any CMS (including WordPress), as well as custom-coded pages made using PHP, .NET, and any other language. You can save your data in multiple formats: plain text, two-column html, CSV (Excel), XML, refilled custom templates (HTML, XML, or other), and refilled PDF templates (even with data from Web forms). Our SecureForm FormBuilder allows you to use our web interface to configure and customize your own forms without any coding knowledge. SecureForm ensures that your data remains protected during transmission, using TLS encryption, and at rest, using PGP and/or AES encryption. Note: if you are a LuxSci HIPAA customer, SecureForm automatically configures for your compliance.

Secure Digital Signature Forms

One of our exciting HIPAA-compliant SecureForm features is Ink Signatures. LuxSci's Ink Signatures are simple web-based agreement boxes that allow you to easily capture the authentic handwritten signatures of anyone filling out a SecureForm-enabled web form. There's no special software or technical knowledge required; you can sign with a mouse, a stylus, or a touchscreen. This user-friendly feature provides an easy way to establish signed agreements and is much easier to implement than standard digital signatures.

eBook: HIPAA-compliant Website Basics

What healthcare organizations need to know about HIPAA-compliant web sites

Book 2 in the LuxSci Internet Security Series.

Created by Erik Kangas, PhD

Get the HIPAA eBook