HIPAA-Compliant Web Forms

Secure Forms

Collect sensitive data online with secure website forms. Accelerate business workflows by integrating forms with existing databases, email accounts, and more.

Schedule a Demo

Secure Web Forms for Healthcare for Healthcare

Healthcare organizations that want to use web forms to collect information online must adopt security measures that protect sensitive data and meet compliance requirements. Unsecured web forms can provide easy access for hackers to infiltrate and collect confidential information. LuxSci developed HIPAA-compliant Secure Forms to permit the safe collection of patient data online. Using Secure Forms allows organizations the flexibility to safely move workflows online.

Secure Form Features

Secure Form seamlessly integrates with current web or PDF forms. Secure Form is compatible with any CMS (including WordPress), as well as custom-coded pages made using HTML, PHP, JAVA, and any other language. Data can be saved in multiple formats: plain text, two-column html, CSV (Excel), XML, refilled custom templates (HTML, XML, or other), and refilled PDF templates (even with data from Web forms).

LuxSci also offers Ink Signatures for forms. These capture the authentic handwritten signatures of anyone filling out a Secure Form-enabled web form. There's no special software or technical knowledge required. Anyone can sign with a mouse, a stylus, or a touchscreen. This user-friendly feature provides an easy way to add legally binding signatures to forms and are much easier to implement than other digital signature technologies.

The Secure Form FormBuilder is a web interface that allows individuals to configure and customize forms without coding knowledge. Secure Form protects data during transmission, using TLS encryption, and at rest, using PGP and/or AES encryption.

Show Features

General Features

(+) show all descriptions

Feature
HIPAA Compliant
Integrate with web-based forms
Secure your existing forms Add only a few of lines of code Use Ink Signatures and Spam protection Deliver/save your data where you need it Create PDFs from web form data
Integrate with PDF forms
Capture form data from PDFs Secure hosting for PDF forms Create PDFs from submitted data PDF template support Supply thank you/success PDFs to your users
Web Form Builder
Written Ink Signatures

Security

(+) show all descriptions

Feature
Securely transmit web (HTML) form data over SSL
Securely transmit PDF form data over SSL
HIPAA-compliant web form submission and processing
HIPAA-compliant PDF form submission and processing
At-rest encryption in Email, SecureChat, MySQL and WebAides^TM Documents
TLS-encrypted form posts without purchasing your own certificate
Enforceable security policies to ensure a secure end-to-end process
Anti-virus scanning of uploaded files
Secure Form uses ClamAV (which is updated hourly) to scan all uploaded files. Any form submissions with suspect files will be rejected.
Block web (HTML) form spam and abuse
Limit, deny, or allow form posts by IP address
Block unwanted posts to your web forms via: Optional Form Spam blocking without CAPTCHA (requires that the end user have JavaScript enabled and performs extended validation checks on the submitted data to block spam bots). Optional HTTP referrer checking Optional IP address allow and deny lists Optional per-IP address rate limits; cut-off IP address(es) if limit exceeded over 24 hours.
TLS, SFTP, and other security measures are optional (except for HIPAA)

Form Configuration

(+) show all descriptions

Feature
Web (HMTL) form submit via HTTP POST or GET
Web Forms: Custom success and failure pages
You supply links to your own success and failure web pages; the end user is shown these once the form posting completes. For PDF forms, you supply your own success and failure PDF documents to be displayed to the end user once the form post is complete.
PDF Forms: Custom success and failure PDFs
You can upload a PDF to show on successful form submission and, optionally, one to display on failure. The success PDF can be a "template" so that form data can be re-filled back into it before it is sent back to the user. This allows you to either give the user a copy of the completed form or a personalized success page.
Ink Signatures: Capture hand written signatures in web forms.
Supports up to 25 files & 100 MB of data in each form post.
All posted files are automatically scanned for viruses; posts with viruses are rejected.
Integrate with client-side AJAX form submission
Forms can be configured to return only HTTP status codes (e.g. 200 for success, and 400+ for failure) so that your web site JavaScript processes can submit forms, know if the submission was successful or not, and then take further custom actions based on the result. This "AJAX Mode" is useful for: Auto-detecting and handling any kind of submission failure. Performing "behind-the-scenes" form posts Complex business logic Continuing operation on the same page after the form post is complete (e.g. after re-drawing part of the page). Any situation where you do not want to navigate away from the current page.
Suppress/skip selected form fields
Internationalization: all form data converted to UTF-8
Dynamically name refilled template files with field values and time/date stamps.
When using PDF or text template files, you can specify rules for file name creation so that each post can have a different or unique name. You can insert date and time data as well as content from the form post itself.
Enable form submitter to download his/her submitted web form data securely
You provide a Template (PDF or other format) and Secure Form refills it and saves that temporarily. Secure Form passes a link to your "Success" web form page; you display that link to your end user (the "Success" page must be dynamic and not plain HTML). The end user has one hour to download that file. SSL is used for the download link if you are using SSL for your form posts Branding is used for the download link if you have Private Labeling for your Secure Form Only someone at the end-user's IP Address uses this special download link. The temporary download expires in 1 hour Compatible with Ink Signatures -- the signatures will be appended to PDF templates. Note that you must have the ability to program your web form success page so that it can read the passed web address and display that to the end user as a link. This feature only works with Web Forms.
PDF form submit via HTML, FDF, or full PDF document

Send to Email

(+) show all descriptions

Feature
Deliver posted form data to your email securely (TLS, PGP, S/MIME, or SecureLine^TM Escrow)
Use enforced TLS Only, SecureLine^TM Escrow, or PGP, or S/MIME encryption for secure email messages. Forced TLS and Escrow options requires a SecureLine^TM license. Bring your own PGP or S/MIME certificate or have us generate one for you.
Receive data in any supported format
Email data to up to 10 recipients with optional individual encryption
Email data securely to address(es) submitted from your form
SecureLine^TM can look at the value submitted in a specified form field to find the email address to which to send your form data. This email can be secured with SecureLine^TM Escrow, no matter what the address is.
Customize subject line, 'From' name, and 'From' address for the form data messages
Dynamic subject lines for the form data messages using field values (except HIPAA)
Receive data as re-filled template file (PDF/HTML/XML/other)
Upload a PDF form and have the submitted data re-filled into the form fields and saved either as an editable or not-editable PDF. A file with place holders that are replaced with your form data on submission. This file could be HTML, XML, or any other textual format. HTML Templates can be auto-converted to PDF for you.
Receive data as complete FDF or PDF file

Send to Webhook

Feature
URL-encoded or JSON Webhook support
JSON: Arbitrary/custom JSON documents
JSON: Include custom data fields
JSON: Re-map form fields and send customized data fields

Save to MySQL, Documents WebAides^TM, SFTP server

(+) show all descriptions

Feature
Save data to MySQL databases for easy access
You can have your form posts saved automatically to your MySQL database MySQL database provides automated secure remote access to form submissions MySQL storage is automated so that no special database setup or maintenance is needed and it works with any web or PDF form. Changes to your form fields are automatically reflected in the MySQL database, with no work required by you.
MySQL Encryption
Encryption at rest for MySQL-saved form posts. You can optionally choose to have your MySQL-saved form data encrypted cell-by-cell using native-MySQL AES encryption commands using an encryption key unique to your form which is not saved in plain text anywhere on LuxSci. Use our "Online reporting tools" to view the encrypted data, or connect directly to your database and use MySQL AES_DECRYPT commands, together with your key, to access the data on demand.
Online reporting tools: View, search, sort, and download data saved in your MySQL database
Online reporting tools: Grant non-administrators read access to the data from specific forms saved in your MySQL database
Online reporting tools: Re-fill text/html- and pdf-templates from saved form data for custom formatted viewing, print, and download
Online reporting tools: Optionally permit deletion of post data.
Online reporting tools: Access to and deletion of your MySQL-saved form data is audited.
API Access to MySQL-saved form data.
Save form data to your SFTP server
Save form post data and files to a Documents WebAide^TM (WebAide^TM license required)
Optionally have form data, and all files uploaded, saved to a Documents WebAide — LuxSci's file storage service. These WebAides^TM are backed up daily and we provide free restores. The data saved to these WebAides^TM can be accessed securely any time from any Web Browser. Export a combined CSV file containing all the data from any selected set of stored CSV data files. Encryption: The data saved to these WebAides^TM can be optionally PGP-encrypted so that the data is secure while stored and so that you are the only one with access to the raw form data. LuxSci's web interface can generate PGP keys for you.

Free PDF Form Hosting

(+) show all descriptions

Feature

Feature
Secure hosting for your PDF forms
For each of your PDF Secure Form configurations, you can upload the PDF form that goes with it. We will host this file for you and provide you with a secure link that you can use to access it. Unlimited accesses from anywhere Link protected with SSL (links of the form: `https://...`) Links brandable with your domain name, if you have Private Labeling) 20 MB size limit per PDF (contact support if you need larger) No additional fee for storage or access to these hosted PDFs

Secure hosting for your PDF forms

For each of your PDF Secure Form configurations, you can upload the PDF form that goes with it. We will host this file for you and provide you with a secure link that you can use to access it.

Unlimited accesses from anywhere
Link protected with SSL (links of the form: https://...)
Links brandable with your domain name, if you have Private Labeling)
20 MB size limit per PDF (contact support if you need larger)
No additional fee for storage or access to these hosted PDFs

API, Reporting & Notifications

(+) show all descriptions

Feature
API: Query, Download, and Delete Form Post Data
If you are saving Secure Form data to a hosted database, you can use our API to query this database, download rows and files, and delete rows and files. The API functions make it easy to discover what posts are new or happened in a specific time frame, and to synchronize post data with your own external systems.
Email, Securechat, and text message notices of each form post, sent up to 10 recipients.
Specify custom 'From' addresses and dynamic subject lines in notification messages.
View and download detailed logs of successful form posts (IP address of user, time, secure or insecure?) and of failed posts.
Error notifications for form data processing problems

Upgrades

Feature
Dedicated servers and clusters for maximum security and performance	available
Private Label your own target post URL for Secure Form posts (requires SSL certificate & IP adddress)

Secure Form FAQ: What You Need to Know

How does Secure Form Work?

See: How Secure Form Works.

Can I use my own forms?

Yes. Secure Form integrates with any web or PDF form hosted anywhere. A few minutes is all that it takes to update an existing form to send its data to Secure Form for processing and delivery or storage.

Do I need to host my web site with LuxSci to use Secure Form?

No. You can keep your web site where it is and either integrate its existing forms with Secure Form, or link your site to forms saved in Secure Form FormBuilder.

What format can I get the form data in?

Secure Form will transmit or save your form data in any combination of formats: plain text, two-column HTML, CSV (Excel), XML, refilled custom templates (HTML, XML, or other), and re-filled PDF templates (even with the data from web form submissions).

Where does the form data go?

Secure Form can transmit or save your form data to many different locations (Integrations). See: How Secure Form Works.

Do I get a trustmark or seal for my website?

Yes. HIPAA customers get a trustmark that looks like this:

LuxSci helps ensure HIPAA-compliance for email and web services.

Do you make or design the forms for me?

We do not make your forms. You or your web designer can modify your existing forms, make new forms hosted elsewhere, or use Secure Form visual form builder to make and host new forms.

Do you migrate my existing forms to FormBuilder?

We do not manage or migrate your forms. You or your web designer can migrate your existing forms, make new forms hosted elsewhere, or use Secure Form visual form builder to make and host new forms.

Do I have to know how to program?

You don't need programming skills when using the Secure Form visual form builder or PDF forms. When designing or updating your existing/external web forms, you or your web designer will have to edit a couple of lines of HTML code to direct the form submissions to Secure Form; if a content management system such as Gravity Forms for Wordpress generates or dynamically manages your forms, then you may need a little coding to integrate Secure Form.

How many forms or submissions can I have?

Pricing is based on the number of forms and number of submissions per day. See the Compare Plans. The tiers are:

Starter: Up to 3 forms and up to 1,000 posts/day
Professional: Up to 25 forms and up to 5,000 posts/day
Enterprise: Up to 100 forms and up to 10,000 posts/day

For larger limits, please contact sales.

How secure are the forms?

When using Secure Form, data transmits from the end-user's browser (or PDF) to LuxSci, encrypted using strong TLS ciphers. Once it arrives, what happens next depends on the integrations you configure; the security of the results is then, to a certain degree, your choice. For example:

Encrypted Email: The data can be sent encrypted using PGP, S/MIME, Forced TLS, or via Escrow secure Web pickup.
Secure FTP: You can upload data and files to your server using Secure FTP and a strong cipher like AES 256. Once the files are there, their security is up to you.
MySQL Database: You can save your form data to a database and you have the option of having all files and data encrypted at rest with native AES encryption.
WebAide File Storage: You can save your form data to our WebAide Documents collaborative online file storage system. You can choose to have this data be automatically and seamlessly PGP-encrypted.
WebHook Integrations: Data can be translated securely (over TLS) to external services using WebHooks.

You do not need your own TLS certificate to use Secure Form; however, if you are hosting your forms on your own website, we do recommend that you secure that site with TLS to protect your form pages themselves from alteration/hacking before getting to your end users.

What kinds of reports do you have?

Secure Form includes detailed reports of all successful form posts, and of many kinds of post failures (including emailed alerts of important types of failures). If saving your data to a hosted database, Secure Form provides an audit trail of views and deletions (if such are permitted) of all rows of posted data accessed via our API or or Web-based Form Database viewer.

Does Secure Form have an API?

Yes. Secure Form has an API that allows listing, downloading, and optional deletion of Secure Form data saved to a hosted database. See: LuxSci's API.

Can I use my own URL for branding/white labeling Secure Form?

Yes. You can order Private Labeling and then customize all URLs so that LuxSci's domain names are not visible anywhere. You will also need to buy your own TLS certificate or purchase one from LuxSci.

eBook: HIPAA-compliant Forms

A technical guide to securing web forms

Book 5 in the LuxSci Internet Security Series.

Created by Erik Kangas, PhD

Get the HIPAA eBook

HIPAA-Compliant Web Forms

Secure Forms

Secure Web Forms for Healthcare for Healthcare

Secure Form Features

General Features

Security

Form Configuration

Send to Email

Send to Webhook

Save to MySQL, Documents WebAidesTM, SFTP server

Free PDF Form Hosting

API, Reporting & Notifications

Upgrades

Secure Form FAQ: What You Need to Know

eBook: HIPAA-compliant Forms

A technical guide to securing web forms

find out why healthcare organizations trust LuxSci with their patient data

Save to MySQL, Documents WebAides^TM, SFTP server