SecureForm^TM: HIPAA-Compliant Forms

Web Forms

Secure your existing forms
Add only a few of lines of code
Use Ink Signatures and Spam protection
Deliver/save your data where you need it
Data protection: Save your data in multiple places
Create PDFs from web form data

PDF forms

Capture form data from PDFs
Secure hosting for PDF forms
Create PDFs from submitted data
PDF template support
Supply thank you/success PDFs to your users

FormBuilder

Design your own web forms
Securely hosted for you
Drag-and-drop, responsive editor
Use custom CSS and JavaScript
Great for power users
Discover: FormBuilder

Ink Signatures

Replacement for "I agree" check boxes
Write your name with a mouse, finger, or stylus
More legally binding
Signature captured as an image
Discover: Ink Signatures

Request a demo

Enter your contact information

Your Name

Organization Name

Your Phone Number

When would you like the Demo?

What would your like to see or learn during the demo?

How big is your organization?

1-10
11-50
51-150
151-500
501-1000
1001+

I accept LuxSci's privacy policy.

How can SecureForm Help You?

Since we started using LuxSci SecureForms, we were finally able to let our clients to sign up through our website and stay HIPAA-compliant. It is awesome how much you get for such a low price. WebAides and SecureSend are included and allow us to easily let our partner physicians send us information securely without the hassle of setting up and training everyone. There are many options out there, but once you add the word HIPPA, the price skyrockets—not with LuxSci though. We made a good choice."

Jacob Rodriguez . I.T. Support . Healthcare2U

How SecureForm Works

1. SecureForm Setup

With FormBuilder, all you have to do is:

Use our web interface to configure what happens to the data that is submitted via your form. There are a variety of options available, allowing you to totally customize how your forms behave and how the data is processed.
Use Form Builder to visually create your form.

Otherwise, getting started with SecureForm is as easy as 1-2-3:

You design your own web site forms and/or PDF forms.
Use our web interface to configure what happens to the data that is submitted via your forms.
Point your form to the web address that we provide to you.

That's it!

2. SecureForm Processing: End-user Perspective

Web Site Forms

If your form is setup as a web page on your site or created using FormBuilder:

A user visits your web site and fills out your web form.
When they have completed filling out the form, they press the "Submit" button.
The data they entered is sent to LuxSci via the secure web address we provide to you.
If the data is sent successfully, the visitor is redirected to a "Success" page on your web site.
If the data could not be sent successfully, the visitor is redirected to a "Failure" page on your web site instead.

Note that this process is always the same regardless of where your web site is hosted. Also, unless your web form is misconfigured, the visitor will never be redirected from your web site and will always see your URLs in the address bar. With web site forms, the submission process to LuxSci's servers is always fully transparent to the user.

PDF Forms

If your form is in a PDF, the process is similar:

The user opens your PDF file and fills out the form.
When they have completed filling out the form, they press the "Submit" button.
The data they entered is sent to LuxSci via the secure endpoint web address we provide to you. For PDFs, the user may be prompted to first confirm that they trust the address to where the form data is being sent.
On success, the user is shown your custom "Success PDF".
On failure, the user is shown your custom "Failure PDF".

3. Your SecureForm Results: Delivered

Choose your Integrations

Where would you like your data to be saved or sent?

	Database. Instead of a file, have your data uploaded directly to a MySQL database. Access that data online through our reporting tools.
	Document Storage. Store your file in LuxSci Documents, part of our WebAides^TM collaboration suite.
	Email. Send the form data and files to you via regular or secure email. Send to any email address/multiple email addresses.
	FTP/SFTP Server. Have your data uploaded to any web server via FTP or SFTP.
	Notice. Send a simple post notification via Email, SMS/text message, SecureChat.
	SecureChat/Mediprocity. Send the form data and files directly to your mobile device or desktop using Mediprocity SecureChat service.
	Dropbox. Send form data and files to your Dropbox account.
	Slack. Send a custom data-laden message to any Slack channel.
	Webhook. Send a to any third-party service that supports inbound JSON or URL-encoded Webhooks.

Choose your Formats

What formats would you like your saved/sent data in? Some Integrations (e.g. WebHook) come with their own special data format customization options.

	Plain text. Receive your data as a raw text file.
	Tabular HTML. A nicely formatted, two-column HTML view of the form fields and data.
	XML Simple, automatically-created XML document.
	PDF. Receive your data as a complete FDF or PDF file, or as a refilled PDF template file.
	Text/HTML Template. Receive your data as a refilled template file in text, HTML, XML, or any other text-based file format.
	CSV. Receive your data as a CSV (Comma Separated Values) file to be viewed in programs such as Microsoft Excel.

Custom Enterprise Solutions

Custom large-scale solutions

Custom solutions can be tailored for very high numbers of forms or capacity, very high security, and business continuity. They can include:

Redundant high-availability dedicated hardware firewalls
Redundant high-availability dedicated load balancers
Network-based intrusion detection systems
DDOS Protection up to 100 Gbps
Redundant, load-balanced SecureForm processing servers
Redundant, load-balanced web hosting servers
Replicated high-availability database servers
System isolation and capacity scaling
An additional disaster recovery footprint in a different data center

If a custom solution might be right for you, talk to a LuxSci Expert.

FAQs: Perhaps you were wondering...?

Can I use my own forms?

Yes. SecureForm integrates with any web or PDF form hosted anywhere. A few minutes is all that it takes to update an existing form to send its data to SecureForm for processing and delivery or storage.

Do I need to host my web site with LuxSci to use SecureForm?

No. You can keep your web site where it is and either integrate its existing forms with SecureForm, or link your site to forms saved in SecureForm FormBuilder.

What format can I get the form data in?

SecureForm will transmit or save your form data in any combination of formats: plain text, two-column HTML, CSV (Excel), XML, refilled custom templates (HTML, XML, or other), and re-filled PDF templates (even with the data from web form submissions).

Where does the form data go?

SecureForm can transmit or save your form data to many different locations (Integrations). See: "How SecureForm Works".

Do I get a trustmark or seal for my website?

Yes. HIPAA customers get a trustmark that looks like this:

LuxSci helps ensure HIPAA-compliance for email and web services.

Do you make or design the forms for me?

We do not make your forms. You or your web designer can modify your existing forms, make new forms hosted elsewhere, or use SecureForm visual form builder to make and host new forms. We do provide custom consulting services for form design. This is $250/hour.

Do you migrate my existing forms to FormBuilder?

We do not manage or migrate your forms. You or your web designer can migrate your existing forms, make new forms hosted elsewhere, or use SecureForm visual form builder to make and host new forms.

Do I have to know how to program?

You don't need programming skills when using the SecureForm visual form builder or PDF forms. When designing or updating your existing/external web forms, you or your web designer will have to edit a couple of lines of HTML code to direct the form submissions to SecureForm; if a content management system such as Gravity Forms for Wordpress generates or dynamically manages your forms, then you may need a little coding to integrate SecureForm.

How many forms or submissions can I have?

Pricing is based on the number of forms and number of submissions per day. See the Compare Plans. The tiers are:

Starter: Up to 3 forms and up to 1,000 posts/day
Professional: Up to 25 forms and up to 5,000 posts/day
Enterprise: Up to 100 forms and up to 10,000 posts/day

For larger limits, please contact sales.

How secure are the forms?

When using SecureForm, data transmits from the end-user's browser (or PDF) to LuxSci, encrypted using strong TLS ciphers. Once it arrives, what happens next depends on the integrations you configure; the security of the results is then, to a certain degree, your choice. For example:

Encrypted Email: The data can be sent encrypted using PGP, S/MIME, Forced TLS, or via Escrow secure Web pickup.
SecureChat: You can send form data to recipients securely using our SecureChat real-time communication and collaboration system. These messages are AES-256-encrypted at rest and encrypted via TLS during transmission.
Secure FTP: You can upload data and files to your server using Secure FTP and a strong cipher like AES 256. Once the files are there, their security is up to you.
MySQL Database: You can save your form data to a database and you have the option of having all files and data encrypted at rest with native AES encryption.
WebAide File Storage: You can save your form data to our WebAide Documents collaborative online file storage system. You can choose to have this data be automatically and seamlessly PGP-encrypted.
WebHook Integrations: Data can be translated securely (over TLS) to external services using WebHooks.

You do not need your own TLS certificate to use SecureForm; however, if you are hosting your forms on your own website, we do recommend that you secure that site with TLS to protect your form pages themselves from alteration/hacking before getting to your end users.

What kinds of reports do you have?

SecureForm includes detailed reports of all successful form posts, and of many kinds of post failures (including emailed alerts of important types of failures). If saving your data to a hosted database, SecureForm provides an audit trail of views and deletions (if such are permitted) of all rows of posted data accessed via our API or or Web-based Form Database viewer.

Are digital signatures supported?

Yes. Users of your web-based forms can sign a written signature using their mouse, stylus, or finger, and it's possible to capture and deliver that signature along with your form post. The post can even auto-append to refilled PDF templates or inserted inline in refilled HTML templates. See Ink Signatures.

Does SecureForm have an API?

Yes. SecureForm has an API that allows listing, downloading, and optional deletion of SecureForm data stored to a hosted database.

Can I use my own URL for branding/white labeling SecureForm?

Yes. You can order Private Labeling and then customize all URLs so that LuxSci's domain names are not visible anywhere. You will also need to buy your own TLS certificate or purchase one from LuxSci.

Features

LuxSci SecureForm is full-featured, regardless of where your email or website is hosted.

Free PDF Form Hosting

(+) show all descriptions

Feature

Feature
Secure hosting for your PDF forms
For each of your PDF SecureForm configurations, you can upload the PDF form that goes with it. We will host this file for you and provide you with a secure link that you can use to access it. Unlimited accesses from anywhere Link protected with SSL (links of the form: `https://...`) Links brandable with your domain name, if you have Private Labeling) 20 MB size limit per PDF (contact support if you need larger) No additional fee for storage or access to these hosted PDFs

Secure hosting for your PDF forms

For each of your PDF SecureForm configurations, you can upload the PDF form that goes with it. We will host this file for you and provide you with a secure link that you can use to access it.

Unlimited accesses from anywhere
Link protected with SSL (links of the form: https://...)
Links brandable with your domain name, if you have Private Labeling)
20 MB size limit per PDF (contact support if you need larger)
No additional fee for storage or access to these hosted PDFs

Security

(+) show all descriptions

Feature
Securely transmit web (HTML) form data over SSL
Securely transmit PDF form data over SSL
HIPAA-compliant web form submission and processing
HIPAA-compliant PDF form submission and processing
At-rest encryption in Email, SecureChat, MySQL and WebAides^TM Documents
TLS-encrypted form posts without purchasing your own certificate
Enforceable security policies to ensure a secure end-to-end process
Anti-virus scanning of uploaded files
SecureForm uses ClamAV (which is updated hourly) to scan all uploaded files. Any form submissions with suspect files will be rejected.
Block web (HTML) form spam and abuse
Limit, deny, or allow form posts by IP address
Block unwanted posts to your web forms via: Optional Form Spam blocking without CAPTCHA (requires that the end user have JavaScript enabled and performs extended validation checks on the submitted data to block spam bots). Optional HTTP referrer checking Optional IP address allow and deny lists Optional per-IP address rate limits; cut-off IP address(es) if limit exceeded over 24 hours.
TLS, SFTP, and other security measures are optional (except for HIPAA)

Form Configuration

(+) show all descriptions

Feature
Web (HMTL) form submit via HTTP POST or GET
Web Forms: Custom success and failure pages
You supply links to your own success and failure web pages; the end user is shown these once the form posting completes. For PDF forms, you supply your own success and failure PDF documents to be displayed to the end user once the form post is complete.
PDF Forms: Custom success and failure PDFs
You can upload a PDF to show on successful form submission and, optionally, one to display on failure. The success PDF can be a "template" so that form data can be re-filled back into it before it is sent back to the user. This allows you to either give the user a copy of the completed form or a personalized success page.
Ink Signatures: Capture hand written signatures in web forms.
Supports up to 25 files & 50 MB of data in each form post.
All posted files are automatically scanned for viruses; posts with viruses are rejected.
Integrate with client-side AJAX form submission
Forms can be configured to return only HTTP status codes (e.g. 200 for success, and 400+ for failure) so that your web site JavaScript processes can submit forms, know if the submission was successful or not, and then take further custom actions based on the result. This "AJAX Mode" is useful for: Auto-detecting and handling any kind of submission failure. Performing "behind-the-scenes" form posts Complex business logic Continuing operation on the same page after the form post is complete (e.g. after re-drawing part of the page). Any situation where you do not want to navigate away from the current page.
Suppress/skip selected form fields
Internationalization: all form data converted to UTF-8
Dynamically name refilled template files with field values and time/date stamps.
When using PDF or text template files, you can specify rules for file name creation so that each post can have a different or unique name. You can insert date and time data as well as content from the form post itself.
Enable form submitter to download his/her submitted web form data securely
You provide a Template (PDF or other format) and SecureForm refills it and saves that temporarily. SecureForm passes a link to your "Success" web form page; you display that link to your end user (the "Success" page must be dynamic and not plain HTML). The end user has one hour to download that file. SSL is used for the download link if you are using SSL for your form posts Branding is used for the download link if you have Private Labeling for your SecureForm Only someone at the end-user's IP Address uses this special download link. The temporary download expires in 1 hour Compatible with Ink Signatures -- the signatures will be appended to PDF templates. Note that you must have the ability to program your web form success page so that it can read the passed web address and display that to the end user as a link. This feature only works with Web Forms.
PDF form submit via HTML, FDF, or full PDF document

Send to Email

(+) show all descriptions

Feature
Deliver posted form data to your email securely (TLS, PGP, S/MIME, or SecureLine^TM Escrow)
Use enforced TLS Only, SecureLine^TM Escrow, or PGP, or S/MIME encryption for secure email messages. Forced TLS and Escrow options requires a SecureLine^TM license. Bring your own PGP or S/MIME certificate or have us generate one for you.
Receive data in any supported format
Email data to up to 10 recipients with optional individual encryption
Email data securely to address(es) submitted from your form
SecureLine^TM can look at the value submitted in a specified form field to find the email address to which to send your form data. This email can be secured with SecureLine^TM Escrow, no matter what the address is.
Customize subject line, 'From' name, and 'From' address for the form data messages
Dynamic subject lines for the form data messages using field values (except HIPAA)
Receive data as re-filled template file (PDF/HTML/XML/other)
Upload a PDF form and have the submitted data re-filled into the form fields and saved either as an editable or not-editable PDF. A file with place holders that are replaced with your form data on submission. This file could be HTML, XML, or any other textual format. HTML Templates can be auto-converted to PDF for you.
Receive data as complete FDF or PDF file

Send to Webhook

Feature
URL-encoded or JSON Webhook support
JSON: Arbitrary/custom JSON documents
JSON: Include custom data fields
JSON: Re-map form fields and send customized data fields

Send to SecureChat/Mediprocity

(+) show all descriptions

Feature
Deliver posted form data to SecureChat
Receive via the SecureChat mobile apps and/or web interface
Collaborate on, annotate, and archive each post message.
Data encrypted during transmission and at rest
Send data to up to 10 recipients
Dynamic subject lines for the form data messages using field values
Receive file attachments submitted from your forms
Receive data in plain text, formatted HTML, XML, and/or CSV (Excel) files
Receive data as re-filled template file (PDF/HTML/XML/other)
Upload a PDF form and have the submitted data re-filled into the form fields and saved either as an editable or not-editable PDF. A file with place holders that are replaced with your form data on submission. This file could be HTML, XML, or any other textual format. HTML Templates can be auto-converted to PDF for you.
Receive data as complete FDF or PDF file

Save to MySQL, Documents WebAides^TM, FTP server

(+) show all descriptions

Feature
Save data to MySQL databases for easy access
You can have your form posts saved automatically to your MySQL database MySQL database provides automated secure remote access to form submissions MySQL storage is automated so that no special database setup or maintenance is needed and it works with any web or PDF form. Changes to your form fields are automatically reflected in the MySQL database, with no work required by you.
MySQL Encryption
Encryption at rest for MySQL-saved form posts. You can optionally choose to have your MySQL-saved form data encrypted cell-by-cell using native-MySQL AES encryption commands using an encryption key unique to your form which is not saved in plain text anywhere on LuxSci. Use our "Online reporting tools" to view the encrypted data, or connect directly to your database and use MySQL AES_DECRYPT commands, together with your key, to access the data on demand.
Online reporting tools: View, search, sort, and download data saved in your MySQL database
Online reporting tools: Grant non-administrators read access to the data from specific forms saved in your MySQL database
Online reporting tools: Re-fill text/html- and pdf-templates from saved form data for custom formatted viewing, print, and download
Online reporting tools: Optionally permit deletion of post data.
Online reporting tools: Access to and deletion of your MySQL-saved form data is audited.
API Access to MySQL-saved form data.
Save form data to your FTP or SFTP server
Save form post data and files to a Documents WebAide^TM (WebAide^TM license required)
Optionally have form data, and all files uploaded, saved to a Documents WebAide — LuxSci's file storage service. These WebAides^TM are backed up daily and we provide free restores. The data saved to these WebAides^TM can be accessed securely any time from any Web Browser. Export a combined CSV file containing all the data from any selected set of stored CSV data files. Encryption: The data saved to these WebAides^TM can be optionally PGP-encrypted so that the data is secure while stored and so that you are the only one with access to the raw form data. LuxSci's web interface can generate PGP keys for you.

API, Reporting & Notifications

(+) show all descriptions

Feature
API: Query, Download, and Delete Form Post Data
If you are saving SecureForm data to a hosted database, you can use our API to query this database, download rows and files, and delete rows and files. The API functions make it easy to discover what posts are new or happened in a specific time frame, and to synchronize post data with your own external systems.
Email, Securechat, and text message notices of each form post, sent up to 10 recipients.
Specify custom 'From' addresses and dynamic subject lines in notification messages.
View and download detailed logs of successful form posts (IP address of user, time, secure or insecure?) and of failed posts.
Error notifications for form data processing problems

Upgrades

Feature
Private Label your own target post URL for SecureForm^TM posts (requires SSL certificate & IP adddress)

HIPAA-compliant Form

When operating your website or database, you need to ensure that all sensitive client or patient information is secure and protected from unapproved eyes. This means using secure web forms. Unsecured forms and legal documents can provide easy access for hackers to infiltrate and collect confidential information, which is why LuxSci developed a secure web form solution. LuxSci's SecureForm processing allows you to add and store HIPAA- (Health Insurance Portability and Accountability Act) compliant patient forms, tax documents, legal forms, etc., in order to ensure your online services stay protected and legal.

SecureForm seamlessly integrates with any of your company's current web or PDF forms. SecureForm is compatible with any CMS (including WordPress), as well as custom-coded pages made using PHP, .NET, and any other language. You can save your data in multiple formats: plain text, two-column html, CSV (Excel), XML, refilled custom templates (HTML, XML, or other), and refilled PDF templates (even with data from Web forms). Our SecureForm FormBuilder allows you to use our web interface to configure and customize your own forms without any coding knowledge. SecureForm ensures that your data remains protected during transmission, using TLS encryption, and at rest, using PGP and/or AES encryption. Note: if you are a LuxSci HIPAA customer, SecureForm automatically configures for your compliance.

Secure Digital Signature Forms

One of our exciting HIPAA-compliant SecureForm features is Ink Signatures. LuxSci's Ink Signatures are simple web-based agreement boxes that allow you to easily capture the authentic handwritten signatures of anyone filling out a SecureForm-enabled web form. There's no special software or technical knowledge required; you can sign with a mouse, a stylus, or a touchscreen. This user-friendly feature provides an easy way to establish signed agreements and is much easier to implement than standard digital signatures.

eBook: HIPAA-compliant Forms

A technical guide to securing web forms

Book 5 in the LuxSci Internet Security Series.

Created by Erik Kangas, PhD

Get the HIPAA eBook

SecureFormTM: HIPAA-Compliant Forms

Web & PDF Form Solutions

Simple, Powerful SecureFormTM Processing

Ideally suited for:

Web Forms

PDF forms

FormBuilder

Ink Signatures

Request a demo

Enter your contact information

Thanks for requesting a demo

How can SecureForm Help You?

How SecureForm Works

1. SecureForm Setup

With FormBuilder, all you have to do is:

Otherwise, getting started with SecureForm is as easy as 1-2-3:

2. SecureForm Processing: End-user Perspective

Web Site Forms

PDF Forms

3. Your SecureForm Results: Delivered

Choose your Integrations

Choose your Formats

Custom Enterprise Solutions

FAQs: Perhaps you were wondering...?

Features

Free PDF Form Hosting

Security

Form Configuration

Send to Email

Send to Webhook

Send to SecureChat/Mediprocity

Save to MySQL, Documents WebAidesTM, FTP server

API, Reporting & Notifications

Upgrades

HIPAA-compliant Form

Secure Digital Signature Forms

eBook: HIPAA-compliant Forms

A technical guide to securing web forms

SecureForm^TM: HIPAA-Compliant Forms

Simple, Powerful SecureForm^TM Processing

Save to MySQL, Documents WebAides^TM, FTP server