Formsite makes collecting protected health information (PHI) possible through its HIPAA service, which provides a compliant system for healthcare companies to collect and store form data securely. Accounts at the Enterprise service level are able to request a business associate agreement (BAA) and enable the HIPAA-compliant settings to fully commit to the rules dictated by the Health Insurance Portability and Accountability Act of 1996.
Organizations that work with healthcare or personal health-related information are undoubtedly aware of the requirements outlined by HIPAA, along with the need for a fully-compliant system that helps collect and protect health information. Formsite has the ability to enable these organizations to build protected online forms, which can include:
- Medical history forms
- Patient registration forms
- Prescription forms
- Medical and dental record request forms
- Appointment requests
- Referral forms
- Healthcare payment forms
Who needs HIPAA?
If you are a covered entity as defined by HIPAA and are using Formsite for the collection of PHI, then there’s a good chance that you need the service. PHI is typically information that covers healthcare information that can be linked to an individual, such as that person’s health status, diagnoses, or payments along with any personally identifiable information like their name or contact information. For the final word on whether HIPAA is required, please refer to your legal council.
Formsite’s Compliance Journey
Our path to HIPAA compliance has taken over 12 months to analyze and upgrade our environment and software to meet or exceed the standards dictated by the program. We have consulted outside technical and legal experts to drive our journey, and we’re trained on how to secure our system and the data within according to industry best-practices.
How to stay compliant
Collecting the information is only the beginning. Controlling access to the information and managing where it goes are the primary concerns of the HIPAA program, and Formsite helps organizations with those controls through these major areas:
- Access control: Limit access by protecting the account username and password. Two-factor authentication provides enhanced security for all account users.
- Notifications: The Secure Link format lets you send an email with a password-protected secure link to the result.
- Results exports: Protecting the digital and printed versions of the results is crucial for HIPAA compliance.
- Sub-users: We recommend sharing results through your account by assigning Sub-user accounts, which can be set to either Admin access or Limited access to specific forms and results.
- Integrations: We have integrations like Salesforce and Google Sheets that pass your form information to other external accounts. To maintain HIPAA compliance, organizations can obtain BAAs from these third-party services and/or limit the information sent by Results Views to protect against passing PHI.
How to sign up
Visit our page at https://www.formsite.com/hipaa-compliant-form-builder.html for more details on the requirements and to request your BAA. As always, contact us with any questions or concerns and we’ll be happy to assist.