If you’re in the healthcare industry, you need to ensure your website’s forms are HIPAA compliant.
The simplest solution regarding HIPAA compliance is to not collect any medical information on the website itself. If the contact / request an appointment form only asks for name, email, phone number and address, then we don’t have to worry because that information isn’t confidential. If they are providing medical information, there’s a few things we’ll need to do.
First, use an SSL certificate, so your website is secure. Your website’s URL will be https://…
Make sure your contact form does not save a copy of the email to your server. If you’re using WPForms, the most user friendly contact form available, just add this one line to your theme’s functions.php file:
// Prevent form data from being saved in database
add_filter( 'wpforms_entry_save_data', '__return_false' );
Use a HIPAA compliant email account for receiving the form submissions. Or, set up a HIPAA compliant CRM and connect your form to it.
If you aren’t using a HIPAA compliant email account, it’s a good idea to disable the ability for the form plugin to send emails. Add this to your theme’s functions.php file:
// Disable WPForms from sending emails
add_filter( 'wpforms_entry_email', '__return_false' );