HIPAA Compliant Contact Form

If you’re in the healthcare industry, you need to ensure your website’s forms are HIPAA compliant.

The simplest solution regarding HIPAA compliance is to not collect any medical information on the website itself. If the contact / request an appointment form only asks for name, email, phone number and address, then we don’t have to worry because that information isn’t confidential. If they are providing medical information, there’s a few things we’ll need to do.

First, use an SSL certificate, so your website is secure. Your website’s URL will be https://…

Make sure your contact form does not save a copy of the email to your server. If you’re using WPForms, the most user friendly contact form available, just add this one line to your theme’s functions.php file:

// Prevent form data from being saved in database
add_filter( 'wpforms_entry_save_data', '__return_false' );

Use a HIPAA compliant email account for receiving the form submissions. Or, set up a HIPAA compliant CRM and connect your form to it.

If you aren’t using a HIPAA compliant email account, it’s a good idea to disable the ability for the form plugin to send emails. Add this to your theme’s functions.php file:

// Disable WPForms from sending emails
add_filter( 'wpforms_entry_email', '__return_false' );

Bill Erickson

Bill Erickson is the co-founder and lead developer at CultivateWP, a WordPress agency focusing on high performance sites for web publishers.

About Me
Ready to upgrade your website?

I build custom WordPress websites that look great and are easy to manage.

Let's Talk