HIPAA Compliant Contact Form

If you’re in the healthcare industry, you need to ensure your website’s forms are HIPAA compliant.

The simplest solution regarding HIPAA compliance is to not collect any medical information on the website itself. If the contact / request an appointment form only asks for name, email, phone number and address, then we don’t have to worry because that information isn’t confidential (more info). If they are providing medical information, there’s a few things we’ll need to do.

First, use an SSL certificate, so your website is secure. Your website’s URL will be https://…

Make sure your contact form does not save a copy of the email to your server. If you’re using WPForms, the most user friendly contact form available, just add this one line to your theme’s functions.php file:

<?php
// Prevent form data from being saved in database
add_filter( 'wpforms_entry_save_data', '__return_false' );
view raw functions.php hosted with ❤ by GitHub

Use a HIPAA compliant email account for receiving the form submissions. Or, set up a HIPAA compliant CRM and connect your form to it.

If you aren’t using a HIPAA compliant email account, it’s a good idea to disable the ability for the form plugin to send emails. Add this to your theme’s functions.php file:

<?php
// Disable WPForms from sending emails
add_filter( 'wpforms_entry_email', '__return_false' );
view raw functions.php hosted with ❤ by GitHub

Bill Erickson

Bill Erickson is a freelance WordPress developer and a contributing developer to the Genesis framework. For the past 14 years he has worked with attorneys, publishers, corporations, and non-profits, building custom websites tailored to their needs and goals.

Ready to upgrade your website?

I build custom WordPress websites that look great and are easy to manage.

Let's Talk