Is 123ContactForm HIPAA Compliant?

HIPAAWeb form builders help collect and administer large amounts of data, some of which would naturally be sensitive and subject to governmental rules and regulations. 123ContactForm is actively taking all measures to ensure data is securely collected, safely kept and accessible to form owners at all times. It is one of our team’s utmost priorities to offer the necessary secure environment for customers who are subject to the requirements of the Health Insurance Portability and Accountability Act.

HIPAA defines the present standard for collecting and protecting sensitive data in organizations that operate with protected health information (PHI). 123ContactForm customers who are using our service to power their healthcare forms can rest assured that they have all the security options needed in order to deploy forms and collect data safely in a HIPAA compliant manner.

While 123ContactForm has not undergone any formal HIPAA compliance audits, the security measures available with our forms allow you to protect data according to HIPAA. If you use the 123ContactForm security options described below, you should be covered under all the respective terms of the law regarding the safeguard of data collection. For further reference over our security and privacy policies, you can review our Terms of Service and Security pages.

Technical security of data: 123ContactForm’s checklist

The place to look for active HIPAA requirements regarding online data safety is the Security Rule issued in 2003. This chapter defines norms for gathering and administering electronic patient data from several angles.

“Information systems housing PHI must be protected from intrusion. When information flows over open networks, some form of encryption must be utilized. If closed systems/networks are utilized, existing access controls are considered sufficient and encryption is optional.”  (HIPAA Security Rule, issued February 20, 2003)

You should know that your data is stored on the 123ContactForm servers in an unencrypted state (except passwords, which we do encrypt using hashes). Data transfers across your web forms however can and should be SSL encrypted. Below you will find a series of 123ContactForm options that help you to be HIPAA compliant. Some require your willing choice of enabling and using them, as described.

HTTPS secured login system. This is a built-in, unchangeable feature; 123ContactForm users always access their accounts through a SSL encrypted process. The form making backend is also secured, which you can notice by the “https://” part at the beginning of any URL while you are in your 123ContactForm session.
SSL data encryption on the form. Here is where you should act. SSL protection is a feature in your form’s backend that you should enable and use at all times. SSL encrypted data collection process is of utmost necessity for everyone who wishes to be HIPAA compliant.
Editable email templates. We recommend you build your autoresponders and confirmation emails in a manner that ensures no sensitive information is being used, as emails are outside the scope of 123ContactForm and are exposed to the risk of information getting accessed by unwanted parties. It’s advisable you do not send Protected Health Information (PHI) through confirmation emails.
Password authentication. One of the HIPAA requirements for data integrity addresses the way users identify themselves prior to providing data input. Password is perhaps the most widespread way of authentication. With 123ContactForm you can enable passwords at the form level in order to ensure that only verified individuals in your organization or outside of it can have access to your form. When it comes to your form reports, if you choose to make them publicly available you should only use them with a reports password as well in order to comply with HIPAA.
– Digital signature. 123ContactForm helps you ensure your data attribution responsibly by asking for a digital signature on your forms. Visitors will provide their mark over what they filled in the form.

There also are other best practices in working with 123ContactForm as a subject of HIPAA compliance. For instance, it’s a good idea to log out once you have stopped working with the site – better not leave it open and unsupervised in a window or tab of your browser while you are away. Also, it is recommended you review older form submissions from time to time, then download or export them and delete them from your 123ContactForm account.

Physical data security

123ContactForm ensures a very high level of physical security of data due to the powerful infrastructure from Amazon Web Services where servers are hosted. This adds an extra layer of security to your data, ensuring the level of safeguarding required in order to be HIPAA compliant.

Our server security includes:

– electronic surveillance of server rooms and multi-factor access control system
– 24/7 monitoring of data centers by trained security guards, with access authorized strictly on a privilege basis
– systems reinforcement against any environmental hazards
… and a wide list of other AWS security features that applies to our servers too.

For all the reasons above, you can be HIPAA compliant while using 123ContactForm if you enable the available security options on your forms. If you have any questions or need guidance in using the security features, don’t hesitate to contact us and our Support team will help.

Have a great time building HIPAA compliant web forms with 123ContactForm!

The 123ContactForm Team
The 123ContactForm Team
Optimizing business procedures and improving digital communication through web forms, surveys, polls and online quizzes.


  1. India Shelton says:

    Great Article. piece – I Appreciate the information . Does someone know if my company could access a template OCA Official Form 930 NYHIPAA example to use ?

  2. […] more information, follow our blog post. .signup_button_div{width:100%;display:block;} .signup_button { width: 217px; background-image: […]

Leave a Reply

Your email address will not be published. Required fields are marked *