Healthcare Forms

Modified on Fri, 4 Oct at 10:13 AM

TABLE OF CONTENTS

Best Practices for Healthcare Forms

Raise the bar on your Formstack experience by employing some best practices for your Formstack for Healthcare plan. Gained from our experience leading hospitals and other healthcare institutions with Form creation. The following best practices promote a positive and responsible approach for getting the most out of your Healthcare Account and Forms:


Understanding your Formstack Healthcare account.

To ensure HIPAA data privacy remains a top priority, your Healthcare Account will include a set of security features and settings designed to uphold HIPAA compliance standards.  Some of these features include the recommended use of SMTP Email Servers, access to Healthcare-approved integrations and WebHooks, Account User permissions, and Data Encryption to name a few!  To review these features and more, please continue reading and check out our Healthcare Account guide.

 

Securing your Forms.

Store files in Formstack's secure database, export submissions (CSV, Word, Excel, and PDF), or send data to a third party via our Healthcare plans integrations or open API.

 

Advanced security measures.

Always safeguard your account with powerful security features, including advanced data encryptionuser-level permissionsaudit logging, and dedicated security maintenance and documentation.

 

Take your forms to the next level

Gain a huge leap forward by leveraging Formstack's form examples & templates.

 

Utilize WebHooks on your Healthcare forms

Setting up online healthcare forms and connecting them to your EHR via webhooks cuts down on cumbersome, error-prone paper processes. With an online process and the use of WebHooks, you can automatically pass ePHI from your forms to your EHR to seamlessly track patients and keep accurate, secure records. For more detailed information on how to create a webhook connection in Formstack, check out our support doc on webhook submit actions.

 

Validate Your Email Security

If you’re sharing sensitive patient data via email, you must use encryption to protect patient privacy. How do you ensure your emails are encrypted and fully HIPAA compliant? Here are a few tips:

  • Adopt a HIPAA compliant email service.
  • Check your current email client for an encryption security setting and request a signed business associate agreement.
  • Set up a secure patient portal for provider-patient communications.
  • Avoid including electronic protected health information (ePHI) in the body of your emails.
  • Manually encrypt any ePHI files sent via email.
  • Include a privacy statement at the bottom of every email.

 

Easy-to-use online forms.

Quickly create and embed mobile-friendly forms on your website, including record release forms, patient registrations, employee benefits forms, and satisfaction surveys.


Get Started with HIPAA Forms

Hello! We're excited you're here getting set up with one of Formstacks Healthcare plans. Forms is a great way to quickly collect and manage data that you can use to streamline and improve your organization's processes.


 

Three Things to Get You Started 

1. Learn the Foundation


When you're ready to set up your first form,  view the Overview to see the basic tools and processes. 


2. Utilize the Resources


You have a range of Support documents available on our Help Center. Some tools are available to you or are limited based on whether they can be aligned to support guidelines around HIPAA compliance. 


help.formstack.com

If you have specific questions or need assistance troubleshooting, please submit a support ticket:

  • Log into Formstack
  • Click the "I" at the top of the page
  • Submit a ticket

3. Improve What You Do


Most of our users continue to improve their daily processes after setting up their first few forms. Whether you're considering connecting your submissions to other applications through integrations, setting up a private server to deliver customized emails (SMTP) or using our Platform of products to make customized documents and collect legally binding signatures-- there's always more to learn and do!

Healthcare & HIPAA Guide

Welcome to Formstack! This document can be used to give you an overview of the features available to you while on one our Healthcare plans and also some best practices to make sure you're getting the most out of your account while also keeping your data secure.

 

Top Used Features


Workflow Forms. Workflows are a way to collaborate with other users on form submissions, allowing multiple participants to fill out different parts of a form at different times.

Note: Workflows are only available as an Add-On to your account. Please reach out to your account rep or Formstack support for pricing and access.


Notification and Confirmation Emails. Notification Emails allow you to send an email to a set email address whenever a submission is made, notifying the recipient that the submission has come in. Confirmation Emails send out to an email address on the form, sending a message to the submitter once they've completed the form.


Data Routing. Data Routing is the method of adding conditional logic to integrations, submission messages, and redirects to determine if/when each happens depending upon how the form is answered.


Advanced PDF. Our Advanced PDF feature allows you to attach a PDF copy of a submission to confirmation/notification emails and also customize those PDFs to include the information of our choice or even a logo at the top.


Themes. Themes allow you to customize the look and feel of your form, including fonts, colors, and custom headers/footers.  


SMTP Integration. Our SMTP integration allows you to connect your personal email server with Formstack so you can send out notification and confirmation emails via that method as opposed to our own servers. This can ensure you can control the environment of the server to minimize any deliverability issues and also include submitted data in your emails.  Please note, access to use SMTP is plan-specific and not included in all plan levels. 

 

Securing your forms and data.

There are several features you can implement in your account to fully secure your forms and data. You can find these listed below:


Data EncryptionData encryption can be found in Settings > Security and is required if you're collecting sensitive data on your forms. This fully encrypts the submissions database, ensuring that only those users that know the encryption password can access that data.


PGP Encryption. PGP Email Encryption will allow you to connect a PGP service to your account in order to encrypt the notification emails that are sent from the account, ensuring they are secured.


Two-Factor AuthenticationTwo-factor authentication adds a secondary layer of security to your Formstack user accounts. This will require that your users log in with their email and password while also requiring a code be entered that is sent to the user's connected mobile device.

 

Integrations

The following integrations are all currently available on Formstacks Healthcare plans:

Salesforce

Salesforce Marketing Cloud

Smartsheet

Google Drive

Google Sheets

Google Calendar

Google Contacts

Formstack Documents (formerly WebMerge)


Note: While all are available, some integrations are only available on certain plan levels. If one listed isn't available within your account, please contact your account representative or Formstack support for more information.

 

Templates


While the Formstack form builder is very intuitive and easy to use in creating custom forms, we also have a large variety of templates available for use. This will allow you to start with a fully built form that you can still customize as you see fit, cutting down on the amount of time spent building forms and allowing you to get right to collecting data!


Healthcare Compatible Integrations

On the Formstack for Healthcare plan, Formstack offers a range of integrations, focusing on enhancing the security and privacy of patient data. In the context of healthcare, where the privacy and security of patient information are paramount, each integration must adhere to stringent standards. By limiting the number of integrations, Formstack ensures that only services which meet these high standards of data protection are allowed to interact with healthcare data. This approach is a proactive security feature designed to mitigate risks associated with data breaches and unauthorized access. Each selected service has proven capabilities for secure data handling, and many are willing to enter into a Business Associate Agreement (BAA), further aligning with compliance requirements.

Formstack is one piece of your process and we are not liable for ensuring that your entire process is meeting HIPAA security requirements. However, we are responsible for ensuring that when your data is within Formstack, it is in fact encrypted at rest and encrypted when passed to any given integration.

 

Current Formstack Healthcare plan integrations

Select a current Formstack Healthcare plan integration to review setup instructions. 

 

View the video below for an overview of how to set up a Formstack for Healthcare integration.



Building a Form with a Formstack For Healthcare plan

As of March 26, 2024, healthcare customers needing to collect ePHI and maintain HIPAA compliance standards should opt for the Formstack for Healthcare plan.


Setting up Emails and Actions with a Formstack for Healthcare plan

As of March 26, 2024, healthcare customers needing to collect ePHI and maintain HIPAA compliance standards should opt for the Formstack for Healthcare plan.


How to setup Form Security Features with a Formstack Healthcare Plan

As of March 26, 2024, healthcare customers needing to collect ePHI and maintain HIPAA compliance standards should opt for the Formstack for Healthcare plan.


SMTP Integration for Formstack For Healthcare accounts

Formstack for Healthcare accounts whose Healthcare plans include using an SMTP server can send ePHI data through Notification emails to users on your Formstack account. This way you can easily and securely pass patient data between users.

Under current Healthcare accounts, sending Notification Emails is limited to only sending a link to the submission data or using a custom message without the option of including any data from your submissions. When integrating your account with your SMTP server, however, you will be able to send "All Submitted Data" and Custom Messages that include field variables populated with data to users on your account when submissions are made on your forms.


If you are interested in a Healthcare account and the Healthcare SMTP integration, please contact our support team here.

Important note: SMTP configuration and troubleshooting are the responsibility of the organization enabling it. 


Formstack's Support team has limited visibility and access to assist with setup and troubleshooting due to the nature of the email server being private to your organization.
 

For full details on setting up the SMTP integration, click here.
 


The SMTP integration will allow you to use "All Submitted Data" or Custom Messages. Form fields can be added to the message and the subject line.



When the SMTP Integration is turned off, you will be limited to "Link to Submitted Data" or a custom message with no form fields.


Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article

Preview
0 of 0