I have a doctor client who would like to make his patient forms electronic. Obviously, the information is medically sensitive, which raises my first concern. But some fields also request the patients SSN.
I know there's SSL encryption offered on the forms, and chances are we won't be able to email the information to his office manager (can we?).
Is there a guideline as to what you can and can't collect electronically? Is FormAssembly secure enough to collect such data? Are there special actions that need to be taken to ensure security of the information?
FormAssembly itself is not HIPAA compliant, so running your forms on our shared server will not meet your needs.
We do offer an option that may suit your needs however. You can run your own dedicated version of FormAssembly ( FormAssembly On-Site ) on servers you manage yourself. Because you control the servers, you can ensure that the data is managed correctly with regard to HIPAA compliance and any local state regulations that may apply in your area. We have many clients who use FormAssembly On-Site for their company's secure form needs.
You can read more about our offering here: http://onsite.formassembly.com/tour/ http://onsite.formassembly.com/index.php http://onsite.formassembly.com/case-studies/
and if you'd like to discuss it further, please let me know and I can answer your questions or put you in touch with our On-Site manager.
Happy to help further, Drew. FormAssembly On-Site Support