Operations · Digital Forms

Patient forms that capture data the way HIPAA expects.

Patient intake, consent, and office documents in a compliant workflow. Every submission logged with timestamps, signatures, and audit trail by default.

Start 14-day free trial Or book a demo

Included in Core·Starting at $39/mo

Patient Protect — Digital Forms

HIPAA mapping

What this satisfies in the Security Rule.

5 citations, each with the specific Digital Forms behavior that satisfies it. The mapping is the receipt — what you can show an auditor without assembling anything new.

§164.520

Notice of Privacy Practices

Provides notice of privacy practices to individuals. NPP delivery and acknowledgment can run through the form workflow.

§164.524

Access of individuals to PHI

Permits individuals to access their PHI. Patient access requests can be submitted as forms with audit trail.

§164.526

Amendment of PHI

Permits individuals to request amendment of PHI. Amendment requests run through the form workflow.

§164.528

Accounting of disclosures

Provides accounting of disclosures upon request. Accounting requests come in via forms.

§164.508

Authorization for use and disclosure

Authorization required for certain uses. Form-based authorization with signature and timestamp.

What it does

Forms that don't leak ePHI to email and shared drives.

Most independent practices still use paper forms or PDF forms filled out and emailed back. Both paths produce data that's hard to audit, hard to search, and often handled insecurely between capture and entry. Worse, paper-and-PDF workflows often produce ePHI in places ePHI shouldn't be — email inboxes, unencrypted local files, paper folders.

Digital Forms is the alternative. Patient-facing forms capture data directly into the platform's encrypted, audited environment. Internal forms (incident reports, change requests, workflow forms) work the same way. Every submission is encrypted at rest, scoped by role, and cross-referenced with the relevant patient or workforce record.

The platform enforces content boundaries. Credit card numbers cannot be captured in form fields (PCI scope is kept out of the HIPAA platform). SSNs and other high-sensitivity patterns are flagged with appropriate handling. Free-text fields scan for inappropriately-placed sensitive data and warn before submission.

How it works

6 mechanisms keep Digital Forms working.

Drag-and-drop template editor.

Build a form template by dragging field types onto a canvas. Configure validation, requirements, and conditional logic per field. Preview the form as the respondent will see it. Publish when ready. Versioning preserves submissions against the specific version they were filled out under.

Patient-facing and internal use cases.

Same template engine for both. Patient-facing templates can be sent as a secure link via email or SMS, embedded in the patient portal, or filled out on a practice tablet. Internal templates are filled out by workforce members from within the platform.

Widgets and variables.

Reusable composite fields (Address, Name, Phone, Emergency Contact) and dynamic variables (office.name, respondent.name, today) keep forms consistent and reduce template-building time. Variables pre-fill known data so respondents verify rather than re-enter.

Signature and consent capture.

Form fields include signature capture (canvas-based with timestamp) and consent acknowledgment (text statement plus checkbox). Both produce audit-defensible records of agreement with documented timestamps.

Encryption and audit by default.

Submissions are encrypted at rest using AES-256-GCM, encrypted per-record with keys scoped to the office. Access to submissions is role-scoped; every view of a submission is logged.

Cross-record integration.

Patient form submissions auto-update relevant fields in the patient record (address, phone, emergency contact) when appropriate. Internal incident report forms auto-create Event Log entries with the submitted data pre-filled. Forms aren't a silo — they're the input layer across modules.

Who this is for

Built for the practices that need it most.

Practices using paper or PDF intake.

Migration is straightforward. Build the digital equivalent of existing paper forms; switch over. Existing patients fill the digital version next time they come in; the paper-to-digital crossover takes a few weeks of normal cadence.

Practices wanting structured data instead of scanned PDFs.

Scanned PDFs are not searchable, not structured, and not queryable. Form submissions are all three. Patient demographic queries, intake-trend analysis, consent verification — all become fast queries instead of folder archaeology.

Practices handling patient rights requests.

Access requests, amendment requests, accounting-of-disclosures requests, and authorization revocations all benefit from form-based workflow. The form generates the audit trail; the workflow guides the response timeline; the audit defends the response.

Practices with internal incident reporting needs.

Internal incident reports captured via form auto-feed the Event Log. Workforce members reporting potential issues use a structured form; the office gets a structured incident record without the manual transcription.

Connected to

No module is an island.

Digital Formsworks because it's connected. Every signal feeds another module; every closure becomes evidence somewhere else.

Network layer

Patient Management

Patient form submissions cross-reference patient records; some fields auto-update the record.

Learn more

Network layer

Secure Messaging

Patient-facing forms can be delivered via secure messaging with link expiration and tracking.

Learn more

Operations layer

Record Management

Form-generated documents (consent records, signed authorizations) are stored in the document repository.

Learn more

What you get

6outcomes you'll feel in week one.

No paper-to-PDF-to-email chain.

Forms capture directly into the encrypted platform.

Structured, searchable data.

Submissions queryable by field, date, respondent.

Audit-defensible signatures.

Timestamped signature and consent capture.

Role-scoped access.

Submissions visible only to workforce members with appropriate scope.

PCI separation.

Credit card data cannot enter the form workflow; HIPAA and PCI scopes stay separate.

Cross-record integration.

Forms auto-populate the relevant downstream records.

FAQ

What people ask first.

6 questions cover most first-time evaluations. See all FAQs →

Can patients fill forms before their appointment?

Yes. Send a secure link via email; the patient fills the form in advance from their device. Submissions are captured before the appointment, reducing in-office wait times.

What about in-office tablet-based intake?

Supported. Office tablets can run forms in kiosk mode; patient fills out the form, submits, and the tablet returns to the ready state for the next patient.

Can forms be in languages other than English?

The form templates support multilingual content. Translations are managed at the template level; submissions capture the language version used.

What if a patient can't sign electronically?

Forms accommodate signature alternatives — a witness signature option, a “patient unable to sign” indicator with explanation, or a printed-and-signed-and-uploaded path. The platform handles the documentation either way.

Can I export form submissions for analysis?

Yes. Submissions export as CSV or PDF. The CSV preserves the structured fields for downstream analysis; the PDF preserves the form layout for human-readable review.

Why can't I add a credit card field?

PCI-DSS compliance is a separate framework with its own requirements. Mixing PCI and HIPAA scope into one form creates compliance problems in both directions. Payment processing runs through dedicated payment processors (Stripe, Square, etc.) that meet PCI requirements; the platform integrates metadata back into the office workflow.

Continue exploring

Related features in the platform.

Network

Patient Management

One place for patient records. Role-based access. Every view, edit, export logged automatically. The audit trail builds itself while you do the work.

Learn more

Network

Secure Messaging

Six-state BAA lifecycle controls messaging access automatically. No manual intervention. No accidental ePHI to a vendor without a BAA. The gate is the architecture.

Learn more

Operations

Record Management

Validated file handling, per-office storage tracking, immutable version history. The compliance record stays where compliance can find it.

Learn more

Next step

Forms that capture data the way HIPAA expects.

Most practices migrate paper intake to digital inside two weeks. Existing patients cross over at their next visit.

Start 14-day free trial →or book a demo

No contracts. No consultants. Starting at $39/mo.