Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

1 min read

Is WPForms HIPAA compliant?

Is WPForms HIPAA compliant?

When collecting and managing patient information through online forms, healthcare organizations must choose tools that align with HIPAA compliance requirements. WPForms is a popular WordPress plugin known for its form-building capabilities. In this article, we will determine whether WPForms is HIPAA compliant. 


What is WPForms?

WPForms is a user-friendly WordPress plugin that claims to enable website owners to create and manage online forms effortlessly. With its drag-and-drop form builder, WPForms allows users to design contact forms, surveys, and registration forms without any coding knowledge required.

Related: HIPAA compliant WordPress hosting: A comprehensive guide


WPForms security features

WPForms offers several security measures, including:

  1. Form encryption: WPForms states that they provide encryption functionality, allowing users to encrypt form data to ensure its confidentiality during transmission and storage.
  2. Spam protection: WPForms incorporates spam protection features like honeypot fields and reCAPTCHA to prevent form submissions by bots and malicious entities.
  3. File upload security: WPForms allows users to add file upload fields and includes security measures to protect uploaded files from unauthorized access.


What is a business associate?

Under HIPAA regulations, a business associate is an individual or entity that performs services on behalf of a covered entity (such as a healthcare provider or health plan) and has access to protected health information (PHI). Business associates may include vendors, contractors, or service providers that handle PHI.


Business associate agreement provisions

business associate agreement (BAA) is a legal contract that establishes the responsibilities and obligations between a covered entity and its business associate regarding the protection of PHI. A BAA defines the permissible uses and disclosures of PHI, requirements for safeguarding PHI, breach notification procedures, and other relevant provisions to ensure HIPAA compliance.

RelatedBusiness associate agreement provisions 


WPForms and the BAA

Signing a BAA with WPForms would allow covered entities to ensure that their business associate is committed to protecting PHI and complying with HIPAA regulations. There is currently no mention of the option to sign a BAA on the WPForms official website. Additionally, WPForms does not explicitly advertise HIPAA compliance. 


Is WPForms HIPAA compliant? 

While WPForms offers features that can contribute to the security of online form data, it does not appear to be HIPAA compliant. Signing a BAA with service providers is mandatory to ensure HIPAA compliance when handling sensitive patient information. Without the option to sign a BAA, WPForms may not be HIPAA compliant. Contact WPForms directly to find out more about their HIPAA compliance provisions. 

RelatedHIPAA Compliant Email: The Definitive Guide


Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.