Paubox blog: HIPAA compliant email made easy

The Top 7 HIPAA compliant online forms

Written by Abby Grifno | March 30, 2024

Forms are the most efficient way to collect data and information from patients. From contact information to medical history, healthcare organizations are making the move to paperless, which allows for more seamless data management and collection.

 

Collecting data the right way

While many healthcare companies use forms in some way, HIPAA regulations require covered entities to treat form data with the utmost care and security. Any information that could link an individual to their health condition or record is considered protected health information (PHI) and is protected under HIPAA regulations.

With data breaches skyrocketing, healthcare organizations must ensure that data is secure in transit to and from patients and at rest. 

Safety is a priority, but every provider knows that ease of use matters, too. Poorly designed forms can prevent patients from sending important information, and forms that are difficult to build can slow down teams' workflow processes. 

Every healthcare organization and patient deserves to have their data treated securely and enjoy a seamless process. 

 

Evaluating the top forms

On the surface, many HIPAA compliant online forms may seem similar, but there are noteworthy differences that could impact your company. Paubox carefully evaluated popular HIPAA compliant online form builders to understand what makes each form unique and what companies it may best serve. 

 

Features

Many online HIPAA forms have the same basic features. Some forms are more user-friendly than others, allowing users to efficiently collect data. Here are some features we looked for in various forms:

  • Customization options
  • Simple-to-create forms
  • Ability to collect signatures
  • Ability to attach files 
  • Ability to send to singular or multiple users
  • Ability to include conditional logic questions
  • Ability to accept payment

 

HIPAA compliance

For every healthcare organization, HIPAA compliance is a must. When looking at companies, we considered the following:

  • Focus on healthcare: While many companies claim HIPAA compliance, many serve a range of industries, which could mean less attention to detail on HIPAA and PHI. 
  • Signing a BAA: Every HIPAA compliant form company must sign a BAA.
  • Detailed compliance measures: Some form companies state they are HIPAA compliant but do not elaborate; companies that explained their compliance measures were viewed more highly than those that did not. 

Related: HIPAA compliant email checklist 2024: What you need to know

 

User experience

Every organization wants online forms that help improve their data collection process, not slow it down. While many forms on our list are intuitive and easy to build, others are challenging and will take more time to learn than others. 

On top of this, recipients also want a streamlined experience. If a form is complicated, slow, or inconvenient, recipients are less likely to complete it or provide a significant amount of detail. 

 

Reviews

Reviews can speak volumes about how a company supports clients, troubleshoots problems, and improves over time. Websites will, of course, speak about the most positive aspects of a platform or product, and reviews can provide clarity about a product. 

We specifically analyze reviews because we know that the people who know a product best are, aside from its creators, its users. 

 

Cost

Last but never least is cost. Security should never be compromised, but it's great to know that you are paying for precisely what you want. Some companies charge significantly more and don't necessarily explain why. Others remain vague on their pricing structure or what they can do for your company. 

In our analysis, we do our best to break down what you are paying for and what you're getting in return. 

 

Top HIPAA compliant online forms

With a focus on compliance, user experience, features, reviews, and cost, we've evaluated the best forms to use in your healthcare organization or business.

 

#1 Paubox

Founded in: 2015

How it works: Users of the Paubox Email Suite have free access to Paubox forms included in their plan. For companies already using Paubox email, learning to use Paubox forms will be intuitive and an easy program to learn. Those new to the process will experience a straightforward and customizable form builder. Paubox allows users to collect information, signatures, and attachments, all encrypted by Paubox for the utmost security and reliability. 

 

How Paubox stacks up

Features: Paubox finds the balance between customizability and simplicity. Features included are:

  • Drag-and-drop options that allow for short and long-form answers, multiple selection and drop-down menus, and question dividers 
  • Electronic signature collection that may either be typed or drawn
  • The ability for recipients to attach files
  • The option to send forms to singular or multiple users, including listservs
  • Mobile-friendly for recipients who prefer mobile devices when filling out the forms

HIPAA compliance: Paubox is recognized as a leader in HIPAA compliant solutions. Paubox is also adept at handling compliance-related measures, including signing a business associate agreement and staying current on any Department of Health and Human Services updates. 

User experience: Paubox users and patient recipients have a smooth user experience. Once a user sets up the form and recipient list, they can save the form and preview how it will look to the recipient. When the user is ready to share it, they can share it as a link from a website or in an email or text message. For the recipient, the form is user-friendly and likely similar to other forms filled out before. 

Reviews: According to the highly trusted technology website, G2, Paubox has earned a 4.9 out of 5 stars, the highest on this list of products. With over 350 reviews, Paubox is consistently highly ranked. Customers appreciate that Paubox is user-friendly and has impeccable customer support for troubleshooting or implementation questions.

Pricing: Paubox Forms is a free add-on to Paubox Email Suite, which provides email encryption for secure and straightforward HIPAA compliant email. Paubox works with Google Workspace or Microsoft 365 and emails work as normal. Recipients do not need to open a portal or use a password to view emails. If an organization chooses Paubox, they'll have three plan options:

  • Standard: Starts at $29.00/month and includes 5 users and benefits, including secure email, secure calendar invites, and Paubox forms. 
  • Plus: Starts at $59.00/month and includes everything in the standard plan as well as name-spoofing protection, automatic quarantine with new domains, malware and virus protection, and more.
  • Premium: Starts at $69.00/month and includes 5 users, everything in the plus plan, as well as data loss prevention and voicemail transcription. 

What makes Paubox #1? 

Paubox holds our first-place spot because it's a well-rounded platform with few drawbacks. For most healthcare providers, large and small, Paubox will provide everything you need in HIPAA compliant forms. Not only is Paubox Forms free, but it's also incredibly secure and reliable. Paubox has never experienced a breach and users can rest assured that data is protected.

 

#2 Jotform

Founded in: 2006

How it worksJotform is a large form-builder with various options. While Jotform serves multiple industries, it can be HIPAA compliant if users purchase the Gold or Enterprise levels of the plan and sign a business associate agreement.   

 

How Jotform stacks up

Features: Jotform provides a variety of features, including:

  • Buildable forms that can be created with single clicks
  • Appointment scheduling with options for Google Calendar integration
  • Creation of consent forms
  • Integration with payment platforms like Square and Stripe
  • Signature collection
  • Ability to upload files, images, or other documentation

HIPAA compliance: Jotform can be HIPAA compliant if users opt for the Gold or Enterprise plan and sign a business associate agreement. Jotform provides automatic encryption for HIPAA compliant forms. 

User experience: Jotform can be integrated with other systems, like Google Sheets and Google Calendar. The design is heavily template-focused for users, with many pre-made templates created for HIPAA compliance.

Reviews: G2 ranking website gave Jotform a 4.7 out of 5 stars, which includes the ratings of nearly 3,000 customers. Jotform is a popular platform, and it's important to note that many users do not need it to be HIPAA compliant. Reviews generally state that the product is user-friendly and an easy process. Still, some express that Jotform is expensive and that the interface feels dated. 

Pricing: While Jotform has different plan options, including a free version, only two options are HIPAA compliant. They include:

  • The Gold Plan: At $99/month, this plan includes up to 100 forms, 10,000 submissions, and 1 user per team. It also limits payment submissions to 1,000 and total views of the forms to 1 million. 
  • Enterprise plan: This plan requires custom pricing. Depending on your organization's needs, this plan may include multiple users, dedicated support, unique limits for payment submissions and form views, and the ability to add custom branding. 

What makes Jotform #2? While Jotform is a reliable platform, it could be better for healthcare organizations due to the cost and general user experience. Many of the best reviews for Jotform come from users who do not need Jotform for healthcare-related needs. 

 

#3 Nexhealth

Founded in: 2017

How it worksNexHealth is an API patient experience platform designed to make it simple for healthcare organizations to connect with patients. NexHealth offers scheduling, communication options, forms, and secure billing. 

 

How Nexhealth stacks up

Features: NexHealth is a simple forms platform specifically designed for healthcare organizations. Their forms include:

  • Digitalization of current forms
  • Pre-built templates to collect patient information
  • Form delivery via email or text
  • Auto-syncing response to health record system

HIPAA compliance: With a focus on healthcare organizations, NexHealth prioritizes HIPAA compliance and will sign a business associate agreement. 

User experience: With pre-built templates, NexHealth is focused on making HIPAA compliant forms easy. The company also focuses on helping companies with efficiency. As such, there are fewer customization options. The product offers recipients a smooth experience; recipients can fill out data on their mobile or computer. 

Reviews: On G2, NexHealth has earned 4.8 out of 5 stars, based on 57 reviews. As a newer company, NexHealth has more limited reviews than many other companies we are reviewing. Customers say they appreciate the versatility of the forms. Others speak highly of the support team for troubleshooting. Meanwhile, some have mentioned that the forms are cumbersome and not as user-friendly as they seem. 

Pricing: NexHealth requires practices to schedule a consultation. Certain features can be purchased separately, so organizations that only want forms can buy that plan. NexHealth provides month-to-month and yearly subscription options. Interested companies can schedule a call directly with a NexHealth representative. 

What makes NexHealth #3? NexHealth is a great, albeit newer, option for healthcare organizations. Although HIPAA compliant and with many great features, reviews remain limited and mixed on the product.

 

#4 FormAssembly

Founded in: 2006

How it worksFormAssembly, based out of Indiana, is focused on helping organizations collect data. They operate in various industries, including healthcare, finance, government, higher education, and non-profits. They can maintain compliance with HIPAA, FedRamp, GDPR, and GLBA. Once users join, they can use templates to collect data. FormAssembly also allows for automated workflow to streamline the data collection process. 

 

How FormAssembly stacks up

Features: FormAssembly offers the following features:

  • Form-builder with templates and customization options
  • Automated workflow to simplify multi-step processes of gathering data
  • Additional security and privacy training and customer support
  • Ability to attach files

HIPAA compliance: FormAssembly is HIPAA compliant.

User experience: FormAssembly promises a sleek, straightforward interface with drag-and-drop form-building options. Users can design clinical workflows, create patient intake forms, conduct hospital surveys, provide doctor referral and medication approval forms, and more. 

Reviews: FormAssembly has obtained a 4.4 out of 5 stars on review website G2. The company has approximately 363 reviews. Many applaud the friendly and helpful customer service and say it's a user-friendly platform. Others share that the forms have a learning curve and lack customization options.  

Pricing: While FormAssembly has 5 different plan options, only the Enterprise plan provides HIPAA compliance. 

  • Enterprise: This plan is custom-priced and requires potential customers to book a demo first. FormAssembly describes this as an ideal plan for mid-to-large companies that require a high level of security. 

What makes FormAssembly #4? FormAssembly is an option for companies looking to streamline their data collection process. According to customers, some of their forms have limited abilities and are difficult to customize.

 

#5 Formstack

Founded in: 2006

How it worksFormstack is a cloud-based productivity platform providing document signing options and form creation. The company can be used for HIPAA compliance and has several complex and unique features. Interested users can opt into Formstacks' 14-day trial and explore the form creator. 

 

How Formstack stacks up

Features

  • Custom URLs to help links showcase your brand and help customers feel secure
  • Conditional logic forms that allow the form to react based on the user's input
  • Electronic signature collection
  • Payment collection with options for PCI-compliant credit card fields
  • Section 508 Compliant forms for users with disabilities
  • Mobile-friendly options

HIPAA Compliance: Formstack offers HIPAA compliant options for its enterprise plan.

User experience: Formstack provides a lot of buildable and customization options. Forms can be made simply, but the interface also allows for significant unique options and combinations. Unique themes and the ability to incorporate branding give recipients a sense of security.

Reviews: On review site G2, Formstack Forms earned an average rating of 4.4 out of 5 stars, with nearly 400 reviews. Customers share that the highly customizable options allow for complex and unique forms. Others share that it's easy to integrate with other processes. Some have shared that customer service is not always able to help users with their needs. While the interface has been described as user-friendly and intuitive, others have described it as clunky and dated. 

Pricing: While Formstack's Forms plan starts at $50/month, those planning to collect electronic protected health information (ePHI) must upgrade to the Enterprise plan. 

What makes Formstack #5? Formstack is an option for those looking for more complex forms software. While Formstack has many great options for users, it's described as outdated and more expensive. Depending on your needs, there may be better products available. 

 

#6 Cognito Forms

Founded in: 2013

How it works: Cognito Forms is a tool designed to gather data for a variety of industries. The company focuses on being able to create user-friendly and engaging forms that can be used to build datasets. Cognito Forms offers a 14-day free trial for interested users. 

 

How Cognito Forms stacks up

Features:

  • Electronic signatures
  • File and image uploading
  • Lookup fields allow users to integrate data from one form into another
  • Rating scale questions
  • Save and resume options for recipients who need to return to forms at a later date

HIPAA compliance: Cognito Forms offers four different plan options, with even a free version available. However, only their top-level plan, Enterprise, offers HIPAA compliance. The company notes that the system is not designed to track patients individually, and data must be transferred to an EMR system.  

User experience: Cognito Forms provides a variety of templates. 

Reviews: On review site G2, Cognito Forms has an average rating of 4.5 out of 5 stars from 78 reviews. Users generally share that the forms are easy to use, but updating and customization can be difficult. Others share that it is affordable and compatible with other programs, like SharePoint, making it easy to use and versatile. 

Pricing: While Cognito Forms has four different forms at varying price levels, only the Enterprise form is HIPAA compliant. Starting at $99.00/month, this plan allows for 20 users, unlimited forms, and unlimited entries.

What makes Cognito Forms #6? Cognito Forms is a great option for some users and has generally positive reviews. While many plans are affordable, some may find the Enterprise plan to be more expensive than other options. The form options are also fairly simplistic, and some users may desire more customization or template options. 

 

#7 FormDr

Founded in: 2017

How it works: FormDr is designed to assist healthcare organizations with online intake forms. 

 

How FormDr stacks up

Features: FormDr is a highly specific platform. Its features include: 

  • Creation of online form packets for patients to complete their medical history, demographics, and consent to treatment
  • Electronic signatures
  • HIPAA compliant form builder
  • Card photo uploads for insurance or identification information
  • Conditional logic forms that react to patient input

HIPAA compliance: FormDr focuses on working with healthcare organizations and prioritizes HIPAA compliance. On top of this, FormDr can connect with your Electronic Health Record system or send Health Level 7 data.  

User experience: Patients can access forms on mobile or on the website. Some users experience bugs like the screen freezing or data being lost in transit. Outside of this, users and recipients have a reasonably smooth operating experience.  

Reviews: FormDr has minimal reviews on G2. The company averages 3.5 out of 5 stars. Still, with only 12 reviews, it's easy for very negative and very high reviews to skew results. In reviews, users express concerns about FormDr's effectiveness. Some have said that it is slow or has frequent bugs. Others have found support to be inadequate in resolving technical issues. For those who enjoy the product, a highlight is that it is easy to build forms using templates. 

Pricing: FormDr offers four unique plans. All allow for HIPAA compliance. 

  • Business: starting at $59.00/month, this plan allows for unlimited forms and one user and one team
  • Platform: prices vary for this plan. With the Platform option, companies can have 5 users and one team.  
  • Teams: prices vary for this plan. With the Teams option, companies can have up to 30 users and 3 teams. Users also have access to single sign-on, shared packets and records, and more. 
  • Enterprise: prices vary for this plan. With the Enterprise plan, companies can have up to 100 users and 10 teams. The largest difference between the Enterprise and Teams plan is storage; the Enterprise plan has significantly more storage available. 

What makes FormDr #7? FormDr has a lot of potential and described benefits. While it has everything a healthcare company may need, reviews tend to share a slightly different picture. Users can request a 30-day free trial to experience FormDr and determine if it's the right option for your company.

 

Choosing the right service

Many excellent services are available for healthcare companies to create and send HIPAA compliant forms; some stand out more than others. Ideally, you'll want to use a tried-and-true company that prioritizes security and is cost-effective. 

Paubox provides everything a healthcare organization needs in HIPAA compliant forms. With top-notch support and intuitive design, you can feel confident streamlining your data collection process.