The “Contact Us” page on a website is a staple for businesses that want current and potential customers to get in touch easily. Consumers have come to expect expediency when it comes to sharing their questions and concerns, and Forrester reports that 45% of Americans will abandon an online transaction if there isn’t an easy way to contact the company. With this in mind, a simple contact page is not a nice-to-have on a website, it’s a must.

The contact page may seem simple enough in concept, but for healthcare organizations, it’s actually a bit complicated. To streamline the patient intake process, many healthcare providers now have online forms that patients can fill out remotely, in which they request basic contact details. While efficient in theory (no handwriting to decipher!), there are some privacy issues that arise from transmitting this type of information over the Internet. When it comes to “Contact Us” pages and other patient information forms, there are protections that healthcare practitioners and vendors must follow to safeguard information.

Take a look at all the things your “Contact Us” and intake forms should do if you’re a healthcare organization.

Offer Privacy of Information

If you’re going to ask people for protected health information, or PHI, then you need to have a plan to keep that data safe and HIPAA-compliant. It’s not enough to add a disclaimer that warns people to only list the information they’re comfortable transmitting; most people will assume if a healthcare provider is offering the form online, that practitioner is also safeguarding the data. Healthcare organizations need to kick “Contact Us” and other form privacy up a notch by securing it beyond what a typical business would do. Adding an additional level of security is inexpensive and protects providers from appearing negligent if anything compromises patient information submitted through a form.

With that said, it’s important to note that providers cannot control the information that patients send on their own, through email, text, or other electronic formats. There are patients who will send photos and other sensitive health data through their non-encrypted email accounts but at least in those cases, it’s of their own accord. When a provider is hosting the form that houses the information, that organization assumes responsibility for safeguarding the sensitive data enclosed.

Prioritize Proper Storage

After someone submits information through a “Contact Us” form, where does it go? If you’re using an unsecured platform like Google Forms, that data is at risk of discovery by hackers or other cyber-criminals. Healthcare practices must have a secure system in place that encrypts the data upon submission by the patient and requires a decryption code from anyone who will read it. The same is true of any contact information stored on a server or in the cloud. No one should have access by simply clicking a file name. When data moves from active files to archives, it must still have strong security measures in place.

Every piece of protected health information obtained from patients, and written about them, must pass a stringent security test that includes encryption. This is true of data collected from contact pages and also to internal and external email. Don’t assume that a “secure server” is safe; communications and data stored electronically must have an added layer of security that includes encryption.

Send Notifications

Today’s modern Internet user has no time to lose. When a patient submits a form, he or she expects to hear back quickly, whether to make an appointment or have a health question answered. A savvy “Contact Us” workflow will incorporate notifications that push to email addresses and mobile devices so that several people are aware that a patient or potential patient is trying to make contact. The mobile aspect of the notifications is especially important, as more healthcare employees spend time away from their desks. These employees must properly secure notifications if they contain protected health information.

The bane of any Web form’s existence is the potential for spam. A lot of valuable time is wasted on non-human form submissions, and that’s time that healthcare workers could use to treat patients. A common way to weed out Web robots is to ask for security codes or answers to CAPTCHA codes. While effective, this adds an extra step for patients who are likely hoping to submit the form quickly and move on. For patients with visual impairments, CAPTCHA codes are even more frustrating. There are some form platforms, however, that eliminate the need for human validation and replace it with technology to block spam instead. If you go with a platform like this, ensure that it checks the entity submitting the form is on a modern Web browser that has JavaScript and cookies enabled. A Web robot will not have both of these specifications, while anyone using a modern browser will.

Whenever possible, healthcare providers should also educate patients on proper use of protected health information. For instance, patients should never reply to an email message asking for Social Security numbers or credit card numbers (and a practitioner should never ask for these things via email, either). A quick tutorial on the difference between secure email servers and data encryption is also a service that healthcare practitioners should offer, either by a staff member upon check in or through a paper/brochure the provider hands out. The more patients feel empowered to protect their data, the better chance practitioners have of keeping health information safe.

As more people head to the Web to have questions answered and bypass making phone calls, healthcare practitioners have a responsibility to keep data safe in transit, in storage, and when viewed by all employees.

Share this article

LuxSci founder Erik Kangas has an impressive mix of academic research and software architecture expertise, including: undergraduate degree from Case Western Reserve University in physics and mathematics, PhD from MIT in computational biophysics, senior software engineer at Akamai Technologies, and visiting professor in physics at MIT. Chief architect and developer at LuxSci since 1999, Erik focuses on elegant, efficient, and robust solutions for scalable email and web hosting services, with a primary focus on Internet security. Lecturing nationally and internationally, Erik also serves as technical advisor to Mediprocity, which specializes in mobile-centric, secure HIPAA-compliant messaging. When he takes a break from LuxSci, Erik can be found gleefully pursuing endurance sports, having completed a full Ironman triathlon and numerous marathons and half Ironman triathlons.

Facebook Comments