Guide to HIPAA Compliant Forms & Private Practice Paperwork

Learn what makes an online form HIPAA compliant with Healthie. Read about online intake forms and private practice paperwork you may need.

In 1996, the Health Insurance Portability and Accountability Act was passed, and required the HHS to put national standards in place for electronic transactions and code sets that include personal health information. There are a variety of standards that have been put in place to continue to enforce personal health privacy and information. It is critical for healthcare providers to understand and comply with HIPAA to protect both their practice and their clients’ personal health information. 

The Basic HIPAA-Compliance Rules

The Privacy Rule, added in 2000, protected individually identifiable health information processed by three types of covered entities: health plans, healthcare clearinghouses, and healthcare providers. Health plans are the individual and/or group plans that provide or pay the cost of medical care. Healthcare providers include any provider who transmits health information electronically to other covered entities. Healthcare clearinghouses are those that process nonstandard information they receive from other entities or vice versa. 

Added in 2003, the Security Rule set standards for protecting the confidentiality, integrity, and availability of electronic protected health information. Lastly, the Omnibus Rule leverages provisions of the HITECH Act that strengthen the privacy and security protections for personal health information. 

What are HIPAA Compliant Forms and How Do I Build Them? 

An important aspect of being HIPAA-compliant is notifying clients of their rights and how their personal health information may be shared, and obtaining their authorization to release said information. Overall, the most important thing as a healthcare provider is to be absolutely sure you have received your client’s consent to exchange their PHI with other entities. 

So, when are you required to give a HIPAA compliant release form to your clients? HIPAA authorization from clients is needed when personal health information needs to be disclosed for a reason that is not covered in the Privacy Rule of the original HIPAA Act.  Covered disclosures include treatment, payment, and healthcare operations. Non-covered instances may include:

  • Disclosing PHI to a third party, such as a family member, parent, or guardian
  • Using PHI for marketing or fundraising purposes
  • Using PHI for research
  • Disclosing any psychotherapy notes
  • Disclosing PHI for monetary compensation

The HHS has also outlined requirements for how to structure your HIPAA compliant authorization form. The overarching requirement for every single release form is that the communications must be written in plain language; this means that when describing how a patient’s health information will be used, HIPAA compliant forms  must be in basic, easy-to-understand language, free of too much technical or medical jargon. Forms must also be easily available for patients to read and review before they sign and authorize the release of their information. Aside from that, the bare bones of the form include: a description of the type of PHI that will be disclosed, the purpose for disclosure, who the information will be shared with, the date at which a patient’s consent expires, and the patient’s dated signature. The form must also educate each client about their rights, which include the right to revoke said authorization and how to do so, any exceptions to do so, and that they cannot be penalized for not providing authorization. 

Are Google Forms HIPPA Compliant?

If you implement your HIPAA strategy in the right way, you can use Google Forms to obtain HIPAA authorization and other personal health information from clients. To use Google Forms, you must obtain a Business Associate’s Agreement from Google. A business associate is “a person or entity, other than a member of the workforce of a covered entity, who performs functions or activities on behalf of, or provides certain services to a covered entity that involve access by the business associate to protected health information.” 

A BAA is critical to describe how the third party protects and secures the PHI to which they have access, and outlines the “uses and disclosures of the protected health information by the business associate.”  It is likely that your business associates already have a BAA prepared to share upon request; you as the provider are required to initiate the process of obtaining and signing the BAA in order to ensure compliance. This means you can use Google Forms for HIPAA authorization, intake forms, progress surveys, and any other instances in which you might need to collect a client’s personal health information. 

Other HIPAA Compliant Client Forms you Might Need

Once you have received HIPAA authorization to release a client’s personal health information, you will need to collect said health information through other intake forms. Some important online intake forms may include:

  • New Client Intake Forms: Collect basic patient information such as demographics, contact information, payment information, and medical history
  • Office Policies: This can include cancellation or rescheduling policies, client-provider contact policies, and financial responsibilities. 
  • Referral Information: If your client was referred by a primary care provider, collect that information on this form to build your network. 
  • Insurance Information: If you are an insurance based practice, you can collect your client’s insurance information and photos of their insurance card right off the bat. 

Leveraging a cloud-based platform is a useful solution to both securely store patient paperwork, complete chart notes and to streamline the intake form process. 

Using Healthie for HIPAA-Compliant Forms & Cloud Storage

With Healthie, a practice management platform for wellness professionals, you can create your new patient intake forms and will automatically distribute them to patients to complete electronically. Healthie’s EHR and practice management platform is HIPAA-compliant, so you can rest assured that your client’s information is secure. 

Here’s what you gain when working with your wellness clients via Healthie: 

  • HIPAA-Compliant forms and charting
  • Insurance Billing
  • Patient Engagement
  • Payment Processing
  • Reporting and analytics

Whether you’re a solo practitioner or part of a multi-provider group or organization, our flexible membership plans adapt to meet your business needs. Let us help you launch your practice.

Make more time to grow your business

Use a platform that automates the administrative, so you can focus on growth and care.

Free 14-day Trial

Make more time to grow your business

Use a platform that automates the administrative, so you can focus on growth and care.

Stay Updated with Healthie

Sign-up to our newsletter.

Thank you, you've been subscribed!
Oops! Something went wrong while submitting the form.