Privyr Blog

If you’re based in the US and collect medical information online, you probably know that one of the regulations you need to follow is HIPAA. HIPAA protects individuals’ medical information, and failure to comply with it will result in costly fines and legal action. Therefore, you may want to know what forms are HIPAA-compliant if you’re collecting medical information on your website through WordPress forms. 

In this article, we share the best HIPAA-compliant WordPress forms you should know about. Also, since most forms may not have HIPAA-compliant features by default, we’ll guide you through on how to make them HIPAA-compliant. 

What is HIPAA?

HIPAA (Health Insurance Portability and Accountability Act) is a US law that protects the privacy and security of individuals’ medical information. The law requires the implementation of specific safeguards to protect the privacy and security of individuals’ protected health information (PHI). Anyone collecting PHI online in the United States is required to follow this regulation. 

Why are HIPAA-Compliant forms necessary?

If you are collecting health information online, you’re legally required to adhere to the protection and fair use of public data by following HIPAA regulations. HIPAA-compliant forms ensure that the collection, storage, and transmission of public health information is secure. HIPAA aims to protect people’s private medical information from being exposed, mishandled, or misused by third parties.

If your form collects any type of health information, such as medical history, it must meet HIPAA’s requirements for privacy, security, and confidentiality. This includes:

1. Using secure channels for collection and transmission of data.

2. Obtaining signed Business Associate Agreements (BAAs) from any third-party vendors that have access to the PHI.

5 Best HIPAA-Compliant WordPress Forms

You’re probably aware of specific WordPress forms that are HIPAA-compliant. However, by default, it’s always safer to assume that most WordPress forms don’t have HIPAA-compliant features. You’ll have to make them HIPAA-compliant either by upgrading your plan or with the help of third-party extensions. Plus, you have to follow certain procedures to make a HIPAA- compliant form, even if the form says that it comes with it. Here’s a list of 5 best HIPAA compliant WordPress Forms.

1. The best free HIPAA-Compliant WordPress Form: WordPress Contact Form 7

Contact Form 7 is an excellent HIPAA-compliant form solution for your WordPress site, which you can get for free. It’s simple and easy to use. And it also has an extensive third-party extension ecosystem that makes it a cost-effective option for creating secure and compliant forms. 

However, Contact Form 7 does not come with HIPAA compliant features by default, so you’ll need to do a little bit of work to make it so. You can make it HIPAA-compliant through third-party extensions, such as the “Contact Form 7 – Encrypted Fields” plugin. All you have to do is install the plugin and configure the extension to enable the encryption of sensitive data and adhere to HIPAA requirements. Next, you’ll need to obtain a Business Associate Agreement (BAA) by signing a BAA as part of  the HIPAA regulations compliance.

WordPress Contact Form 7 is free to use, and offers a simple and user-friendly form builder. It also comes with a wide range of third-party extensions. However, since it requires a third-party plugin for HIPAA compliance, the form with HIPAA compliance might not be completely free. Plus, the procedure may bring some complexity to new users.

If you have been using Contact Form 7 and want to know how to send your leads from your form to Google Sheets, check out this article.  

2. The best beginner-friendly HIPAA compliant WordPress Form: WP Forms

WP Forms is a great beginner-friendly HIPAA compliant form solution for your WordPress site. It offers an intuitive drag-and-drop form builder interface, pre-built templates, and seamless integration with popular platforms, making it easy for new users to build forms. 

However, to make WP Forms HIPAA-compliant, you’ll need to upgrade your plan to “WP Forms Elite”. Then, you’ll have to go through certain procedures. First, you need to enable form encryption. WP Forms Elite includes a form encryption feature, which encrypts sensitive data before it is stored or transmitted. Next, you need to obtain a Business Associate Agreement by signing a BAA with WP Forms. And finally, after enabling HIPAA compliance, you’ll need to ensure your website uses an SSL certificate to encrypt data transmitted between your site and your users.

WP Forms offer a beginner-friendly drag-and-drop form builder, and has a wide range of pre-built templates for various purposes. That being said, if you’re looking to make it HIPAA-compliant, you’ll have to upgrade to its elite plan, which may be costly for some users. Also, it may not offer as many advanced features as some competing plugins despite being beginner-friendly.

3. The best HIPAA-Compliant WordPress Form with great features: Gravity Forms

Gravity Forms is a powerful and feature-rich WordPress form plugin. Its extensive features, user-friendly form builder, and wide range of add-ons and integrations make it one of the top choices for a HIPAA-compliant form solution.

Although it comes with advanced options, Gravity Forms is not HIPAA-compliant out-of-the-box. To make it HIPAA-compliant, you’ll need to take additional steps through a third-party extension. It involves installing and activating the extension and following a process that includes encrypting sensitive data, signing a BAA, and encrypting data by using a SSL certificate on your website. 

Gravity Forms offers many great features for users, including conditional logic support and multi-page forms with an extensive range of add-ons and integrations. However, if you’re looking to make it HIPAA-compliant, it requires a third-party plugin and the “Gravity Forms Encrypted Fields” add-on, which may increase the cost of maintaining your forms. Plus, the feature-rich nature of Gravity Forms may present a steeper learning curve for beginners. If you have limited resources, the premium pricing model may not be suitable for you.

4. The best versatile HIPAA-Compliant WordPress Form: Jotform

JotForm is a versatile yet powerful online form builder that allows you to create a wide variety of form types, ranging from simple contact forms to advanced surveys and payment forms. It can function both as a standalone form or as an embedded form within your WordPress site. Jotform’s wide range of templates and form elements further enhances its versatility, allowing you to create diverse forms to suit your needs.  

JotForm not only provides a secure online form solution, you can also easily make it HIPAA-compliant with a signed BAA in place. However, you’ll need to upgrade to its “Gold Plan” to make your forms HIPAA-compliant. It offers one of the most straightforward ways to make your forms compliant with the regulations. The form also allows seamless integration with popular platforms, such as Google Workspace, Mailchimp, and CRMs. This makes it easy for you to collect, process, and manage PHI data in a secure, compliant manner. 

However, there might be a few cons of using Jotform First, the huge array of features and options may be overwhelming for new users. And the fact that users need to subscribe to a higher-priced plan to access HIPAA-compliant features could also be a dealbreaker. Also, you may require additional plugins or manual coding to embed forms within WordPress.

5. The best value HIPAA-Compliant WordPress Form: Ninja Forms

Ninja Forms offers an extensive feature set with competitive pricing. In addition to its affordability, Ninja Forms also offers a wide range of add-ons and integrations, so you can seamlessly connect your forms to your CRMs, email marketing tools, and payment platforms. It can be your best value for money HIPAA-compliant WordPress form because you can customise your forms to meet your unique needs without breaking the bank.

You can use Ninja Forms base plugin for free, but for HIPAA compliance, you’ll need the premium WebMerge add-on, which allows you to securely collect, store, and transmit PHI data. The WebMerge add-on, coupled with a signed BAA, ensures that your Ninja Forms meets HIPAA regulations.

Ninja Forms offers affordable forms solutions and has extensive customisation options with a user-friendly interface. However, the fact that it requires the WebMerge add-on for HIPAA compliance may increase costs for some users. Moreover, if you’re a beginner, you may find that the initial setup to be a bit more complex than other form plugins. It offers limited built-in templates but its customisation options compensate for this.


Achieving HIPAA compliance on your WordPress forms is an ongoing process that involves regular monitoring, updates, and assessments. Always ensure you’re regularly consulting with a HIPAA expert or legal counsel so your implementation meets all necessary requirements.

If you want to manage your WordPress leads from your smartphone, try Privyr. It seamlessly integrates with WordPress forms and imports leads to your mobile phone instantly, allowing you to contact them within seconds. You can learn to use it in seconds and the best part is that receiving leads on your device is free with Privyr. 

Frequently asked questions

Are WordPress Forms HIPAA compliant?

Most WordPress Forms are technically HIPAA compliant. However, they aren’t HIPAA compliant out of the box. You may either need to upgrade your plan or use necessary third-party plugins to make them HIPAA compliant.

How do I make my WordPress Form HIPAA compliant?

While some WordPress Forms, such as Jotforms allow you to make your forms HIPAA compliant with an upgrade to your plan, you’ll need third-party plugins or go through additional steps that include encrypting data, signing BAA, etc. for other WordPress Forms.

How do I create a HIPAA compliant web form?

To make your WordPress Form HIPAA compliant, you should sign a Business Associate Agreement (BAA), obtain a Secure Sockets Layer (SSL) certificate, and encrypt your collected data.

Can I make Google Forms HIPAA compliant?

You can make Google Forms HIPAA compliant by signing a BAA with Google and changing security and privacy settings on the account to safeguard protected health information (PHI).

Want sales tips and tricks delivered to your inbox?

Subscribe to Privyr’s newsletter, trusted by over 50,000 salespeople, marketers, and small businesses.


A writer from the heart and marketer from the mind, Michael writes to help businesses implement effective sales and marketing strategies.