Remain Compliant With HIPAA Forms

Collect & Store Sensitive Patient Information Safely & Securely

Simplify HIPAA Data Management With Appenate

appenate-hipaa-data-collection

Get An Account

Create HIPAA compliant forms under any Appenate plan. Try a free 30-day trial, and when you’re ready, sign up for a subscription.

Business Agreement

Appenate will sign a Business Associate Agreement stating our HIPAA compliance, enabling you to collect PHI.

Templating

Customize your output with existing Word & Excel Reports, providing more freedom & power with no complicated coding.

Form Connectors

Connect to external systems like SQL, PowerBI, Google BigQuery & Sharepoint or push your data using our REST Connector.

HIPAA With Appenate

Read More Of Our HIPPA FAQs

HIPPA Forms Why?

Healthcare professionals use HIPAA-secure mobile forms to accelerate patient intake, eliminate administrative bottlenecks, & rapidly access sensitive patient data.

No Additional Cost

Our platform as a whole is HIPAA compliant. You’ll be able to create compliant forms under any Appenate subscription plan.

HIPPA Forms How?

We provide “Is Personal Data” checkboxes for every form field, allowing you to specify what data falls under “Protected Health Information (PHI)”. These fields are anonymized at all points of export from the system.

Free Support & Training

We want every customer to get maximum value from Appenate, so we provide FREE 1-on-1 training and quality support.

Sign Up & Try Our Ready-to-Use HIPAA Form Templates

Free training, support and implementation
Access to entire platform
A free proof of concept
Test our white label offering
Dedicated customer success consultant
Help with migrating forms over to Appenate

Migrating is easier than you think. Our team includes dedicated specialists that will help you transition fast and cleanly, no mess, no fuss! 
We’ll also help you get maximum value from Appenate with FREE 1-on-1 training and quality support.

Plans start from 5 users & scale to suit any scenario.

By signing up, you agree to our Terms and Conditions and Privacy Policy

HIPAA Frequently Asked Questions

  • Is there an additional charge for HIPAA compliance?

    There is no additional charge. The platform as a whole provides HIPAA compliant functionality for you to use.
    Create compliant forms under any Appenate subscription.

  • Are we limited to specific forms?

    Any form that you create can be HIPAA compliant.
    We provide “Is Personal Data” checkboxes for every form field, allowing you to specify what data falls under “Protected Health Information (PHI)”.
    When checked, these fields are anonymized at all points of export from the system.

  • Are form fields set in stone?

    While we provide example Forms that you can use immediately, all Forms can be customized (or created from scratch) as desired.
    Simply ensure that any Protected Health Information (PHI) fields in your Form design make use of our “Is Personal Data” option.
  • What has Appenate done to meet HIPAA requirements?

    Appenate has undertaken a number of initiatives to meet HIPAA requirements:

    Compliance Self-Audit
    We have internally audited our processes and systems to ensure HIPAA requirements followed according to industry best practices.

    Business Associate Agreement (BAA)
    Appenate has drawn up a Business Associate Agreement (BAA) stating our HIPAA compliance, allowing you to collect PHI through your Appenate forms.

    Encryption of data at rest and in transit
    All data stored within the Appenate Platform is encrypted on our servers, be this within a database, storage service, or file backups.
    All data transport between servers, services and/or devices (both internally and externally) occur exclusively over SSL encrypted transport protocols.

    Dedicated HIPAA information page
    We have created a dedicated webpage with detailed information about Appenate’s compliance efforts at https://www.appenate.com/hipaa

    “Is Personal Data” flags for data entities in the platform (e.g. forms and data sources)
    The Appenate Platform now provides new checkbox options to allow Appenate customers to flag/identify data fields that contain personal data. This, in turn, allows the Appenate Platform to anonymize these fields when data leaves the Appenate Platform (e.g. via manual export, connector integrations, and/or the Appenate Platform API).

    Careful vetting of sub-processors
    Each sub-processor of Appenate is vetted by our team in the areas of security, contractual terms, data processing agreements, and EU standard contractual clauses / Privacy Shield.

  • What is a Business Associate Agreement (BAA)?

    According to the Department of Health and Human Services:

    “The HIPAA Rules generally require that covered entities and business associates enter into contracts with their business associates to ensure that the business associates will appropriately safeguard protected health information. The business associate contract also serves to clarify and limit, as appropriate, the permissible uses and disclosures of protected health information by the business associate, based on the relationship between the parties and the activities or services being performed by the business associate. A business associate may use or disclose protected health information only as permitted or required by its business associate contract or as required by law. A business associate is directly liable under the HIPAA Rules and subject to civil and, in some cases, criminal penalties for making uses and disclosures of protected health information that are not authorized by its contract or required by law. A business associate also is directly liable and subject to civil penalties for failing to safeguard electronic protected health information in accordance with the HIPAA Security Rule.”

    Appenate has drawn up a Business Associate Agreement (BAA) stating our HIPAA compliance, allowing you to collect PHI through your Appenate forms.

  • Who is a Controller or a Processor?

    Appenate customers decide the nature of data being captured and stored, and they choose which individuals interact with the Appenate Platform (thus, in turn, whose personal data is captured and processed).
    It is thus you, as an Appenate customer, that legally acts as the “Controller”.

    Appenate provides the means (the Appenate Platform) for Appenate customers to capture data and interact with their respective users, clients, and other parties.

    As such, Appenate is only processing personal data for, and on behalf of, Appenate customers as a “Processor”.
    The only case where Appenate acts as a Controller is during a limited set of direct interactions with Appenate customers (these being governed by the Appenate Privacy Policy).

  • What types of Personal Data does the Appenate Platform process?

    For registered users on the platform, basic contact information is processed (i.e. direct identifiable personal data such as e-mail addresses or name) as well as minimal device information, connection information, and geolocation.

    Other personal information may also be processed by the Appenate Platform through data captured and stored by Appenate customers.

    While it’s not up to us to control what data we receive, this can include items such as contact information, IP addresses, and other data.

    We process customer-submitted data as part of our contractual obligation to our customers and in accordance with applicable laws.

  • Does the Appenate Platform utilize sub-processors? Show me the list?

    We use certain sub-processors to assist in providing the Appenate platform to customers. A sub-processor is a third-party data processor engaged by Appenate, that has or potentially will have access to or process customer data (which may include personal data). Our list of current sub-processors is available here.

  • How long does personal data remain on the Appenate Platform?

    Registered users
    All personal data relating to a user is either deleted or anonymized within 7 days of the user deletion action. The 7 day period allows for fast recovery if the deletion was accidental.
    For the avoidance of doubt, deactivation of a user account does not remove the account or its personal data; the account is simply archived.

    All other data entities
    This is determined and configured by Appenate’s customers, based on their own agreements with data subjects in turn.
    The Appenate Platform provides customers with functionality to delete data entities as needed.

    Appenate backups
    Backups are performed on a regular basis and are kept in encrypted, secure storage for up to 60 days.
    This means that items deleted in production environments are available for restoration from backups for up to 60 days thereafter.

    Appenate test/development environments
    Data is occasionally extracted from production to development/testing environments for support, testing and debugging purposes.
    When this occurs, personal data is anonymized in order to assure privacy.

  • Who has access to personal data stored on the Appenate Platform?

    Personal data stored on the Appenate Platform may be visible to:

    Appenate customers
    Depending on their assigned access permissions, users can view and access personal data collected and/or stored within their Appenate customer account.

    Appenate employees & contractors
    All employees & contractors are trained and contractually committed to following Appenate’s privacy, security, and data protection practices.

    Sub-processors
    We work with carefully selected services to provide aspects of the Appenate platform and may process data with these services as necessary to provide Appenate platform services.

    Other third parties if required by applicable law or where Appenate has a good-faith belief that such disclosure is reasonably necessary to:
    (a) protect the safety of any person from death or serious bodily injury, or
    (b) prevent fraud or abuse

    Access only occurs to the extent and limited to such personal data as necessary for that specific purpose of the respective party.

  • Where is personal data stored?

    The Appenate Platform is hosted in 3 regions (“nodes”) across the world – specifically USA, Europe, and Australia. Appenate also provides software features to Appenate customers, which allows them to anonymize personal data upon export out of the Appenate Platform.

  • Is data processed by Appenate used for direct marketing or automated decision making?

    Registered administrator users may be contacted by Appenate with news or offers about the Appenate Platform.
    This communication can be unsubscribed at any time by the user.

    Appenate does not use personal data processed through the Appenate Platform for direct marketing purposes, nor does the Appenate Platform employ automated decision-making processes/techniques which create or deny rights to individual persons.
    We only process personal data under instruction and under control of the Appenate customer for the purpose of the Appenate Platform solution.

Get Started With A Free Trial Today!