PREVIOUS STEP:  7. Setting forms to be HIPAA Compliant


The HIPAA Compliant Form replaces any submit button included in the form with the HIPAA Custom Submit (indicated by the padlock icon).  At submission, the form will be encrypted and an API call is made to the HIPAA FORMS API and the form data saved into a HIPAA Compliant database storage solution. The only fields that are not encrypted are the required first name, last name, phone # and email in order to allow searching/filtering the forms in the "Submitted Forms" tab. The form itself (and all fields within it) are encrypted at the time of submission in order to protect the data in transit as well as at rest within the HIPAA FORMS Service data solution. 


The only way the form data can be viewed at this point is by logging into the Wordpress admin panel with valid username and password credentials for an account with the appropriate user role associated to it (administrator or hipaaforms) and opening the "Submitted Forms" tab within the HIPAA FORMS interface. Here another API request is sent to the HIPAA FORMS API and the submitted forms data is pulled. Once the data is returned from the API the associated encryption keys are then used to decrypt the form data and then display that data on the screen. While you can view this data within this tab the actual data is never stored anywhere on your server, it simply pulls it from the HIPAA FORMS Service API and the plugin decrypts and displays it.


NEXT STEP:  9. Accessing the Encrypted Forms Data