HIPAA & SECURITY

PainlessForms.com operates as a “Business Associate” under part 103 of the HIPAA Privacy Rule.  Additionally, our online process was designed to remove any HIPPA liability for our customers.

When a patient logs in for their appointment, we get the patient’s permission to share their protected health information (PHI) ONLY with you, our customer.  This places the responsibility for the security and privacy of their data squarely on us, as we have a direct HIPAA agreement with the user, assuring them that we will protect their data and only disclose their PHI to their provider.

You Can’t Hack What is not Here

The nature of the PainlessForms.com service is passive in nature. After the PHI is passed to your office, the data is purged from our systems. Since we do not have a storehouse of archived personal data, our servers log fewer hack attempts when compared to more valuable targets.

Privacy and Security Audit Protocol

Painless Forms passed its annual administrative, physical and technical safeguards audit on April 20th, 2018.

  • Additional HIPAA Safeguards
  • Only private cabinets and dedicated physical servers that are owned by PainlessForms.com are used for PHI in a SSAE 16 SOC-1 Type II compliant data center. No 3rd party or cloud based hosting services are ever used.
  • Our service automatically blocks computers that reach the failed login attempt threshold.
  • No open source software is used on the software engine that drives the PainlessForms.com service making it less susceptible to common security vulnearbilities.  Every line of code was written here in Dallas, Texas.
  • Only employees have access to facilities, software and data. N0 3rd party or off-shore software developers are ever used on our software.