We are also running into the same issue whenever the hipaaforms.online site is down. This causes 502 bad gateway errors across the admin and frontend of the site. This is causing major problems for our client as they are a reputable medical center. And this is not the first time that has happened, as it also happened about 2 months ago, when this original post was created.
If you can not ensure better uptime on your servers, then I suggest reconfiguring your code to cancel requests when your servers are down.
We’re currently having an issue with AWS. We’re talking with our rep now to resolve it and should have it figured out soon.
Has this been solved yet? I’m really on the fence about using this plugin/service.
Is there anything I can read, anywhere, that might convince me this will work? There are so few installs and the reviews are questionable. It’s just a really big ask to make a HIPAA compliant plugin on an insecure platform like WordPress!
The plugin’s screenshots also worry me – from what I see, it looks like you can pull up the form information (with PHI) right on the WP CMS interface. That can’t be possible. Even as the admin of the website, I should have absolutely no access to the content in the forms…
Am I missing something?
Yes this was resolved within a couple of hours.
The way we’re able to make these HIPAA compliant is that the form data is not stored on your server or sent via email.
Instead, our plugin over-rides the default form submission functionality, encrypts the form data, pushes the encrypted data over SSL/TLS through our API and then stores that data on our HIPAA compliant encrypted database.
In order to access the submitted forms you have to login to the WP admin dashboard with an account with the appropriate permissions/user role and go to the HIPAA Forms interface.
From there the forms are pulled back down through our API, decrypted and then displayed.
Our API-based system allows us to ensure the data remain secured both in transit and at rest and that no PHI is ever stored on your hosting server or passed through insecure email.
We also incorporate a thorough logging system into our solution. Any time a user accesses the HIPAA Forms interface it’s logged and timestamped. We also log individual form interactions such as when a submitted form is viewed, archived, deleted or exported.
Finally, in order for our solution to be activated a BAA must be in place.
Hopefully that helps answer some of your questions as to how we’re able to keep the form submissions secure and compliant.
