Remain Compliant With HIPAA Forms
Collect & Store Sensitive Patient Information Safely & Securely
“This is a new avenue of business that we had the pleasure of adopting which has surprised us in improving our core offering.”
– Braedon S, IT Manager Rassaun Services
Convenience
Signatures & Files
Integration
Backed Up
& Secure
Full
Offline Access
Mobile
Ready
Simplify HIPAA Data Management With Appenate
Transfer Real-Time Data Directly Into Your Existing Systems
Get An Account
Create HIPAA compliant forms under any Appenate plan. Try a free 15-day trial, and when you’re ready, sign up for a subscription.
Business Agreement
Appenate will sign a Business Associate Agreement stating our HIPAA compliance, enabling you to collect PHI.
Templating
Customize your output with existing Word & Excel Reports, providing more freedom & power with no complicated coding.
Form Connectors
Connect to external systems like SQL, PowerBI, Google BigQuery & Sharepoint or push your data using our REST Connector.
HIPAA With Appenate
HIPAA Forms Why?
Healthcare professionals use HIPAA-secure mobile forms to accelerate patient intake, eliminate administrative bottlenecks, & rapidly access sensitive patient data.
HIPAA Forms How?
We provide “Is Personal Data” checkboxes for every form field, allowing you to specify what data falls under “Protected Health Information (PHI)”. These fields are anonymized at all points of export from the system.
No Additional Cost
Our platform as a whole is HIPAA compliant. You’ll be able to create compliant forms under any Appenate subscription plan.
Free Support & Training
We want every customer to get maximum value from Appenate, so we provide FREE 1-on-1 training and quality support.
Common questions about GDPR and privacy at Appenate
Accordion content.There is no additional charge. The platform as a whole provides HIPAA compliant functionality for you to use. Create compliant forms under any Appenate subscription.
Any form that you create can be HIPAA compliant. We provide “Is Personal Data” checkboxes for every form field, allowing you to specify what data falls under “Protected Health Information (PHI)”. When checked, these fields are anonymized at all points of export from the system.
While we provide example Forms that you can use immediately, all Forms can be customized (or created from scratch) as desired. Simply ensure that any Protected Health Information (PHI) fields in your Form design make use of our “Is Personal Data” option.
Appenate has undertaken a number of initiatives to meet HIPAA requirements:
Business Associate Agreement (BAA)
Appenate has drawn up a Business Associate Agreement (BAA) stating our HIPAA compliance, allowing you to collect PHI through your Appenate forms.
Encryption of data at rest and in transit
All data stored within the Appenate Platform is encrypted on our servers, be this within a database, storage service, or file backups.
All data transport between servers, services and/or devices (both internally and externally) occur exclusively over SSL encrypted transport protocols.
Dedicated HIPAA information page
We have created a dedicated webpage with detailed information about Appenate’s compliance efforts at /hipaa
“Is Personal Data” flags for data entities in the platform (e.g. forms and data sources)
The Appenate Platform now provides new checkbox options to allow Appenate customers to flag/identify data fields that contain personal data. This, in turn, allows the Appenate Platform to anonymize these fields when data leaves the Appenate Platform (e.g. via manual export, connector integrations, and/or the Appenate Platform API).
Careful vetting of sub-processors
Each sub-processor of Appenate is vetted by our team in the areas of security, contractual terms, data processing agreements, and EU standard contractual clauses / Privacy Shield.
Appenate has drawn up a Business Associate Agreement (BAA) stating our HIPAA compliance, allowing you to collect PHI through your Appenate forms.
Appenate customers decide the nature of data being captured and stored, and they choose which individuals interact with the Appenate Platform (thus, in turn, whose personal data is captured and processed). It is thus you, as an Appenate customer, that legally acts as the “Controller”.Appenate provides the means (the Appenate Platform) for Appenate customers to capture data and interact with their respective users, clients, and other parties.
As such, Appenate is only processing personal data for, and on behalf of, Appenate customers as a “Processor”.
The only case where Appenate acts as a Controller is during a limited set of direct interactions with Appenate customers (these being governed by the Appenate Privacy Policy).
For registered users on the platform, basic contact information is processed (i.e. direct identifiable personal data such as e-mail addresses or name) as well as minimal device information, connection information, and geolocation.
While it’s not up to us to control what data we receive, this can include items such as contact information, IP addresses, and other data.
We process customer-submitted data as part of our contractual obligation to our customers and in accordance with applicable laws.
We use certain sub-processors to assist in providing the Appenate platform to customers. A sub-processor is a third-party data processor engaged by Appenate, that has or potentially will have access to or process customer data (which may include personal data).
All other data entities
This is determined and configured by Appenate’s customers, based on their own agreements with data subjects in turn.
The Appenate Platform provides customers with functionality to delete data entities as needed.
Appenate backups
Backups are performed on a regular basis and are kept in encrypted, secure storage for up to 60 days.
This means that items deleted in production environments are available for restoration from backups for up to 60 days thereafter.
Appenate test/development environments
Data is occasionally extracted from production to development/testing environments for support, testing and debugging purposes.
When this occurs, personal data is anonymized in order to assure privacy.
All other data entities
This is determined and configured by Appenate’s customers, based on their own agreements with data subjects in turn.
The Appenate Platform provides customers with functionality to delete data entities as needed.
Appenate backups
Backups are performed on a regular basis and are kept in encrypted, secure storage for up to 60 days.
This means that items deleted in production environments are available for restoration from backups for up to 60 days thereafter.
Appenate test/development environments
Data is occasionally extracted from production to development/testing environments for support, testing and debugging purposes.
When this occurs, personal data is anonymized in order to assure privacy.
Personal data stored on the Appenate Platform may be visible to:
Appenate employees & contractors
All employees & contractors are trained and contractually committed to following Appenate’s privacy, security, and data protection practices.
Sub-processors
We work with carefully selected services to provide aspects of the Appenate platform and may process data with these services as necessary to provide Appenate platform services.
Other third parties if required by applicable law or where Appenate has a good-faith belief that such disclosure is reasonably necessary to:
(a) protect the safety of any person from death or serious bodily injury, or
(b) prevent fraud or abuse
Access only occurs to the extent and limited to such personal data as necessary for that specific purpose of the respective party.
The Appenate Platform is hosted in 3 regions (“nodes”) across the world – specifically USA, Europe, and Australia. Appenate also provides software features to Appenate customers, which allows them to anonymize personal data upon export out of the Appenate Platform.
Registered administrator users may be contacted by Appenate with news or offers about the Appenate Platform. This communication can be unsubscribed at any time by the user.
Appenate does not use personal data processed through the Appenate Platform for direct marketing purposes, nor does the Appenate Platform employ automated decision-making processes/techniques which create or deny rights to individual persons.
We only process personal data under instruction and under control of the Appenate customer for the purpose of the Appenate Platform solution.