HIPAA-Compliant Contact Form — Jane App Embed
Overview
New Dawn requires HIPAA-compliant handling of client contact data. The question arose during site build: how to handle the contact form on the website given that standard form tools (Gravity Forms, Google Forms) are not HIPAA-compliant out of the box.
The agreed solution is to embed a form directly from Jane App — New Dawn's existing HIPAA-compliant CRM — so that data is stored in a compliant environment from the moment of initial entry.
The Compliance Requirement
New Dawn's HIPAA obligation is nuanced:
- A contact form submission is not HIPAA-protected at the time of submission
- Once a person signs on as a client, any prior communication and data they submitted retroactively falls under HIPAA protection
- This means data collected via a standard web form could become a compliance liability after the client relationship begins
Rather than building a workflow to delete or migrate pre-client form data after sign-on, the simpler approach is to route all contact data into a HIPAA-compliant store from the start.
Solution: Jane App Form Embed
Jane App is a therapist-focused CRM that New Dawn already uses. It is built with HIPAA compliance by design, including secure data storage.
Approach:
- Embed a Jane App form (or sign-up flow) directly on the New Dawn contact page
- Data flows from the embedded form into Jane App's HIPAA-compliant database immediately
- No intermediate storage in a non-compliant system
This sidesteps the complexity of making Gravity Forms or Google Forms compliant (BAAs, encrypted storage configuration, etc.).
Why Not Standard Forms?
| Option | HIPAA Compliant? | Notes |
|---|---|---|
| Google Forms | No | Not compliant out of the box |
| Gravity Forms | Not by default | Can be configured, but complex |
| Jane App embed | Yes | Compliant by design; data stays in Jane App |
Open Items
- [ ] Mark to research Jane App embed/integration options and confirm a form can be embedded on the contact page ([1])
- [ ] Confirm whether Jane App's embeddable form covers a generic "Contact Us" use case (vs. only appointment booking/sign-up flows)
- [ ] If Jane App embed is not viable, evaluate API-based integration as a fallback
Context
- Jane App is a Canadian company
- The platform appears to have some integration options, but API access may be limited (similar to other healthcare-adjacent SaaS tools)
- New Dawn's site is approximately 85% complete; the contact form is one of the remaining open items
- New Dawn has expressed interest in continuing to work with the team post-launch (digital downloads, checkout, eventual marketing)
Related
- [1]
- [2]