wiki/knowledge/website/new-dawn-therapy-hipaa-contact-forms.md Layer 2 article 527 words Updated: 2026-04-05
↓ MD ↓ PDF
hipaa contact-forms wordpress jane-app therapy compliance website

HIPAA-Compliant Contact Forms for Therapy Practices

Overview

Standard WordPress contact forms are not HIPAA compliant. For therapy and healthcare practices, collecting client information through a generic web form creates a compliance risk unless the form provider has signed a Business Associate Agreement (BAA) with the practice. This issue surfaced during the [1] website build and resulted in a structural change to the site's primary call-to-action.

The Problem

WordPress's default contact form plugins (and most generic form tools) do not offer a BAA, meaning any client-identifying information submitted through those forms is not handled in a HIPAA-compliant manner. For a therapy practice, even a general inquiry form can capture protected health information (PHI) — a client's name, reason for seeking therapy, or contact details in context.

"Those contact pages are actually not HIPAA compliant... through WordPress, [they] don't have a BAA or whatever, to give me that information secure through the whole [system]."
— Katie Geiser, A New Dawn Therapy

The Solution: Route the Primary CTA to the EHR

The cleanest workaround — and often the best UX outcome — is to bypass the contact form entirely for the primary conversion action. Instead of a "Contact Us" form, the "Get Started" button links directly to the practice's EHR booking calendar (in this case, Jane App). Because the EHR is already HIPAA-compliant and holds a BAA with the practice, all client data collected through that flow is covered.

Key structural decisions made for A New Dawn Therapy:

Secondary Options Worth Investigating

If a practice genuinely needs a general inquiry form (e.g., for non-booking questions), there are two viable paths:

  1. EHR-native intake/inquiry forms — If the EHR platform (Jane App, SimplePractice, TherapyNotes, etc.) offers a general contact or inquiry form, it is likely covered under the existing BAA.
  2. HIPAA-compliant third-party form tools — Dedicated form platforms built for healthcare (e.g., Heymarket, Formstack with BAA, JotForm HIPAA) can be integrated into a WordPress site and will provide the necessary BAA.

Sebastian noted this as a follow-up action: research HIPAA-compliant contact form options and share recommendations with the client.

Design Implication: Prioritize One Conversion Action

Removing the contact form also simplifies the conversion architecture. Rather than splitting visitor attention between a form and a booking link, the site drives everyone toward a single preferred action: booking an appointment. Contact details in the footer serve as a low-friction secondary option without competing with the primary CTA.

This aligns with a general principle: on a service site, the more clearly you define the primary action, the higher the conversion rate.

Sources

  1. Index|A New Dawn Therapy
  2. Index|A New Dawn Therapy — Client Overview
  3. 2026 01 16 A New Dawn Website Content Finalization|A New Dawn Therapy — Website Content & Structure Finalization
  4. Seo Page Length For Service Pages|Seo Page Length For Service Pages