--- title: HIPAA-Compliant Contact Forms for Therapy Practices type: article created: '2026-04-05' updated: '2026-04-05' source_docs: - raw/2026-01-16-a-new-dawn-shine-marketing-call-114911969.md tags: - hipaa - contact-forms - wordpress - jane-app - therapy - compliance - website layer: 2 client_source: null industry_context: null transferable: true --- # HIPAA-Compliant Contact Forms for Therapy Practices ## Overview Standard WordPress contact forms are not HIPAA compliant. For therapy and healthcare practices, collecting client information through a generic web form creates a compliance risk unless the form provider has signed a **Business Associate Agreement (BAA)** with the practice. This issue surfaced during the [[clients/a-new-dawn-therapy/_index|A New Dawn Therapy]] website build and resulted in a structural change to the site's primary call-to-action. ## The Problem WordPress's default contact form plugins (and most generic form tools) do not offer a BAA, meaning any client-identifying information submitted through those forms is not handled in a HIPAA-compliant manner. For a therapy practice, even a general inquiry form can capture protected health information (PHI) — a client's name, reason for seeking therapy, or contact details in context. > *"Those contact pages are actually not HIPAA compliant... through WordPress, [they] don't have a BAA or whatever, to give me that information secure through the whole [system]."* > — Katie Geiser, A New Dawn Therapy ## The Solution: Route the Primary CTA to the EHR The cleanest workaround — and often the best UX outcome — is to bypass the contact form entirely for the primary conversion action. Instead of a "Contact Us" form, the **"Get Started" button links directly to the practice's EHR booking calendar** (in this case, Jane App). Because the EHR is already HIPAA-compliant and holds a BAA with the practice, all client data collected through that flow is covered. **Key structural decisions made for A New Dawn Therapy:** - The "Get Started" / primary CTA button links directly to the **Jane App booking calendar** - A dedicated "Contact Us" page was removed from the navigation - General contact information (phone, email, fax) is placed in the **site footer** or a static info block — not in a form - The **Client Portal** page simply links to the Jane App login page ## Secondary Options Worth Investigating If a practice genuinely needs a general inquiry form (e.g., for non-booking questions), there are two viable paths: 1. **EHR-native intake/inquiry forms** — If the EHR platform (Jane App, SimplePractice, TherapyNotes, etc.) offers a general contact or inquiry form, it is likely covered under the existing BAA. 2. **HIPAA-compliant third-party form tools** — Dedicated form platforms built for healthcare (e.g., Heymarket, Formstack with BAA, JotForm HIPAA) can be integrated into a WordPress site and will provide the necessary BAA. Sebastian noted this as a follow-up action: research HIPAA-compliant contact form options and share recommendations with the client. ## Design Implication: Prioritize One Conversion Action Removing the contact form also simplifies the conversion architecture. Rather than splitting visitor attention between a form and a booking link, the site drives everyone toward a single preferred action: **booking an appointment**. Contact details in the footer serve as a low-friction secondary option without competing with the primary CTA. This aligns with a general principle: on a service site, the more clearly you define the primary action, the higher the conversion rate. ## Related - [[clients/a-new-dawn-therapy/_index|A New Dawn Therapy — Client Overview]] - [[meetings/2026-01-16-a-new-dawn-website-content-finalization|A New Dawn Therapy — Website Content & Structure Finalization]] - [[knowledge/website/seo-page-length-for-service-pages|SEO Page Length for Service Pages]]