Not all “secure” forms are HIPAA secure by HIPAA Vault

Think your form tool is HIPAA compliant because it uses HTTPS? Think again. When it comes to collecting protected health information (PHI), compliance is about way more than encryption.

To actually meet HIPAA standards, a web form needs secure storage, access controls, audit logs, and—most importantly—a signed Business Associate Agreement (BAA) from your vendor. Without it, even the fanciest forms could land your practice in hot water.

A new guide from HIPAA Vault breaks it all down: how to tell if your form tool is compliant, where common builders fall short (hi, Google Forms), and why healthcare orgs are switching to HIPAA-first platforms.

✅ Unlimited staff access
✅ Built-in audit trails
✅ Signed BAA included
✅ 14-day free trial

👉 Explore the full guide and see how your form tool stacks up.

Industry News Roundup

Healthcare Breaches Drop in October, But the Numbers Don’t Tell the Whole Story

October 2025 logged just 28 large healthcare data breaches—the lowest monthly total since 2020 and a 31.7% drop from September. But before celebrating, there’s a major caveat: The month-long government shutdown delayed updates to the HHS breach portal, meaning many incidents may simply not have been logged yet.

Despite fewer reported breaches, over 11 million individuals were affected—a staggering 540% increase month-over-month. Most of that stems from Conduent Business Services, a major back-office vendor, which now appears to have exposed up to 14.8 million individuals’ data through a ransomware attack. The SafePay ransomware group has claimed responsibility, allegedly stealing 8.5TB of sensitive info.

Network server hacks dominated, accounting for 75% of breaches and nearly all affected individuals. While healthcare providers reported the most incidents, the vast majority of exposed records came from business associates—a reminder that third-party risk is still a huge vulnerability.

👉 Dive into the full breach breakdown

Data Breaches Hit NY Healthcare Providers—and a Fax Mishap in TN

Another week, another round of HIPAA headaches.

Pearlman Aesthetic Surgery, a high-profile plastic surgery practice in Manhattan, reported a hacking incident affecting nearly 12,000 patients. So far, the breach is light on details, but was formally logged with the HHS on November 9, 2025. There’s been no public notice on the practice’s website, but the fallout could grow as more information surfaces.

Meanwhile, Associated Radiologists of the Finger Lakes detected unauthorized network access over a two-day window in late October. While their full file review is still underway, the exposed data could include everything from SSNs to prescription info. A placeholder report was filed for at least 501 affected individuals, but that number could rise.

And in Tennessee, Fast Pace Urgent Care is cleaning up after a privacy fumble: an employee accidentally emailed records for 2,072 patients when only one was intended. The recipient claims the message was deleted, but that doesn’t undo the breach.

🔍 Explore the full details of each breach in the full article.

The last HIPAA form builder you'll ever need

Healthcare pros are ditching overpriced, under-secure form tools for HIPAA Vault, the all-in-one web form solution made just for medical practices. At $97/month, you get unlimited encrypted forms, unlimited users, and a signed BAA—without the nickel-and-diming of “per-user” pricing.

Unlike general form builders like JotForm or Google Forms (which isn’t even HIPAA compliant), HIPAA Vault is fully managed by security experts and designed to pass audits with flying colors. You’ll also get real-time audit logs, secure PHI storage, and <15-minute support if anything goes sideways.

What’s the catch? There isn’t one. Just clean, easy-to-use forms backed by security experts. According to users, setup takes under an hour, and it might even help you sleep at night.

👉 Try it free for 14 days and see why 1,000+ healthcare providers have made the switch.