26 terms defined

Healthcare Forms Glossary

A comprehensive reference for patient intake, HIPAA compliance, and digital healthcare workflows. Whether you’re digitizing intake for the first time or evaluating platforms, this glossary covers every term you need to know.

Compliance (9)Forms (10)Healthcare (7)

A B C D E F H I M N P Q R S W

Audit Trail: A chronological record of all actions performed on patient data, who accessed it, what they did, when, and from where. HIPAA requires covered entities to maintain audit trails for all systems containing PHI. In Formisoft, every view, create, update, delete, and export event is automatically logged.
BAA (Business Associate Agreement): A legally binding contract between a HIPAA covered entity (like a healthcare provider) and a business associate (like Formisoft) that establishes permitted uses and disclosures of protected health information (PHI). A BAA is required before any vendor can handle PHI on behalf of a covered entity. Formisoft includes a BAA on every plan.
Conditional Logic: Rules that dynamically show, hide, or modify form fields based on a patient's previous answers. For example, if a patient selects "Yes" for "Do you take medications?", a follow-up field for medication details appears automatically. Conditional logic reduces form length for patients while capturing complete data when needed.
Covered Entity: Under HIPAA, a health plan, healthcare clearinghouse, or healthcare provider that transmits health information electronically. Covered entities must comply with all HIPAA regulations including the Privacy Rule, Security Rule, and Breach Notification Rule. Most healthcare practices using digital intake forms are covered entities.
Draft Auto-Save: A feature that automatically saves a patient's form progress at regular intervals (typically every 30 seconds) without requiring manual action. If a patient closes their browser, loses connectivity, or needs to take a break, they can resume exactly where they left off. This is especially important for lengthy intake forms completed on mobile devices.
E-Signature: An electronic signature captured on a digital form, legally equivalent to a handwritten signature for most healthcare purposes. Used for consent agreements, treatment authorizations, HIPAA acknowledgments, and financial responsibility forms. Formisoft captures e-signatures with timestamp, IP address, and device metadata for legal validity.
EHR / EMR: Electronic Health Record (EHR) and Electronic Medical Record (EMR) are digital versions of a patient's medical chart. An EMR is typically used within a single practice, while an EHR is designed to be shared across organizations. Formisoft integrates with EHR/EMR systems via webhooks, API, and FHIR to automatically route intake data into patient records.
Encryption (AES-256 / TLS 1.3): The process of converting data into a coded format that can only be read with the correct decryption key. AES-256 (Advanced Encryption Standard with 256-bit keys) is used for data at rest, stored in databases and files. TLS 1.3 (Transport Layer Security) encrypts data in transit between the patient's device and Formisoft's servers. Both are required for HIPAA compliance.
FHIR: Fast Healthcare Interoperability Resources, a modern standard for exchanging healthcare information electronically, maintained by HL7 International. FHIR uses RESTful APIs and common web formats (JSON, XML) to enable different healthcare systems to communicate. It's becoming the primary standard for healthcare data exchange in the US.
HIPAA: Health Insurance Portability and Accountability Act, a US federal law enacted in 1996 that establishes national standards for protecting sensitive patient health information. HIPAA includes the Privacy Rule (who can access PHI), the Security Rule (technical safeguards required), and the Breach Notification Rule (what to do if data is compromised). Any healthcare provider or vendor handling patient data must comply.
HL7: Health Level Seven International, a set of standards for the exchange, integration, sharing, and retrieval of electronic health information. HL7 v2 is the most widely adopted healthcare messaging standard. HL7 FHIR is the newest standard designed for modern web applications.
ICD-10: International Classification of Diseases, 10th Revision, a medical coding system maintained by the WHO and used worldwide to classify diseases, symptoms, injuries, and procedures. Contains over 70,000 codes. Used in intake forms for conditions checklists and medical history fields to standardize patient-reported data.
Intake Form: A form completed by patients before a healthcare visit to provide demographic information (name, address, phone), insurance details, medical history (conditions, medications, allergies), and consent signatures. Digital intake forms replace paper clipboards and enable pre-visit data collection via email or text message links.
Magic Link: A secure, single-use URL sent to a patient via email or SMS that allows them to access and complete their intake forms without creating an account or remembering a password. Magic links expire after a set period and can only be used once, maintaining security while eliminating friction for patients.
Minimum Necessary Standard: A HIPAA principle requiring that covered entities limit PHI access to the minimum amount necessary to accomplish the intended purpose. In practice, this means staff should only see the patient data they need for their role, not all patient records. Formisoft enforces this through role-based access control and organization-scoped data.
Multi-Page Form: A form divided into multiple pages or sections (e.g., Demographics → Insurance → Medical History → Consent) for easier completion. Multi-page forms reduce cognitive load, show progress indicators, and allow patients to complete intake in manageable steps. Progress is saved automatically between pages.
NPI: National Provider Identifier, a unique 10-digit identification number required for all healthcare providers in the United States. Assigned by CMS (Centers for Medicare & Medicaid Services), the NPI is used in all HIPAA-regulated transactions including electronic billing, referrals, and prescriptions.
Patient Portal: A secure online platform where patients can access their health information, complete intake forms, view appointment history, and communicate with their healthcare provider. Formisoft serves as a patient-facing intake portal that can be branded to match your practice.
PHI (Protected Health Information): Any individually identifiable health information held or transmitted by a covered entity or its business associates, in any form (electronic, paper, or oral). PHI includes 18 specific identifiers such as names, dates, phone numbers, email addresses, Social Security numbers, and medical record numbers when connected to health data.
Pre-Fill: The ability to automatically populate form fields with known patient data from URL parameters, previous visits, or patient records. Pre-filling reduces redundant data entry, returning patients don't have to re-enter their name, address, and insurance information every visit.
QR Code (for Forms): A scannable code that links directly to a digital intake form. Healthcare practices place QR codes in waiting rooms, on appointment reminder cards, or on their website so patients can instantly open the intake form on their smartphone, no typing a URL required.
Rate Limiting: A security mechanism that restricts the number of form submissions or API requests from a single source within a time period. Prevents spam submissions, brute-force attacks, and abuse of public-facing intake forms.
Role-Based Access Control (RBAC): A security model where access to data and features is determined by the user's assigned role (admin, provider, staff) within an organization. Admins can manage all settings, providers see patient data for their patients, and staff have limited access. RBAC enforces the HIPAA Minimum Necessary Standard.
Submission: A completed form response submitted by a patient. Each submission contains the form data, metadata (device type, browser, completion duration, IP address), timestamps, and links to the associated patient and appointment records. Submissions are stored encrypted and accessible only to authorized staff.
Webhook: An automated HTTP callback triggered by an event, typically a form submission. When a patient completes an intake form, a webhook can instantly notify your EHR, scheduling system, or any external application with the submission data. This enables real-time data flow without manual intervention or polling.
White-Label: The ability to remove Formisoft branding and replace it with your practice's own logo, colors, fonts, and domain. White-labeling creates a seamless patient experience where intake forms look and feel like an extension of your practice rather than a third-party tool.

Ready to put these terms into practice?

Build your first HIPAA-ready intake form in under 5 minutes.

Start free trial Browse templates

Missing a term? Let us know and we’ll add it.