Title: codemonkeys's Replies | WordPress.org --- # codemonkeys [ ](https://wordpress.org/support/users/codemonkeys/) * [Profile](https://wordpress.org/support/users/codemonkeys/) * [Topics Started](https://wordpress.org/support/users/codemonkeys/topics/) * [Replies Created](https://wordpress.org/support/users/codemonkeys/replies/) * [Reviews Written](https://wordpress.org/support/users/codemonkeys/reviews/) * [Topics Replied To](https://wordpress.org/support/users/codemonkeys/replied-to/) * [Engagements](https://wordpress.org/support/users/codemonkeys/engagements/) * [Favorites](https://wordpress.org/support/users/codemonkeys/favorites/) Search replies: ## Forum Replies Created Viewing 15 replies - 1 through 15 (of 32 total) 1 [2](https://wordpress.org/support/users/codemonkeys/replies/page/2/?output_format=md) [3](https://wordpress.org/support/users/codemonkeys/replies/page/3/?output_format=md) [→](https://wordpress.org/support/users/codemonkeys/replies/page/2/?output_format=md) * Forum: [Reviews](https://wordpress.org/support/forum/reviews/) In reply to: [[HIPAA FORMS - Add HIPAA Compliant Webforms to Your Wordpress Website] Email Notifications and Backend Filtering Fall Short](https://wordpress.org/support/topic/email-notifications-and-backend-filtering-fall-short/) * Plugin Author [codemonkeys](https://wordpress.org/support/users/codemonkeys/) * (@codemonkeys) * [4 months ago](https://wordpress.org/support/topic/email-notifications-and-backend-filtering-fall-short/#post-18808968) * You’re not wrong. * I’m the CEO, and I wrote the majority of the original code for this plugin. Email notifications and configuration have always been one of the most challenging parts of the system, and for reasons that unfortunately aren’t obvious from the UI/UX. * This plugin cannot use Gravity Forms’ native notification system because we have to strictly limit what data can ever leave the site due to HIPAA. That meant building a separate notification layer that has to work across standard WordPress mail, SMTP plugins, and third-party providers like SendGrid — all while supporting a wide range of hosting environments. That tradeoff has real UX costs, and you’re feeling them. * More importantly, the plugin has grown far beyond what it was originally designed to be. When it launched in early 2018, it was built to solve a very narrow problem: accepting encrypted, HIPAA-compliant form submissions directly on a WordPress site under the provider’s own domain. Over time, many users understandably tried to push it into multi-location, multi-practitioner workflows and notification routing — essentially turning a forms product into a lightweight patient management system. That’s a square-peg-round-hole problem, and we’ve pushed the limits of what this architecture can reasonably do. * You’re also right that the documentation and configuration experience reflect those constraints. This isn’t a simple forms plugin like Gravity — it’s handling ePHI, encryption, and compliance across a fragmented WordPress ecosystem WHILE trying to use Gravity as the form builder, and that complexity leaks through. * The important thing to know is that we haven’t ignored this. The limitations you’re running into are exactly why we’ve spent the last several years building a **new system from the ground up** — a full patient portal with appointments, real-time messaging, and care coordination that removes these constraints entirely. * What most users are ultimately asking for isn’t better filtering rules inside a WordPress forms plugin — it’s an affordable, practical alternative to something like Epic’s MyChart. That’s the problem we’re solving now. * I genuinely appreciate the feedback. It’s fair, and it reflects the real limits of the current plugin. If you’re open to it, I’m happy to invite you to a private beta we’re about to release in the next couple of weeks and get your feedback. You’re exactly who we’ve spent the last several years building for and your input would be awesome. * If you’re open to testing this new beta version shoot me an email at spencer at codemonkeysllc dot com. There’s a lot more in the works I can’t mention, especially for web design and digital marketing agencies. 7 years worth of work waiting for tech stacks to catch up and we need beta testers. - This reply was modified 4 months ago by [codemonkeys](https://wordpress.org/support/users/codemonkeys/). * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[HIPAA FORMS - Add HIPAA Compliant Webforms to Your Wordpress Website] Ninja Forms integration](https://wordpress.org/support/topic/ninja-forms-integration-2/) * Plugin Author [codemonkeys](https://wordpress.org/support/users/codemonkeys/) * (@codemonkeys) * [1 year, 3 months ago](https://wordpress.org/support/topic/ninja-forms-integration-2/#post-18325874) * Currently Gravity Forms is the only form builder we’re integrated with since Caldera became deprecated. * However, we’ll be releasing our own built-in form builder very soon. We have a functional prototype built now and are hoping to release a beta version you can try in the plugin by April. * The new form builder will be using our new API and standardized FHIR data storage. This is going to open up a lot more functionality and integration ability with EHR systems. * While we intend to keep the HIPAA Forms plugin as is and focused solely on forms handling, the new API and standardized data storage will be the backbone of a new product we’ll be releasing later this year. This will not only allow HIPAA compliant form handling but also give the ability to run a full patient portal and management system on your WordPress site along with an appointment system, real-time communication with patients and internally with practitioners/staff and hopefully by the end of the year a video “E-Visit” capability. * Forum: [Reviews](https://wordpress.org/support/forum/reviews/) In reply to: [[HIPAA FORMS - Add HIPAA Compliant Webforms to Your Wordpress Website] Requires a separate plugin (that doesn’t exist) to function…..](https://wordpress.org/support/topic/requires-a-separate-plugin-that-doesnt-exist-to-function/) * Plugin Author [codemonkeys](https://wordpress.org/support/users/codemonkeys/) * (@codemonkeys) * [1 year, 6 months ago](https://wordpress.org/support/topic/requires-a-separate-plugin-that-doesnt-exist-to-function/#post-18136901) * I understand your frustration with Gravity Forms not being free and the only option since Caldera went out. * We’re currently developing a new HIPAA compliant forms and patient portal/mangement system that will have a form builder built into it. We’re shooting for an early spring release. * Unfortunately integrating the current plugin with another third party form builder is a time consuming heavy lift. When Caldera walked away 2 years ago we had to make a decison on if we would put the time into this or focus our development time on the new product we’re building. Since we do still have Gravity integration we opted to focus our effort on the new system as it will be much more capable, cleaner, easier to work with and able to use FHIR standardized data fields along with MANY more features than just accepting forms. * I know this doesn’t solve your need today but trust me when I say what we have coming soon is light years beyond our current plugin and anything else out there today. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[HIPAA FORMS - Add HIPAA Compliant Webforms to Your Wordpress Website] Ajax Error when submitting gravity form](https://wordpress.org/support/topic/ajax-error-when-submitting-gravity-form/) * Plugin Author [codemonkeys](https://wordpress.org/support/users/codemonkeys/) * (@codemonkeys) * [3 years, 2 months ago](https://wordpress.org/support/topic/ajax-error-when-submitting-gravity-form/#post-16607965) * I apologize for the delay in responding. In the future, please create a ticket here: [https://codemonkeysllchelp.freshdesk.com/support/tickets/new](https://codemonkeysllchelp.freshdesk.com/support/tickets/new) * Here is some help with this question: * [https://codemonkeysllchelp.freshdesk.com/support/solutions/articles/48001227766-ajax-error-form-not-found](https://codemonkeysllchelp.freshdesk.com/support/solutions/articles/48001227766-ajax-error-form-not-found) * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[HIPAA FORMS - Add HIPAA Compliant Webforms to Your Wordpress Website] Not Recieved mail](https://wordpress.org/support/topic/not-recieved-mail/) * Plugin Author [codemonkeys](https://wordpress.org/support/users/codemonkeys/) * (@codemonkeys) * [3 years, 2 months ago](https://wordpress.org/support/topic/not-recieved-mail/#post-16607958) * I apologize for the delay in responding. In the future, please create a ticket here: [https://codemonkeysllchelp.freshdesk.com/support/tickets/new](https://codemonkeysllchelp.freshdesk.com/support/tickets/new) * Typically there are 2 issues with notification emails. The first is that they are not working at all. SMTP plugin should resolve. * For plugin-specific issue, typically it is with the setup. Most likely the from email. Some sites will not all generic emails to be sent (gmail, for example). Others will have constraints for [@domain](https://wordpress.org/support/users/domain/). com to avoid spoofing. * Here is the the setup information. Please create a ticket if you still need assistance. * [https://codemonkeysllchelp.freshdesk.com/support/solutions/articles/48000946433-e-mail-notification-options](https://codemonkeysllchelp.freshdesk.com/support/solutions/articles/48000946433-e-mail-notification-options) * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[HIPAA FORMS - Add HIPAA Compliant Webforms to Your Wordpress Website] Nonce Error – Gravity Forms](https://wordpress.org/support/topic/nonce-error-gravity-forms/) * Plugin Author [codemonkeys](https://wordpress.org/support/users/codemonkeys/) * (@codemonkeys) * [3 years, 8 months ago](https://wordpress.org/support/topic/nonce-error-gravity-forms/#post-16010298) * Leslie, * Here is the nonce: cm-hipaa-forms-nonce. * The best way to contact us through our [https://codemonkeysllchelp.freshdesk.com/support/home](https://codemonkeysllchelp.freshdesk.com/support/home) [HIPAA Forms Support Site](https://codemonkeysllchelp.freshdesk.com/support/home) * Code Monkeys, LLC * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Wordfence, Gravity Forms & HIPAA Forms Plugin](https://wordpress.org/support/topic/wordfence-gravity-forms-hipaa-forms-plugin/) * [codemonkeys](https://wordpress.org/support/users/codemonkeys/) * (@codemonkeys) * [4 years, 8 months ago](https://wordpress.org/support/topic/wordfence-gravity-forms-hipaa-forms-plugin/#post-14936246) * Pete, It says this was resolved, but there is no resolution. We are getting the exact same error message. Although we are able to click on pop-ups to white list (many of them), I would like to resolved once for all (we see it everything time a plugin is upgraded). * Thanks * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[HIPAA FORMS - Add HIPAA Compliant Webforms to Your Wordpress Website] Caldera Forms Sunset](https://wordpress.org/support/topic/caldera-forms-sunset/) * Plugin Author [codemonkeys](https://wordpress.org/support/users/codemonkeys/) * (@codemonkeys) * [4 years, 9 months ago](https://wordpress.org/support/topic/caldera-forms-sunset/#post-14804437) * Cody, * With the sunset of Caldera, we will only support Gravity Forms in the future. We have no plans to integrate with any other form builder. Although Gravity is not free, 1 domain is $59 per year. Most of our clients had moved off Caldera to Gravity before the sunset announcement. * Regards, Ed * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[HIPAA FORMS - Add HIPAA Compliant Webforms to Your Wordpress Website] Security Plugin To Work with HIPAA forms?](https://wordpress.org/support/topic/security-plugin-to-work-with-hipaa-forms/) * Plugin Author [codemonkeys](https://wordpress.org/support/users/codemonkeys/) * (@codemonkeys) * [4 years, 11 months ago](https://wordpress.org/support/topic/security-plugin-to-work-with-hipaa-forms/#post-14568473) * Hi Mike, * Have you created a ticket regarding this issue? Please do that at [https://codemonkeysllchelp.freshdesk.com/support/tickets/new](https://codemonkeysllchelp.freshdesk.com/support/tickets/new) * We have some WordFence information and I know that there many HIPAA Forms clients using WordFence. * Regards, Ed * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[HIPAA FORMS - Add HIPAA Compliant Webforms to Your Wordpress Website] Conditional Logic not Working](https://wordpress.org/support/topic/conditional-logic-not-working-15/) * Plugin Author [codemonkeys](https://wordpress.org/support/users/codemonkeys/) * (@codemonkeys) * [5 years ago](https://wordpress.org/support/topic/conditional-logic-not-working-15/#post-14533967) * Hello, * Let’s please do 2 things. First, please create a ticket in our Support System( [https://codemonkeysllchelp.freshdesk.com/support/tickets/new](https://codemonkeysllchelp.freshdesk.com/support/tickets/new)) And in that ticket, please attach a Gravity export of the form in question. It will make it much easier to test/resolve. Also, confirm the version of Gravity you are using (have you moved to V2.5+ yet?) * Thanks Ed * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[HIPAA FORMS - Add HIPAA Compliant Webforms to Your Wordpress Website] Plugin stopped working](https://wordpress.org/support/topic/plugin-stopped-working-203/) * Plugin Author [codemonkeys](https://wordpress.org/support/users/codemonkeys/) * (@codemonkeys) * [5 years, 2 months ago](https://wordpress.org/support/topic/plugin-stopped-working-203/#post-14290587) * If you have not yet submitted a ticket, please do so here: [https://codemonkeysllchelp.freshdesk.com/support/tickets/new](https://codemonkeysllchelp.freshdesk.com/support/tickets/new) * Thanks * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[HIPAA FORMS - Add HIPAA Compliant Webforms to Your Wordpress Website] Conflicting with Square Checkout](https://wordpress.org/support/topic/conflicting-with-square-checkout/) * Plugin Author [codemonkeys](https://wordpress.org/support/users/codemonkeys/) * (@codemonkeys) * [5 years, 2 months ago](https://wordpress.org/support/topic/conflicting-with-square-checkout/#post-14290580) * Rebecca, * Because I was answering your questions in our Ticketing system, I did not answer here. * Regards, Ed * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Contact Form 7] Contact Form 7 – HIPAA](https://wordpress.org/support/topic/contact-form-7-hipaa/) * [codemonkeys](https://wordpress.org/support/users/codemonkeys/) * (@codemonkeys) * [5 years, 2 months ago](https://wordpress.org/support/topic/contact-form-7-hipaa/#post-14220449) * I strongly doubt Contact Form 7 will sign a BAA but even if they do my bigger concern is how you will actually use those forms in a secure HIPAA compliant way? * I’m one of the developers for the HIPAA Forms plugin for WordPress which as far as I know is the only real HIPAA compliant form solution for WordPress forms. * Remember that passing form information over regular email is not secure and always an immediate violation. This violates the “in transit” aspect of HIPAA. * If you aren’t passing the data via email but are saving that data to your hosting server you have to have a BAA with your hosting company and your server/database has to be secure meaning the database needs to be encrypted and if you allow files to be uploaded the hard drive has to be encrypted. This is the “data at rest” aspect of HIPAA. * There’s other aspects to consider as well but these are the main 3 things to cover, unbroken chain of BAA agreements for all involved, securing data in transit and securing data at rest. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Easy Registration Forms] HIPAA compliance](https://wordpress.org/support/topic/hipaa-compliance/) * [codemonkeys](https://wordpress.org/support/users/codemonkeys/) * (@codemonkeys) * [5 years, 10 months ago](https://wordpress.org/support/topic/hipaa-compliance/#post-13187648) * Yes. You create form in either Gravity or Caldera. When user submits, we encrypt and send via SSL to encrypted DB. ALL PHI is encrypted. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[HIPAA FORMS - Add HIPAA Compliant Webforms to Your Wordpress Website] Plugin Giving Gateway Timeout Errors](https://wordpress.org/support/topic/plugin-giving-gateway-timeout-errors/) * Plugin Author [codemonkeys](https://wordpress.org/support/users/codemonkeys/) * (@codemonkeys) * [6 years, 3 months ago](https://wordpress.org/support/topic/plugin-giving-gateway-timeout-errors/#post-12529493) * Yes this was resolved within a couple of hours. * The way we’re able to make these HIPAA compliant is that the form data is not stored on your server or sent via email. * Instead, our plugin over-rides the default form submission functionality, encrypts the form data, pushes the encrypted data over SSL/TLS through our API and then stores that data on our HIPAA compliant encrypted database. * In order to access the submitted forms you have to login to the WP admin dashboard with an account with the appropriate permissions/user role and go to the HIPAA Forms interface. * From there the forms are pulled back down through our API, decrypted and then displayed. * Our API-based system allows us to ensure the data remain secured both in transit and at rest and that no PHI is ever stored on your hosting server or passed through insecure email. * We also incorporate a thorough logging system into our solution. Any time a user accesses the HIPAA Forms interface it’s logged and timestamped. We also log individual form interactions such as when a submitted form is viewed, archived, deleted or exported. * Finally, in order for our solution to be activated a BAA must be in place. * Hopefully that helps answer some of your questions as to how we’re able to keep the form submissions secure and compliant. Viewing 15 replies - 1 through 15 (of 32 total) 1 [2](https://wordpress.org/support/users/codemonkeys/replies/page/2/?output_format=md) [3](https://wordpress.org/support/users/codemonkeys/replies/page/3/?output_format=md) [→](https://wordpress.org/support/users/codemonkeys/replies/page/2/?output_format=md)