Capture · HIPAA forms

HIPAA forms that leak nothing

A multi-tenant, encrypted contact-form system for healthcare websites — no PHI on the web server, no plugin database waiting to be breached. The forms most sites get wrong, done right.

Definition

What is Halo?

Halo is a multi-tenant, HIPAA compliant contact form system built for healthcare websites. It handles patient inquiries, admissions requests, and general contact submissions with encrypted data handling and location-based routing. No protected health information is stored on the web server. Halo is designed as a lightweight, zero-dependency form infrastructure that replaces the plugin-based form builders (Gravity Forms, WPForms, Contact Form 7) that most healthcare WordPress sites rely on. It is included as a standard component in all MAANTIS website builds and is available as a standalone integration for existing sites.

The problem

Your form plugin stores patient inquiries in the WordPress database. That's a compliance liability sitting on your web server.

WordPress form plugins aren't HIPAA compliant by default — and when one updates and quietly breaks, the inquiries don't bounce. They just disappear, and you never know they came.

How it works

Submitted, encrypted, routed, gone from your server

  1. 01

    Patient submits an inquiry

    A visitor fills out a contact, admissions, or general inquiry form on the website.

  2. 02

    Encrypted in transit and at rest

    The submission is encrypted the moment it leaves the browser and stays encrypted at rest.

  3. 03

    Routed by location

    Sent to the right location-specific admissions inbox based on the form's context.

  4. 04

    Nothing stored on the web server

    No PHI lands in your web server or CMS database — there is no plugin database to breach.

  5. 05

    Logged into Klutch

    When connected, the submission lands in Klutch CRM with source attribution intact.

  6. 06

    Patient acknowledged

    An automated acknowledgment goes back to the patient, so no inquiry feels ignored.

Security architecture

No database on the web server. Encryption in transit and at rest. A submission endpoint on separate, redundant infrastructure.

Because the backend runs independently of your site, downtime can't lose a submission, and a plugin update can't break the pipeline. One Halo instance serves multiple locations, each with its own routing rules — multi-tenant by design. A BAA is available for every client.

Prefer a conversation over a form? Meet Cadence →
Compliance
HIPAA by design
encrypted in transit and at rest · BAA available
Storage
No PHI on server
nothing in your CMS database or client-side storage
Resilience
Independent backend
redundant endpoint that survives website downtime
Tenancy
Multi-location
one instance, independent routing per location
0
PHI stored on your web server
100%
Encrypted, in transit and at rest
Multi
Tenant, location-aware routing
BAA
Available for every client
Who it's for

Any healthcare site collecting inquiries

Treatment centers and behavioral health providers on WordPress or anything else — included in every MAANTIS build, and available standalone for existing sites that need to retire a risky form plugin.

FAQ

Form & compliance questions

Is Halo HIPAA compliant?

Yes. Halo is built from the ground up as a HIPAA compliant form infrastructure. Form submissions are encrypted in transit and at rest. No protected health information is stored on the web server or in any client-side database. A Business Associate Agreement is available for all clients.

Does Halo store patient data on my website?

No. Halo transmits form submissions through encrypted API connections to the secure backend. No patient data, insurance information, or PHI is stored on your web server, in your CMS database, or in client-side storage.

Can Halo route submissions to different locations?

Yes. Halo supports multi-tenant configuration where form submissions are routed to location-specific admissions inboxes based on form context, URL parameters, or user selection. Each location can have independent routing rules and notification settings.

Does Halo work with non-MAANTIS websites?

Yes. Halo is available as a standalone integration for existing websites, including WordPress sites. The integration replaces your current form plugin with a HIPAA compliant submission pipeline. Setup includes form markup, API configuration, and routing rules.

What happens if my website goes down? Are form submissions lost?

No. Halo's backend infrastructure operates independently of your website. If your website experiences downtime, previously submitted form data remains secure in the Halo backend. The form submission endpoint itself is hosted on separate infrastructure with redundancy.

Does Halo replace Gravity Forms or WPForms?

Yes. Halo replaces WordPress form plugins with a purpose-built HIPAA compliant submission pipeline. Unlike Gravity Forms or WPForms, Halo does not store submissions in the WordPress database, does not depend on WordPress plugin updates, and provides encrypted data handling that meets HIPAA requirements.

Get started

Retire the risky form plugin.

Swap a compliance liability for a HIPAA-grade submission pipeline — included in MAANTIS builds, or dropped into the site you already run.

Call 833-MAANTIS