Wix Forms

Use Case: Contact forms, appointment requests, newsletter sign-ups, and other data collection on Wix-based websites

Why it matters:

Wix Forms is a built-in tool that allows Wix website owners to create and embed forms for collecting visitor information. These forms are often used to gather names, email addresses, phone numbers, appointment requests, and open-ended inquiries.

While Wix offers SSL encryption, it does not offer a HIPAA-compliant version of its platform or a Business Associate Agreement (BAA) which is required if your forms collect Protected Health Information (PHI). Even something as simple as an email address submitted through a healthcare-related form could qualify as PHI when tied to a person’s intent to receive care.

By default, Wix Forms stores submissions in your Wix account dashboard and may send them via email neither of which are secured to HIPAA standards.

What HHS says:

The HHS guidance makes clear that data collected through forms on health-related websites including names, email addresses, and appointment interest may be considered PHI under HIPAA, even on public pages.

HIPAA requires covered entities and business associates to protect PHI with proper safeguards and to use only vendors who sign a Business Associate Agreement. Wix does not currently meet those criteria.

Recommendation:

If your Wix site uses Wix Forms to collect contact information, appointment requests, or other care-related messages, we recommend replacing them with a HIPAA-compliant form solution that includes:

• Signed Business Associate Agreement (BAA)

• End-to-end encryption (in transit and at rest)

• Secure storage or PHI avoidance practices

• Access controls and audit logs

Some HIPAA-regulated providers choose to embed third-party compliant forms into their Wix site as a workaround.