HIPAA FORMS – Add HIPAA Compliant Webforms to Your WordPress Website

V3.2.0
– Removed debugging code from php to prevent nonce security issues.

V3.1.9
– Patched potential nonce security issue

V3.1.8
– Fixed type-o on “tested up to” WordPress version

V3.1.7
– Added explanation to custom form notification info box how to add multiple recipients with commas.

V3.1.6
– Fixed issue loading Chinese characters in required fields

V3.1.5
– Added better error reporting for form submissions to ensure email notifications cant be sent if record isn’t saved

V3.1.4
– Fixed issue with list fields undefined fieldId causing required check to fail and allow submission if empty
– Added handling for required list fields to highlight correct list item.

V3.1.3
– Fixed issue with name concatenation showing html entities in submitted forms view

V3.1.2
– Added back conditional front-end enqueue with a plugin setting option to enable/disable in case it causes issues on some sites

V3.1.1
– Rolled back front-end enqueue change as check not working on all sites

V3.1.0
– Improved multi-page form success handler to prevent re-submitting an empty form & resetting to page 1
– Added code to only load css/js if a HIPAA enabled Gravity form is loaded on page. If using deprecated caldera it will still load on every page

V3.0.9
– Improved compatibility with Gravity Orbital theme

V3.0.8
– Added timestamp back to frontend script file name
– Add “no status” option to custom status filter

V3.0.7
– Fixed type-o

V3.0.6
– Added electronic signature & timestamp notice

V3.0.5
– Replaced static path to WP_CONTENT_URL in enqueue file
– Removed time from frontend script path

V3.0.4
– Fixed form print not bringing up print preview

V3.0.3
– Added check to ensure custom status object has value before stripping slashes
– Ensured next/previous buttons in Gravity multi-page forms do not try to fire custom HIPAA events if not enabled as a HIPAA-compliant form

V3.0.2
– Added option to bulk export to select export options including notes & history
– The next release will include “notes only” & “history only”
– The next release will include this new export format in the “per-form” export as well

V3.0.1
– Added check to ensure enabled forms are a countable array prior to checking count on it in class file to prevent potential php error

V3.0.0
– Tested against newer WP version

V2.9.9
– Added slashes to API to make admin form filter work
– Added numbers to console errors
– Wrapped JSON parse in try catch
– Truncated location, first and last name

V2.9.8
– Added fix to rebuild missing export data during export

V2.9.7
– Fixed empty export

V2.9.6
– XSS fix
– Made assign user box bigger

v2.9.5
– fixed list-container column layout for PDFs

v2.9.4
– Added label to privacy checkbox
– Added role and tab index to submit button
– Removed form action
– Updated email Regex
– Added keyup trigger to submit forms
– Added screen reader css
– Updated submit button re-activation
– Updated max input vars error handling

V2.9.3
– Updated WP version tested

V2.9.2
– Added custom status filter

v2.9.1
– Broken file upload update

v2.9.0
– Fixed broken file upload

v2.8.9
– Added security to class functions
– Reworked nonce

v2.8.8
– Reworked localization of ajax_url
– Added Fix to form submit for WP API
– Added Fix to admin area for WP API

v2.8.7
– Fixed issue with AJAX function to continue legacy support for old PHP 5.6

v2.8.6
– Updated jSignature for Windows 10 touch

v2.8.5
– Fixed email validation on blank email field and added into next button

V2.8.4
– Reverted AJAX functions to continue legacy support for old PHP 5.6 as WordPress is still supporting this version
(NULL COALESCING OPERATORS are not supported in PHP 5.6)
– Replaced data output on form submission if AJAX call fails with message saying AJAX failed to prevent reload loop in obscure edge cases

v2.8.3
– Moved curl_url to a const
– Removed experimental leftover code
– Added Email pattern validation on form submit
– Updated AJAX functions with NULL COALESCING OPERATORS to shorten code

v2.8.2
– Fixed date field issues
– added class “hippa_forms_header” for print and pdf page headers

v2.8.1
– removed emails from cm-hipaa-script-js-extra (caldera)
– Added fallback check to ensure http/https stripped from domain before sending to api.

v2.8.0
– Added JSON error handling
– Removed emails from cm-hipaa-js-extra
– Removed slashes from office locations

v2.7.9
– Fixed date and time fields with no value

v2.7.8
– Added support for legacy date fields
– Hide gform_footer
– Added form submitted name and form name to print header (web view only)

v2.7.7
– Wrapped admin enqueue styles in if statement
– Fixed hidden lists getting caught by validation
– Fixed scroll top javascript error
– code clean up

v2.7.6
– Added indices on multifile uploads

v2.7.5
– Fixed label text length breaking file upload
– Added ability to change the text on the submit button
– Removed tags from AWS file upload
– Fixed Time field layout and minor bug fix
– Website field now shows as clickable url link in webview
– Fixed consent field layout issues
– Fixed issues with List and MultiSelect when required
– Fixed exported forms fileuploads not showing

v2.7.4
– Matched Gravity 2.5+ max file upload size naming convention

v2.7.3
– Fixed Gravity 2.5+ required not being recognized on file upload
– Fixed layout issues for Gravity advanced list in web view, print and PDF

V2.7.2
– Fixed Gravity 2.5+ required being applied to nonrequired fields on multipage next
– Fixed Gravity 2.5+ validation not scrolling to empty field or highlighting on next page click

V2.7.1
– Added integration with Gravity form builder file extensions settings for file upload fields
– Added some minor fixes to Caldera file upload (Caldera support will soon be deprecated)
– Added extra protection from potential bot submissions

V2.7.0
– Fixed older Gravity forms print layout issue

V2.6.9
– Fixed Caldera Print Layout
– Added option to disable email notifications per form

V2.6.8
– Removed font size in print css for h1/h2

V2.6.7
– Fixed Caldera validation undefined obj issue
– Appending to gform_wrapper & gravity-theme classes to gform-body element of submitted forms built on gravity 2.5+ as new gravity layout css relies on them
– Added Gravity 2.5+ grid layout support for print view and encrypted PDF’s. Note that encrypted PDF’s are unable to use actual css grid and relies on floats to replicate so it may not be 100%

V2.6.6 5/19/2021
– Fixed bug on getting the 4 required hipaa fields (name/phone/email/location) on 2.5+ due to not finding class on element as 2.5+ no longer uses li and some advanced fields don’t use a fieldset element
– Changed sanitize_email to a different method when searching forms by email (was no longer working)

V2.6.5 5/13/2021
RERELEASE OF 2.6.4

V2.6.4 5/13/2021
BUG FIX
Fixed Gravity Forms advanced field required issue

V2.6.3 5/10/2021
BUG FIX
– Legacy Gravity advanced address fields weren’t getting replaced due to having hidden class
– Added fix to multi-page gravity forms to ignore 2nd address line, name prefix & name suffix when hitting next if required

V2.6.2 5/06/2021
MAJOR UPDATE FOR GRAVITY 2.5+
– Added support for new Gravity Forms 2.5+ markup

V2.6.1 4/15/2021
– Added fix for undefined variable for hide form options
– Removed experimental from bulk export button
– Empty fields are now stored in the raw field values to add consistency to export structures
– Fixed empty advanced fields adding the html into the raw export data.

V2.6.0
Added old IE fix for Gravity Forms. Don’t expect any more IE fixes

V2.5.9
Rerun release

V2.5.8
BUG FIX
– Removed unneeded variables leftover from last version

V2.5.7
MAJOR UPDATE
– Removed hidden page progression input value from submitted Gravity forms that suddenly started appearing
– Added stripslashes to location values on submitted forms list view
– Fixed dashboard grid row/column classes for pagination buttons
– Passing plugin version to API
– Moved getting files from get form list method to the get form method to prevent needless overhead on api call
– Changed how some data is passed to API
– Improved sanitization on form submission
– Added more info and examples to settings tab -> custom CSS settings sub-tab for styling submitted forms
– Added fix to export to strip line breaks from fields which were breaking the csv format

V2.5.6
– Changed how custom select filter in Gravity advanced list fields get values

V2.5.5
– Added better file name sanitizing to ensure commas in name do not break file url
– Added support for custom select filter on Gravity advanced list field

V2.5.4
Added fix to deactivate Caldera submit button while submitting (prevent multiple clicks on submit)

V2.5.3
Updated all jQuery AJAX calls to use type: post in addition to method: post to ensure calls are using post and not get even though jQuery docs say to use method.

V2.5.2
Fixed jQuery issue getting privacy copy value

V2.5.1
1. Tested plugin jQuery with “Test jQuery Updates” plugin with no issues under any configuration
2. Fixed gravity multiselect field bug

V2.5.0
Added export support for Gravity advanced list fields

V2.4.9
1. Addon variable wasn’t defined prior to setting and added check to ensure addon value was string and not null
2. Now passing user’s timezone to the api when filtering forms between date ranges to offset the timezone

V2.4.8
1. Added option to hide form after submit when using the “display message on submit success” for both Caldera and Gravity
2. Removed “experimental” notes for bulk export and callback function options
3. Removed form name from default email notice & added note that it could be considered PHI in some cases
4. Add email notification magic tag info to form specific custom notification
5. Added IP address to access logs and form history logs in order to start pulling once API updates with new changes
6. Replaced instructions and FAQ’s with Freshdesk

V2.4.7
1. Fixed html encoding & escaped slashes bug showing in notification emails
2. Fixed API to load form names in filter select if all forms are archived
3. Fixed error showing if no license is saved

V2.4.6
Tested for WordPress version 5.4.1

V2.4.5
IMPROVEMENTS & BUG FIXES
1. Added checkbox/radio checked/unchecked class to parent wrappers to make customizing css easier
2. cm_hipaa_forms_field_empty/not_empty class now added to each field wrapper to make customizing css easier
3. Fixed Caldera location field bug causing location not to get passed in last few versions
4. Reworked how Gravity advanced fields are handled to improve layout and data export
5. Added option to submit message success handler to hide form after submitted (in progress, enabled next release)

V2.4.4
BUG FIX
1. Changed how we validate “I agree” checkbox on BAA submit
2. Fixed bug with setting forms to “only specific users” on gravity forms not prepending gform_ to the ID causing it to show to all users
3. Tested on WP V5.4

V2.4.3
BUG FIX
Updated Caldera specific code that was causing an error on form submit under strict error reporting

V2.4.2
1. Fixed bug with date range option breaking pagination
2. Fixed bug with date range “to date” being 1 day off

V2.4.1
1. Set max “per-page” to 500
2. Improved single page and bulk export to CSV

V2.4.0
1. Added date-range option to submitted forms filter
2. Reworked how bulk export pulls data

V2.3.9
1. Added experimental bulk export to csv option
2. Disabled nonce check on front-end as not needed and causes too many cache issues

V2.3.8
1. Fixed type-o bug in Gravity Forms validation
2. Updated pagination for updated encryption methods

V2.3.7
* This version did not update version control correctly

V2.3.6
Fixed bug with new identifier encryption if no name value passed on form

V2.3.5
1. Can now assign all submitted forms to specific users (ability to filter by assigned will be in next release)
2. Updated identifier value encryption in transit
3. Updated license key encryption in transit

V2.3.4
1. Moved some things out of enqueue
2. Add additional checks for Gravity default button submit to prevent potential bot submissions

V2.3.3
1. Fixed null value on add-ons
2. Added submit button prevent default just in case somehow a submit button is added through console

V2.3.2
MAJOR BUG FIX!
Previous version had a bug blocking forms from submitting, please update now!

V2.3.1
THIS IS A BAD VERSION WITH A KNOWN BUG

V2.3.0
PERFORMANCE IMPROVEMENTS
1. Reduced number of calls made to API from plugin
2. Improved error handling on API calls

V2.2.9
BUG FIXES
1. Fixed undefined on form submit with file upload
2. Added info icons to gravity forms settings
3. Ignore popup maker in gravity forms that caused raw html to pass to submitted forms

V2.2.8
MINOR UPDATE
1. Added fix for Caldera hidden fields losing data attributes such as class and id

V2.2.7
MINOR UPDATE
1. Replaced beta ticket system with Fresh Desk ticket form
2. Added info icon to office location select explaining why some locations may not appear as an option
3. Changed how we set admin or hipaa user role from 2 separate if statements to a combined if/else statement to always set admin first.

V2.2.6
MINOR UPDATE
1. Added fix for those using commas in their location values
2. Add total records found value to bottom of submitted forms list

V2.2.5
NEW OPTION
1. Added the ability to disable email notifications

V2.2.4
BUG FIXES
1. Fixed UI issues with re-assigning users on specific forms.
2. Fixed bug with file uploader in Safari browser not passing required field validation.

V2.2.3
MINOR UPDATE
1. Removed unused BCC option from notification email headers which caused notification emails to break in rare situations
2. Update FAQ’s
3. Added check if required fields removed from selected forms and if so automatically deactivate form
4. Added additional time zone options

V2.2.2
1. Tweaked support tickets

V2.2.1
BUG FIX & ADDED FEATURE
1. Added fix to domain check on some edge case scenarios
2. Tweaked email error handling to prevent breaking preventing redirect or callback function from firing
3. Added check on name fields to ensure value is set before passing into identifiers as some edge cases have multiple conditional identifier fields hidden.
4. Added custom status option

V2.2.0
Missing files in last commit

V2.1.9
BUG FIX
Previous version did not add new js file to repository

V2.1.8
ADDED FEATURE
1. Added print/save to PDF button to web view version of form
2. Added function to log print event to form history

V2.1.7
MAJOR RELEASE
1. Removed add list item icons from passing to submitted Gravity forms
2. Fixed API bug causing PDF generation to break if field value was not a string
3. Removed select options from multi-select Gravity fields on submitted forms
4. Changed archive icon & now allow hipaa user role to archive forms
5. Added destroy form option for admin users
6. Fixed Caldera bug causing drag ‘n draw signature to not initialize using multi-page breadcrumb step links
7. Stripped slashes from form names in PDF
8. Added Wordfence issue FAQ

V2.1.6
BUG FIX
1. Removed Gravity required field validation error from top of form on re-submit
2. Removed unwanted hidden footer inputs that displayed nonsense data at bottom of Gravity forms
3. Fixed slashes not being removed from submitted form names

V2.1.5
BUG FIX
Fixed Gravity Forms bug causing non-hipaa enabled forms to have submit button removed. This only happened if a form was set as HIPAA compliant but then later de-selected.

V2.1.4
EXPERIMENTAL CALDERA ADVANCED FILE UPLOAD 2.0 INTEGRATION
Added experimental support for Caldera advanced file upload 2.0 fields. This should be used with caution as it requires hooking onto the cf2-field-wrapper class and replacing the wrapper with our own upload inputs. Caldera appends to this wrapper class the same as us via Javascript and has the potential if Javascript delays of appending AFTER us. Using Caldera advanced file upload 2.0 fields is currently not recommended.

V2.1.3
BUG FIX
Fixed bug with Caldera Forms if file upload add-on is enabled but no file upload field exists in form getting stuck in file upload mode.

V2.1.2
BUG FIX
Submit button wasn’t resetting to active on required input error.

V2.1.1
MINOR UPDATE
1. Disabled submit button on submit to prevent double submissions
2. Added support for Gravity advanced name field

V2.1.0
BUG FIX
Fixed undefined add on property notice

V2.0.9
BUG FIXES/MULTI-FILE UPLOAD SUPPORT
1. Fixed bug in default email notification message showing default template instead of saved template
2. Fixed bug breaking file upload when set to required
3. Added multi-file upload support to Caldera
4. Added multi-file upload support to Gravity
5. Added file upload validation check to disable if not enabled on advanced file upload fields
6. Remove default multi-file upload to prevent possibility of uploading files to server before over-ride is complete

V2.0.8
BUG FIX
Fixed bug omitting non-select/check/radio field into raw fields data in export and identifiers in form list

V2.0.7
BUG FIX
Previous fix broke file upload capability check

V2.0.6
BUG FIX
Fixed foreach bugs in enqueue.php

v2.0.5
SECURITY FIX
Added new server-side method of removing submit button from Gravity forms set as HIPAA compliant since Javascript method has potential of failing to remove it.

V2.0.4
MAJOR UPDATE!
1. Removed deprecated fields only option and removed additional fields call to API to reduce call size and increase speed of loading forms
2. Improved file upload handling if no file selected
3. Added option to export forms, form notes & form history to CSV files
4. Reworked raw form field submission to strip all html and include additional options for export

V2.0.3
MAJOR UPDATE!
1. Form history improvements and bug fixes
2. Submitted forms list now displays unviewed forms as white and viewed forms as gray
3. File upload now available

V2.0.2
MAJOR UPDATE!
File upload capability added for subscriptions that enable this new feature

V2.0.1
1. DOCS UPDATE
2. Added cm-submitted-form-title class to submitted form title h2 tag in order to style it easier from CSS

V2.0
BUG FIXES
1. Fixed “select all” checkbox bug in Gravity Forms.
2. Added better way of checking if Gravity Forms Active while keeping original as fail safe.

V1.9.9
BUG FIXES
1. Fixed Gravity advanced multifield address field being ignored by validation if required.
2. Added previous version fix for required conditional hidden radio/checkbox fields to multipage/multistep forms.

V1.9.8
1. Put fix in for conditional hidden radio/checkbox fields in Gravity Forms
2. Started form specific history although will not be 100% until next release.

V1.9.7
1. Changed front-end nonce back to original method to prevent input from being added to head
2. Major change to how submitted forms are pulled from API to reduce amount of data being passed to solve some hosts to break on very long forms. Actual form doesn’t pull until toggled now.

V1.9.6
1. Fixed required conditional fields breaking validation if hidden
2. Added archived forms interface
3. Add notes to bottom of web & PDF versions of submitted forms

V1.9.5
BUG FIXES
1. Stripped slashes from custom email notification html
2. Removed Gravity Forms date picker icon and hidden icon path field on submitted forms

V1.9.4
BUG FIXES
1. Added fix for hipaa user role not able to view dashboard in some situations
2. Added fix for saving selected form settings
3. Added validation check to prevent saving malformed json when saving selected form settings

V1.9.3
BUG FIX
Fixed bug if new notes property doesn’t exist

V1.9.2
BUG FIX
Fixed undeclared variable bug if no “send to” option set in selected form settings.

V1.9.1
MAJOR RELEASE!
Added notes feature for standard subscribers

V1.9.0
MAJOR RELEASE!
1. Added more options to default notification email settings.
2. Added form-specific custom notification email option.
3. Changed internal notification email handling significantly, please test & report any issues asap!

V1.8.9.1
Minor fix for unset location variable causing email notice to break.

V1.8.9
Fixed stupid undefined property notice

V1.8.8
1. Added further support for the free basic API subscription option
2. Changed the plugin to revert to the free basic option if a paid subscription expires instead of deactivating the forms.
3. Changed nonce handling on front end to try and get around aggressive cache issues.

V1.8.7
Added support for free basic option

V1.8.5
1. Added support for Gravity Forms multi-step links
2. Fixed style bug in admin settings tabs
3. Started adding option to customize notification email subject

V1.8.4
1. Fixed Caldera validation on checkbox/radio groups

V1.8.3
1. Fixed unclosed tag in js causing Caldera validation to break on Safari.
2. Added 7 day grace period and alert message to admin submitted forms view on subscription expiration.

V1.8.2
1. Added fallback fix for jQuery not getting values from textarea fields in some cases.
2. Started adding the new interface for form history & notes.

V1.8.1
1. Tested for WordPress version 4.9.8
2. Updated docs/faq’s

V1.7.9
Bug fix for adding/changing form builder if only 1 option exists

V1.7.8
1. Updated settings
2. Completely changed how to manage the hipaa_forms user role capabilities
3. Added option to customize notification emails

V1.7.7
1. Increased z-index for privacy modal to ensure it sits over other fixed & absolute positioned elements
2. Removed needless WP admin settings menu item as all settings are updated from within the plugin itself
3. Fixed pagination bug

V1.7.6
1. Added option to filter forms by form name.
2. Updated initial view before adding a license key.
3. Test on Wordpres 4.9.7

V1.7.5
1. Fixed bug mistakenly setting a value of 1 for a selected user if not set causing users with hipaa_user role to not see forms.
2. Fixed validation error on optional location select field if set to required and no value is set for an option.
3. Added support for secondary staging domain to be used.
4. Fixed css issue with sending animation bar not showing when submitting a form.

V1.7.4
1. Fixed support ticket bug not showing replies.

V1.7.3
1. Fixed signature field validation error.
2. Added HIPAA privacy notice customization options.
3. Added info icons to settings.
4. Updated BAA to be more clear on who the covered entity & who the associate or subcontractor is.

V1.7.2
Fixed bug in iOS not getting textarea values using .val(), not using .attr(‘value’), frickin iOS.

V1.7.1
1. Improved form validation for both Gravity & Caldera relying on their built-in error classes as well as adding a “scroll-to first error” function.
2. Fixed a bug with checkbox/radio input validation on both Caldera & Gravity.
3. Added function to replace Gravity file upload input with message that it is not HIPAA compliant & has been removed.
4. Improved default mobile styling a little for appended items at bottom of form on mobile.
5. Added touchstart event listener for mobile to validate signature field.
6. Added some security to support ticket system.

V1.7.0
Bug fix for Gravity Forms if signature option has no value

V1.6.9
1. Fixed multiple signature initialization when clicking back and next again in Gravity Forms multipage
2. Add additional Gravity Forms validation messages on error
3. Fixed Gravity multipage progress bar not reflecting current step
4. Added scroll to top of form when clicking prev/next in Gravity multipage

V1.6.8
Something went wrong with the last SVN commit and some JS files weren’t included

V1.6.7
1. Add callback function option
2. Over-rode Gravity Forms multipage next/previous function to make HIPAA compliant & enabled multipage
3. Improved field validation for Gravity Forms
4. Add optional signature field validation
5. Removed HIPAA privacy modal from showing in submitted forms
6. Other minor improvements

V1.6.6
Minor update

V1.6.5
Minor fix for unset variable on plugin options
Changed privacy policy to load in modal instead of external link

V1.6.4
Minor fix for unset variable if Gravity not selected.
Updated expired nonce notice

V1.6.3
Fixed deprecated attr() checkbox check

V1.6.2
Fixed PDF delete on modal window close

V1.6.1
Fix to remove email notice headers if using SendGrid plugin

V1.6
Bug fix for Gravity forms allowing submissions with empty required fields

V1.5.9:
CRITICAL BUG FIX

V1.5.8:
Bug fix

V1.5.7:
Fixed minor loop warning for Gravity Forms

V1.5.6:
Basic design and code cleanup

V1.5.5:
MAJOR RELEASE!
This update includes an improved user interface and the following specific form settings:
1. Option to show/hide the signature field
2. Option to specify a success message or a redirect url after a form is submitted
3. Option to set who can see the submitted forms with the following options:
A. All users with admin/hipaa user role
B. Only specific users
C. Only a specific doctor/user selected within a form (ie. Patient selects a specific doctor in a form, only that doctor will see the submitted form). NOTE: Admins see all forms regardless of settings.