BAA Pending — HIPAA Readiness in Progress

HIPAA-Compliant Clinical Assessments

200+ validated clinical assessments built for US practitioners. DSM-5 aligned ADHD assessments, standardized screening tools, and outcome measures — all with auto-scoring, US data residency, and neurodivergent-friendly design.

US Data Residency

AES-256 Encryption

Business Associate Agreement

Free to Start

Start Free — No Credit Card Browse All Assessments

US clinician reviewing patient assessments on a tablet with data security lock symbol

Built for HIPAA Compliance

ClientForms implements the administrative, physical, and technical safeguards required by the HIPAA Security Rule to protect your patients' health information.

Technical Safeguards

AES-256 encryption at rest, TLS 1.2+ in transit, unique user authentication, automatic session timeouts, and comprehensive audit logging for all PHI access.

Administrative Safeguards

Designated Privacy Officer, workforce training, risk assessments, incident response procedures, and Business Associate Agreements with all data handlers.

Physical Safeguards

US-region data centers with SOC 2 Type II certification, facility access controls, workstation security policies, and device and media controls for PHI protection.

200+ Clinical Assessments Available

Comprehensive assessment library covering psychology and allied health — from ADHD screening to outcome monitoring. All HIPAA-compliant with auto-scoring.

ADHD Assessment (DSM-5)

Full DSM-5 aligned diagnostic interview with criterion grouping and auto-scoring

AQ-10 Autism Screening

Quick 10-item autism spectrum screening with validated cutoffs (88% sensitivity)

Free Test Available

GAD-7 Anxiety

Generalized Anxiety Disorder 7-item scale (89% sensitivity, 82% specificity)

Free Test Available

PHQ-9 Depression

Patient Health Questionnaire 9-item depression screen (88% sensitivity)

Free Test Available

DASS-21

Depression, Anxiety, and Stress Scale — 21-item version with severity cutoffs

Outcome Monitoring

K10 / CORE-10

Kessler Psychological Distress Scale and CORE Outcome Measure for routine monitoring

Outcome Monitoring

Try free self-tests →View all 200+ forms →

US Data Residency

Patient data from US practitioners is stored exclusively in US-region data centers. No PHI is transferred outside the United States.

Encryption at Rest

All patient data encrypted with AES-256 at rest in US-region infrastructure. Encryption keys managed through industry-standard key management services.

Encryption in Transit

TLS 1.2+ enforced on all connections. HSTS headers prevent protocol downgrade attacks. No unencrypted data transmission.

Access Controls

Role-based access control (RBAC), unique user authentication, automatic session timeouts, and multi-factor authentication support.

Audit Logging

Comprehensive audit trail for all PHI access and modifications. Logs retained for 6 years per HIPAA requirements.

Your Compliance Responsibilities

What ClientForms Handles

US-region data storage and encryption (AES-256 at rest, TLS 1.2+ in transit)
Business Associate Agreement with infrastructure providers
Automatic session timeouts and access controls
Audit logging for all PHI access
Breach notification procedures per HIPAA requirements
Regular security assessments and vulnerability scanning
Secure backup and disaster recovery

Your Responsibilities

Ensure your use of ClientForms is covered by your own HIPAA compliance program
Obtain appropriate patient consent before administering assessments
Use strong, unique passwords and enable MFA on your account
Access patient data only on secure, authorized devices
Report suspected security incidents to ClientForms promptly
Maintain your own HIPAA policies and workforce training
Sign the Business Associate Agreement for your organization

Frequently Asked Questions

Is ClientForms HIPAA compliant?

ClientForms is actively working toward full HIPAA compliance. Our BAA is currently pending, and we have implemented the required administrative, physical, and technical safeguards for protecting PHI.

Where is my patient data stored?

US practitioner data is stored in US-region data centers. Data is encrypted at rest (AES-256) and in transit (TLS 1.2+). No patient data is transferred outside the United States.

Does ClientForms provide a Business Associate Agreement (BAA)?

A BAA is currently being finalized with our infrastructure providers. Once signed, it will be available for all US practitioners on paid plans.

What clinical assessments are available?

ClientForms offers 200+ clinical assessments including DSM-5 aligned ADHD assessments (adult and child), GAD-7 anxiety screening, PHQ-9 depression screening, AQ-10 autism screening, DASS-21, K10, CORE-10, and many more. All assessments include auto-scoring and neurodivergent-friendly design.

How does ClientForms handle breach notification?

ClientForms follows the HIPAA Breach Notification Rule. In the event of a breach affecting unsecured PHI, we notify affected individuals within 60 days of discovery and report to the HHS Office for Civil Rights as required.

Ready to try a different approach?

Quiet tools for focused work. Real impact for your patients.

Setup in 2 minutes

Cancel anytime

Email support

Create Free Account

No credit card required. Free tier includes 10 assessments.

Or try a free self-test →