Wayne,
One of my favorite authors, Hugh Prather, wrote: "the window is not the view, the window allows the view."
I have always applied this concept to the visualization of data. The FORM is not the data, the form only allows you to see the data.
In my opinion you are getting caught up in the wording, and not looking at the requirements: You need to have access to the data on the form to re-present it for the patient when he/she arrives in the office, in a manner that meets HIPAA compliance.
All you need for this is a location (database) where the patient can "deposit" the data, and you can "withdraw" the data as needed. Forget about email and all that. The "system" can notify you by email, sms that a "deposit" has been made.
When it boils down to it HIPAA is about secure information STORAGE AND RETRIEVAL. It is no more than your bank is about secure STORAGE AND RETRIEVAL of your money. The concept is not different, neither is it new, it is only being applied to a different business process.
