formisoft
FAQs/Security & HIPAA

How are magic links secured?

Magic links use JWT (JSON Web Tokens) signed with a secret key:

  • Each token contains the patient ID, appointment ID, form IDs, and organization ID
  • Tokens expire after 7 days
  • No login or account creation required for patients
  • Tokens are single-use for appointment-based intake

Ready to try Formisoft?

The simple patient engagement platform for healthcare practices.

Try it free

Related questions

Is Formisoft HIPAA compliant?

How is patient data encrypted?

What is audit logging and how does it work?

What roles and permissions are available?

Is a Business Associate Agreement (BAA) available?