What a dental practice form should (and shouldn't) collect
A dental website form is a front-desk assistant, not a medical chart. Its job is to turn a visitor into a booked appointment request that your team can act on within minutes. That means collecting just enough to call them back and slot them in:
- Name + phone + email — so the front desk can confirm.
- Reason for visit — checkup/cleaning, tooth pain or emergency, cosmetic consult, new-patient exam.
- New or existing patient — routes the request and sets expectations.
- Preferred days/times — speeds scheduling, reduces phone tag.
- Short message — optional context.
What to keep off a public website form: detailed medical history, medication lists, insurance/policy numbers, and anything else that counts as protected health information. Collect those through your practice-management system or a secured, BAA-covered portal once the appointment is set. The website form starts the relationship; the secured system holds the clinical data.
A plain word on HIPAA
This matters enough to state directly: most general-purpose contact forms are not the right vehicle for protected health information, and most form vendors do not sign a Business Associate Agreement (BAA). The compliant-by-design approach is to keep the public form limited to appointment-request basics and route anything clinical into a system that is explicitly HIPAA-covered.
splitforms stores submissions in row-level-secured Postgres and supports the kind of minimal appointment-request form described here. But if your workflow requires collecting PHI online, you need a vendor that will sign a BAA for that data — confirm your specific obligations with your compliance advisor. This guide is general information, not legal advice.
You don't need dental software just to take requests
Practice-management suites earn their cost on charting, billing, and scheduling. But the narrow task of "let a website visitor request an appointment and tell the front desk instantly" doesn't require one. A hosted form backend handles it: the request hits your front-desk inbox and a dashboard within seconds, and you forward it into scheduling from there.
- Instant delivery — dedicated SMTP so requests reach the inbox, not spam.
- Team alerts — push each request to a shared Slack/Teams channel so nothing waits until end of day.
- Spam filtering — AI classifier keeps bot noise out of the front-desk queue.
- Free up to 500 requests/month — more than enough for most single-location practices.
Copy-paste appointment-request form
Paste into your site and swap YOUR_ACCESS_KEY for the one from your free splitforms account. Note the deliberate absence of clinical/insurance fields.
<form action="https://splitforms.com/api/submit" method="POST">
<input type="hidden" name="access_key" value="YOUR_ACCESS_KEY" />
<input type="hidden" name="subject" value="New appointment request" />
<label>Full name<input type="text" name="name" required /></label>
<label>Phone<input type="tel" name="phone" required /></label>
<label>Email<input type="email" name="email" required /></label>
<label>Patient status
<select name="patient_status" required>
<option>New patient</option>
<option>Existing patient</option>
</select>
</label>
<label>Reason for visit
<select name="reason" required>
<option>Checkup / cleaning</option>
<option>Tooth pain / emergency</option>
<option>Cosmetic consultation</option>
<option>New patient exam</option>
<option>Other</option>
</select>
</label>
<label>Preferred days / times
<input type="text" name="preferred_times" placeholder="e.g. weekday mornings" />
</label>
<label>Anything else? (optional — please don't include medical details)
<textarea name="message" rows="4"></textarea>
</label>
<!-- honeypot -->
<input type="checkbox" name="botcheck" style="display:none" tabindex="-1" autocomplete="off" />
<button type="submit">Request appointment</button>
</form>Wire a real-time alert so the front desk sees requests immediately: submissions to Microsoft Teams or to Slack. Forward to a tracking sheet with form to Google Sheets.
Mistakes that cost practices patients (and create risk)
- Collecting PHI on a public form. Medical history and insurance numbers don't belong on a general website form. Keep them in a BAA-covered system.
- Relying on a
mailto:link. It gets harvested by spammers and gives the front desk no structure. Use a form. See receive submissions by email. - No instant alert. An emergency request seen six hours later is a lost patient. Push requests to a monitored channel.
- Deliverability you never tested. Submit your own form and confirm it lands. Why form emails go to spam.
What to do next
- Related: contact form for law firms · real estate lead forms
- Add it to your site: WordPress · Wix
- Privacy basics: GDPR-compliant form submissions
- Ready to set it up: get a free access key
FAQ
What should a dental practice contact form ask for?
For a first-touch website form, keep it to what you need to book the call back: name, phone, email, reason for visit (checkup, cleaning, pain/emergency, cosmetic, new patient), preferred days/times, and whether they're a new or existing patient. Don't collect detailed medical history or insurance numbers on a public website form — gather those through your practice-management system or a secured portal after the appointment is set. The website form's job is to start the conversation, not to be the medical chart.
Is a website contact form HIPAA-compliant?
A plain website contact form is generally not the right place for protected health information (PHI), and most general-purpose form tools are not covered by a Business Associate Agreement (BAA). The safe pattern: use the website form only for basic appointment-request details (name, contact, reason, timing) and move anything clinical into a HIPAA-covered system with a signed BAA. If you must collect PHI online, use a vendor that explicitly offers a BAA. Treat this article as general guidance, not legal advice — confirm your specific obligations with your compliance advisor.
Do I need expensive dental software just to take appointment requests online?
No. Practice-management suites are worth it for charting, billing, and scheduling, but you don't need one just so a website visitor can request an appointment. A hosted form backend captures the request, emails your front desk instantly, and logs it in a dashboard — for free or a few dollars a month — and works on whatever website you already have. You can forward each request into your scheduling workflow from there.
How do I make sure appointment requests don't get missed?
Two things: reliable email delivery and an instant alert. Use a backend with dedicated SMTP so requests reach the front-desk inbox instead of spam, and wire a real-time notification to a shared channel (Slack, Teams, or even Telegram) so a request is seen within minutes, not at end of day. splitforms supports both — dedicated SMTP plus signed webhooks to your team chat.
Can patients request a specific dentist or appointment time?
Yes — those are just dropdown and date/time fields. Add a 'preferred provider' select and a 'preferred days/times' field. The request arrives labeled in your inbox so the front desk can confirm the closest available slot. Keep it as a request, not a live calendar booking, unless you've integrated real scheduling — overpromising exact times on a static form leads to double-booking.
Will this work on my existing practice website?
Yes. Whether your site is on WordPress, Wix, Squarespace, or a custom build, you can embed an HTML form and point it at a backend endpoint. No plugin or platform upgrade required. You paste the form, set where notifications go, and appointment requests start arriving.