We have a situation where the business owner wants to have potential patients submit their information from a web site. This information includes their social security number and personal information. When the forms are filled out on the web site, when "Submit" is hit it is being delivered to an email address.
The company that is building the site advised that it have a certificate, however left the rest of the compliance concerns up to the business owner. If the site has a certificate then I am going to assume that the visitors session while filing out the form is secure, however when "Submit" is hit that information is being sent to an email address.
Is there a more secure way of having these forms submitted? The web site resides on a GoDaddy shared hosting account and the email address being used is on a Hosted Exchange account with Microsoft.
Any advice will be appreciated. Thanks