Is it possible to capture submissions in our own database in an HIPAA compliant way?