The dental atelier had a contact form. Everyone had a contact form. Five fields: name, email, phone, message, submit. It had been on the site for nine years. Nobody had thought about it once in that entire time.
When we ran the data, the form was completing at 34%. Meaning two out of three people who started filling it in abandoned before they hit submit. The drop-off was happening at the message field — the open-ended one. People were stalling on what to write, then closing the tab.
Worse: of the 34% who did submit, a meaningful chunk were writing protected health information into a plain text box that was being emailed unencrypted to the front desk. The clinic didn't know it was a compliance problem yet, but it was going to be one.
We rebuilt the intake as a four-step flow. Step one collected name and the basic appointment type they were inquiring about — five buttons, no typing. Step two collected scheduling preference — three time-window buttons. Step three asked for contact details — email and phone. Only after explicit consent on step three did step four open up: a single optional field for "anything else the clinical team should know." That field routed to an encrypted intake channel, never to plain email.
Completion rate went from 34% to 71% in the first month. Inquiry quality, rated by the clinic's intake coordinator on a 1-5 scale, went from 2.1 to 4.4. The encrypted-PHI routing was the kind of unsexy compliance fix that would have eventually become a $40,000 problem if we hadn't caught it.
The bigger lesson is that nobody audits the contact form. It's the most ignored piece of web UX on every clinic, agency, and SaaS site I touch. People obsess over hero copy and pricing pages and ignore the one form that determines whether anyone ever talks to them. If you haven't looked at your contact form's completion rate in the last twelve months, that is the next thing you should look at.
