What makes a website HIPAA compliant?

Jessica Crosby • December 17, 2021
Hipaa Compliant Website

What is HIPAA?

HIPAA stands for the Health Insurance Portability and Accountability Act. With regard to your website, it is vital that all patient information, also knowns as protected health information or PHI, be protected. HIPAA regulations apply to anyone providing treatment, managing payments, working in operations, business associates and subcontractors who have access to PHI. This means your website (and your website provider) should be HIPAA compliant.

What is considered PHI (protected health information)?

Many forms of personal information can fall into this category. Some of these things are medical-related. But many things are not and are often overlooked by those building websites. These things can include: 

 

  • Name
  • Address 
  • Birthdate
  • Email
  • SSN
  • Account number
  • IP Addresses
  • And many other identifiers

 

Do I need a HIPAA-compliant website?

You need a HIPAA-compliant website if you deal with PHI (protected health information). This could be direct or indirect contact. HIPAA regulation falls on those that provide treatment, receive payment, work in operations, are business associates, and subcontractors. 


Sometimes you might not expect a customer to send this type of information through a website form, but they often do. Once this happens, your company is now responsible for this personal information. 

Typical Vulnerable Areas on a Website

First ask yourself, am I receiving or storing PHI? If the answer is “yes.” These are the places that are most vulnerable on your website:
  • Contact forms that ask about symptoms, medical services, medications or other health-related information
  • Online patient forms
  • Live chat
  • Patient Portals
  • Patient reviews or testimonials
  • Any other information-collecting tools on your website
If your business employs these strategies. It is important that you consider HIPAA compliance. Do not overlook this. 

Steps to Make Your Website HIPAA Compliant

 

  • Purchase and implement an SSL certificate for your website.
  • Ensure all web forms on your site are encrypted and secure. Jotform has a HIPAA-secure feature that is easy to use and affordable.
  • Only send emails containing PHI through encrypted email servers.
  • Partner with web hosting companies that are HIPAA compliant and have processes for protecting PHI.
  • Sign a business associate agreement (BAA) with third parties that have access to patient PHI.
  • Ensure that PHI is only accessible to authorized individuals.
  • Establish processes to delete, backup, and restore PHI as needed.

 

As a business owner, it is important to align yourself with a digital marketing agency that is knowledgeable in HIPAA compliance. Contact Crosby Digital Marketing today to find out how to make your website HIPAA compliant. 

Get posts like this in your inbox

No sales emails. No spam. Just articles that will help you market your business more effectively online.

    We won't send you spam. Unsubscribe at any time.

    Share

    content marketing strategy

    What is your content marketing strategy?

    By Joe Crosby August 30, 2022
    Do you have a content marketing strategy for your business? Or do you just post blogs, videos, or social media posts when you have a few minutes? Learn how to build a quick and easy content marketing plan.
    marketing case study

    What is a marketing case study? [And how to create compelling ones]

    By Jessica Crosby August 24, 2022
    A marketing case study explains how you solved a problem for a client or customer using customer testimonials, statistics, and strategy to illustrate your approach. Typically you use a marketing case study as a tool for your sales strategy. We’ll break down this process below.
    Show More