HIPAA Compliant Website

HIPAA Compliant Website


Please support Telehealth.org’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker.

Creating a HIPAA Compliant Website

Do you know what it takes to have a HIPAA compliant website? Having a web presence is critical to attracting patients to your behavioral health practice in today’s increasingly digital age. But how do you ensure that you’re not risking patient privacy in the process?

We’ve put together the following tips to keep in mind when creating your website.

HIPAA Website Basics

Before you understand how to make your website HIPAA compliant, let’s take a quick look at HIPAA regulation. HIPAA is a national regulation that sets standards for the privacy and security of protected health information (PHI). PHI is any information that can be used to identify a patient. Examples include name, address, telephone number, email address, date of birth, and medical records.

HIPAA regulation requires healthcare providers and vendors who are in direct contact with PHI to be compliant with the law. HIPAA defines providers as “covered entities” (CE), and vendors as “business associates” (BA). Whether you are a behavioral health practitioner or an telehealth service provider working within healthcare, you must have a HIPAA compliant website to protect the information that you are collecting and processing from potential patients.

Does Your Website Need to be HIPAA Compliant?

There are three key questions you must ask yourself to assess whether or not your website must be HIPAA compliant. These questions are:

  • Are you collecting PHI on your website?
  • Are you transmitting PHI through your website?
  • Are you storing PHI on a server connected to your website?

If you answer “yes” to any of these questions, you must have a HIPAA compliant website.

How to Create a Compliant Website

First, ask yourself “Do I use HIPAA compliant web forms?” Using HIPAA compliant web forms helps ensure that the PHI you are collecting will be seen by you and only you. This helps avoid data breaches and prevents unsecured information from being released.

Next, ask yourself “Do we use encryption with our webforms and website?” HIPAA has set its own standards for encrypting data that is both “at rest” and “in motion”. In the modern digital age, encryption is becoming essential for running a successful telehealth business. Having these security measures will help protect your clients and their information.

HIPAA compliant websites are most effective when the provider and patient can both trust the security measures that are being taken to protect PHI. As long as these measures are taken throughout the use, storage, and transmission of PHI, your compliance is in place for your website.

Basic Telehealth Legal & Ethical Rules: HIPAA, Privacy, Working Across State Lines, Malpractice Insurance

Bring your telehealth practice into legal compliance. Get up to date on inter-jurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, the duty to report, termination, and much more!

Disclaimer: Telehealth.org offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Telehealth.org Privacy Policy and Terms and Conditions.

Notify of
1 Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Melissa R West
Melissa R West
3 years ago

Thanks for sharing it, Frank.
HIPAA COMPLIANCE sets the standard for delicate patient information security. At this point, I am almost certain you should have a constructed medicinal site that should be consistent with HIPAA and if not you may need to lose a great deal.

Would love your thoughts, please comment.x