HIPAA and Websites

HIPAA and Websites

Posted by Amy Wood on Mar 9 2018, 08:48 AM

HIPAA and Websites

Wait, HIPAA applies to my website too?  Yes, if you have information on your website about the type of treatment you provide, which you obviously do, otherwise your website would be useless, there are certain things that need to be done, both for Privacy and Security.

  1. NPP:  You need to have your Notice of Privacy Practices prominently displayed on your website.  It cannot be under Legal and should not be titled 'Privacy Policy' as this is a completely separate requirement for websites (users need to know what information is collected about them when they visit your site, such as Cookies).  The most common way to comply with this requirement is to have a page or link titled 'Notice of Privacy Practices', 'HIPAA Notice of Privacy Practices' or 'HIPAA' in the Patient Information section of your website.
  2. Forms: If you provide any forms on your website, especially if those forms can be filled out or signed online, you need to make sure that is secure.  Any vendor that provides these kinds of services would have to be assigned responsibility as a Business Associate.  A full Business Associate Due Diligence Review would have do be done prior to engagement to ensure these types of activities are secure.
  3. Contact Us: Any email that collects information, especially information about patient information needs to be sent secure.  If you aren't sure if yours is, ask your website provider.  
  4. Right To Know:  Websites should have a disclaimer or warning near an email or Contact Us form alerting the user that any information they enter into the form may be sent insecure. 
  5. Email Address vs Contact Us Form:  The Contact Us form is always more secure.  Often times, websites are scanned to find email addresses that are published and start spamming those addresses.  Use the form to protect your inbox.
  6. ADA Requirements:  There are new requirements as part of the Americans with Disabilities Act for your website too.  This one isn't HIPAA related, but very important.  Each photo on your site needs to have a description in the background so that a visually impaired person can use special programs to navigate and understand what is on your website.  This is something your web designer should be able to help you with.


As you can see there are a few things you need to do when it comes to your website.  If you need help, don't hesitate to call us.  We'll help you through it.

Share On

Leave A Reply

Please fill all the fields.

Talk to our experts

Start your journey to compliance by directly interacting with our experts. With extensive years of experience in making dental practices HIPAA Compliant, we provide everything from start to finish to make you compliant, safe, secure, and confident against data breach. Look no further, begin your training today by scheduling a class with our experts!