HIPAA and Websites
Posted by Amy Wood on Mar 9 2018, 08:48 AM
Wait, HIPAA applies to my website too? Yes, if you have information on your website about the type of treatment you provide, which you obviously do, otherwise your website would be useless, there are certain things that need to be done, both for Privacy and Security.
- Forms: If you provide any forms on your website, especially if those forms can be filled out or signed online, you need to make sure that is secure. Any vendor that provides these kinds of services would have to be assigned responsibility as a Business Associate. A full Business Associate Due Diligence Review would have do be done prior to engagement to ensure these types of activities are secure.
- Contact Us: Any email that collects information, especially information about patient information needs to be sent secure. If you aren't sure if yours is, ask your website provider.
- Right To Know: Websites should have a disclaimer or warning near an email or Contact Us form alerting the user that any information they enter into the form may be sent insecure.
- Email Address vs Contact Us Form: The Contact Us form is always more secure. Often times, websites are scanned to find email addresses that are published and start spamming those addresses. Use the form to protect your inbox.
- ADA Requirements: There are new requirements as part of the Americans with Disabilities Act for your website too. This one isn't HIPAA related, but very important. Each photo on your site needs to have a description in the background so that a visually impaired person can use special programs to navigate and understand what is on your website. This is something your web designer should be able to help you with.
As you can see there are a few things you need to do when it comes to your website. If you need help, don't hesitate to call us. We'll help you through it.