Skip to Content
Aa Aa Aa

HIPAA Compliance for Websites

Any business associated with the healthcare industry needs to be aware of HIPAA guidelines for websites. VGM Forbin has developed hundreds of websites for doctors, HME providers, DME providers and even equipment manufacturers, so you can say we’ve been around the block with HIPAA compliance for websites.

In our experience with the healthcare industry, many medical equipment providers were previously able to focus on their brick and mortar stores, but COVID-19 has changed the game for everyone, and many are shifting their efforts to online stores in order to adapt. Whether you’re maintaining your current web presence or looking to develop a new and improved website, it’s important to make sure your website is HIPAA-compliant.

If you’re reading this blog, odds are you’re wondering; how do I know if my website needs to be HIPAA-compliant? Great question!

Your Website Should Be HIPAA-Compliant If:

Your website should follow healthcare regulations if it stores, transmits or collects protected health information (PHI). For a full list of what falls under PHI, visit the HIPAA Journal.

Examples of Collecting PHI on Your Website:

  • Contact forms
  • Patient portals
  • Live chats
  • Bot chats
  • Patient reviews or testimonies

Examples of Transmitting PHI Through Your Website:

  • Sending information gathered from the site over email
  • Sending information collected from web forms

To Have a HIPAA-Compliant Website You Need to:

In order to have a HIPAA-compliant website, you need to make sure that you are protecting any PHI that is store, transmitted or collected on the site by following the items outline below.

  • Follow HIPAA-guidelines for web forms
  • Data can only be collected by entering a password or key
  • Make sure email notifications for form submissions do not include PHI
  • All reports require passwords to access
  • Always log out of the website platform after you’re done viewing form data
  • Data stored on third-party or off-site servers (this includes most websites) needs to be encrypted
  • Have your website provider sign a Business Associate Agreement (BAA)

While we’re on the topic of BAAs, please indulge our quick tangent: most free platforms/versions of remote work tools will not include a BAA. This means that any free versions of platforms that you downloaded for remote life during COVID, like Zoom, are in violation of HIPAA because PHI is exchanged over conference calls or online messages. It’s important to have a BAA with every vendor and third party you partner with. If you’re not sure whether the platforms you’re using are HIPAA-compliant, start a chat with our IT team and they will be able to point you in the right direction.

Our IT team is also an integral part of maintaining HIPAA-compliance for websites. With their expertise, we’ve been able to develop a website platform that is tailored specifically for the healthcare industry. We call this platform PowerWeb™. It’s an affordable solution that features three design layouts to choose from, with every variation being HIPAA-compliant so you don’t have to worry about a thing. We typically recommend pairing a PowerWeb website with our Managed IT Services for 24/7 technical and security support with your website, email and any other platform your company uses.

(too long; didn't read)

  • Healthcare websites need to be HIPAA-compliant
  • Make sure PHI is stored, collected and transmitted in a secure format
  • We have a HIPAA-compliant website platform made for the healthcare industry
  • Our IT team is equipped to help you and your patients stay secure

Start a chat with our IT team by filling out the form below to ensure your website is HIPAA-compliant.