You want to have a strong web presence so prospective patients can find you online. You may even want to have people send you information online so you can give them recommendations. Both of these things are great!
But there’s one thing standing in the way: HIPAA compliance. If your website is not compliant, you risk a hefty fine… or worse, a lawsuit. So what do you do to make your site HIPAA compliant?
Keep PHI In Mind
Protected health information (PHI), and its transmission or storage, is the key to figuring out if what you’re doing is HIPAA compliant or not. If you’re transmitting or storing PHI, which you almost certainly are if you’re using web forms to collect prospective patient information, you need to make sure everything is HIPAA compliant.
What counts as PHI? Anything that can be used to identify a person. The full list of PHI can be found here.
Security Is Paramount
If you’re dealing with PHI, your healthcare website needs to be using SSL (HTTPS) encryption. This is non-negotiable.
You also need to be using encrypted web forms. If the information is being submitted through a web form, then there needs to be no way that an intruder can get access to that information. Encryption helps there.
Email notifications for your web form can’t transmit PHI to another user. That means, those notifications cannot have any PHI in them whatsoever.
All data needs to be time-stamped on the date and time of collection, and it needs to be accessible on request.
PHI collected by your website cannot be accessible to just anyone. You need designated staff members with designated secure logins, otherwise it’s not compliant. The point is to make sure no unauthorized user can gain access to PHI transmitted, collected, or stored on your servers.
Got any questions at all about HIPAA security requirements? Give us a call at 888-986-3638. It’s better safe than sorry.
Getting Help With Your HIPAA Compliant Website? Get a Business Associate Agreement (BAA)!
There are plenty of service providers that are well equipped to handle PHI. If you’re going to work with one, make sure to get a BAA from them. This certifies that the vendor has checked your technology solutions HIPAA compliance regulation.
This includes HIPAA compliant web forms, web hosting services, servers for storing patient information, and much more. Ask us about HIPAA compliance if you have any other questions.