Home Health Law Is Your Web site HIPAA-Compliant? | HIPAA & Well being Info Know-how

Is Your Web site HIPAA-Compliant? | HIPAA & Well being Info Know-how

Is Your Web site HIPAA-Compliant? | HIPAA & Well being Info Know-how


In case you are a HIPAA-covered entity or enterprise affiliate, you doubtless know that affected person PHI might solely be created, obtained, maintained, and transmitted as permitted by the HIPAA Safety Rule and the HIPAA Privateness Rule.  But you might not have centered in your firm’s web site as a spot the place PHI is collected and transmitted.  In case you are topic to HIPAA, it is best to frequently assess your web site knowledge practices.  As described on this weblog submit, it is best to ensure that third-party trackers like Meta Pixel usually are not accessing and disclosing knowledge behind the scenes.  However widespread customer-facing instruments shouldn’t be ignored.  Widespread methods by which PHI could also be collected and transmitted embrace:

  • Stay Chat
  • Affected person Portals
  • On-line Affected person Varieties
  • On-line Scheduling Instruments
  • Opinions and Testimonials
  • E mail
  • On-line loyalty Applications

The HIPAA Privateness Rule requires that entities that create, obtain, keep, and/or transmit PHI take particular measures to guard it. For instance, if your organization retains individually identifiable medical info on a server, that server should be encrypted and safe. Transmitting PHI consists of sending info by way of electronic mail, textual content, net kinds or different forms of digital messaging. Storing PHI consists of storing info in apps, knowledge facilities, and many others. If your organization web site collects, shops, or transmits PHI and doesn’t take affordable measures to safe that knowledge, it might violate HIPAA.

To start remediating dangers, firms ought to:

  • Buy and implement an SSL certificates for the corporate web site
  • Guarantee all net kinds on the corporate web site are encrypted and safe
  • Solely ship emails containing PHI by means of encrypted electronic mail servers
  • Companion with website hosting firms which can be HIPAA-compliant and have processes for shielding PHI
  • Execute BAAs with third events which have entry to PHI (together with website hosting firms)
  • Be sure that PHI is barely accessible by approved people inside your organization



Please enter your comment!
Please enter your name here