How to make sure you have a HIPAA compliant website

93% of all business decisions starts with an online search. This makes having a website vital for any business, including healthcare providers. However, healthcare providers need to take extra precautions to be sure they have a HIPAA compliant website. A good website can help providers be “found” in online searches, give them credibility, and provide a way for potential patients to contact you. For healthcare providers, a good website can also make operations more efficient.

Imagine having patient intake forms available to be filled out and submitted online. Labs can create secure portals for doctors to view results and upload needed documents. Patients can get access to results and prescriptions. However, a bad website can hurt credibility and even worse, as a physical therapy practice found out the hard way to the tune of a $25,000 HIPAA fine.

A quick note about HIPAA compliance and websites

It’s important to remember that HIPAA compliance for any covered entity means making sure reasonable steps are taken to ensure there are technical, physical and administrative safeguards in place to keep protected health information (PHI) safe. For websites, this means that any time PHI is transmitted or stored, there’s proper procedures and policies in place to go along with the technical security we’re going to talk about in this article. For example, you can have secure cloud storage to hold PHI, but not have policies in place when it comes to sharing that information with others. Someone could still accidentally share or leak that information when they weren’t supposed to, which can result in a HIPAA violation. Think about how many violations occur because a laptop was stolen. If policies and procedures weren't in place to encrypt and secure the laptop, no amount of technology would help.

When does a website have to be HIPAA compliant?

• Are you transmitting any PHI online?
• Are you storing PHI on a server you are hosting?

If you are handling any PHI on or through your website, then you need to be sure it is HIPAA compliant. This includes even “simple” transactions like setting an appointment.

How do you make a HIPAA compliant website? 

• Passed through to someone via email
• Stored on your web server
• Stored on someone else’s web server

If you pass through PHI

If you store PHI on a server 

Make sure to get a Business Associate Agreement

Let technology work for you

There’s far more benefits than risks when it comes to having a website that adds value to your business. Although the growing number of HIPAA violations take up the headlines, there are far more successes than failures when it comes to integrating technology with your practice. Utilizing the right technology in securing your website can improve your workflows, increase business and let you focus on patients and clients, not checking off boxes and adding extra steps. Paubox provides HIPAA compliant solutions that can seamlessly secure PHI that’s transmitted from your website. Paubox focuses on delivering user-friendly encryption, eliminating extra steps and portals whenever possible.

Looking for HIPPA Compliant Website?

People often get confused between HIPAA and HIPPA. HIPAA is commonly misspelled as HIPPA and it’s easy to mistakenly google for “HIPPA compliant websites” or “HIPPA website.” Google however, is smart enough to know the correct spelling and will point you to the right pages by default. In a nutshell, “HIPPA compliant website” or “HIPPA website” are not correct. “HIPAA compliant website” or “HIPAA website” are the correct search terms.