How to Ensure Your Website is HIPAA Compliant

How to Ensure Your Website is HIPAA Compliant

Photo Attribution: Artur Szczybylo/

In today's digital age, having a web presence is important in attracting potential patients to your health practice. Those operating within the healthcare industry must have HIPAA compliant websites to protect the information being collected from both current and future patients.

Should your website be HIPAA compliant?

If you answer yes to one or more of the questions that the Compliancy Group asks below, you should have a HIPAA compliant website.

  • Are you collecting Personal Health Information (PHI) on your website?

  • Are you transmitting PHI through your website?

  • Are you storing PHI on a server connected to your website?

How to make your website HIPAA compliant

  • Utilize SSL: Using a secure sockets layer on your website will ensure all information passing through your web server is secure.
  • Data Encryption: Data collected through web forms should be fully encrypted to avoid a risk of loss or theft during a potential breach.
  • Store data on a HIPAA compliant server: The security capability of a server plays an important role in patient data protection. HIPAA has specific requirements for server compliance, which all healthcare providers should familiarize themselves with and implement.

Refer to this important checklist

Still not sure if your data protection is up to HIPAA compliance standards? Refer to this checklist:

  • All data collected and shared must be encrypted.

  • Back up all data provided by patients.

  • Patient health data needs to be recoverable.

  • Data collected should be free from alteration and should also be tamper-proof.

  • Data no longer required should be permanently deleted.

If your organization does not store or transmit PHI, then having a HIPAA compliant website is not necessary. Taking steps to ensure compliance with HIPAA web requirements is still recommended, in the case that PHI is dealt with in the future.

Client Success

  • 50% reduction in time to deploy Giva's change, incident, problem, asset management and knowledgebase modules
  • 60% reduction in the 5 year Total Cost of Ownership (TCO)
  • Saved at least 1 FTE due to lower ongoing administration
  • Saved 1 week per month due to easy to use reports
  • Increased to 90% achievement in meeting service level agreements
  • 70% reduction in generating reports and admin; eliminated 35 hours/month
  • 50% faster to create/assign a service request
  • 60% increase in information captured during the initial phone call
  • 50% increase in the number of service requests created due to intuitive design
  • 80% increase in productivity by using Giva's dashboards and reports
  • 60% increase in meeting service level agreements
  • 45% increase in the number of the calls logged due to Giva's intuitiveness and ease of use
  • 50% increase in productivity by using Giva's integrated custom forms