HIPAA-compliant websites must have physical, network, and process security to safeguard protected health information. While that seems clear, HIPAA privacy and security rules involve many concerns and components. Here are some of the most common questions we get at Efferent Media on the topic of HIPAA-compliant websites.
What Does HIPAA Stand For?
HIPAA stands for Health Insurance Portability and Accountability – in reference to the HIPAA Act of 1996. As the name indicates, it requires doctors and medical facilities to provide a patient’s medical records upon request and to keep their personal information secure and private.
What Does HIPAA Compliance Mean?
HIPAA-compliant websites keep patient health information (PHI) secure and private. Websites for healthcare providers do not necessarily have to process PHI. A website for a doctor or healthcare practice could purely focus on their services, hours, expertise, etc. without processing any sort of patient data. In that case, HIPAA concerns would not apply.
However, if the website contains a portal through which patients can access their own records and test results… then the website must, by law, be HIPAA compliant. The same is true for a website that allows clients to fill out medical history forms online prior to an appointment. If, however, the website only contains blank forms that patients can download, print, and bring with them to their office; then HIPAA compliance is not required because no actual PHI is going through the website.
What Is Protected Health Information?
Protected health information (also known as PHI) refers to health information created, received, sent, or stored – either physically or digitally. PHI is any information that can be used to identify a person including medical history, billing information, records of patient questions and conversations, and more.
The related term you may hear is “HIPAA-covered entities” – which is a health plan, healthcare provider, or healthcare data organization that processes or transmits information for the U.S. Department of Health and Human Services. Health insurance companies, hospitals, physician offices, and more are covered entities.
Does My Website Need to Be HIPAA Compliant?
If patients use your website to access their patient records, then yes, your website needs to be HIPAA compliant. Similarly, if new patients are submitting their medical history, billing information, or records through your website, then the website needs to be HIPAA compliant.
Are Google Forms HIPAA Compliant?
Believe it or not, Google Forms can be HIPAA compliant. G Suite HIPAA compliance requires the access and visibility of the files and folders to be set for privacy. When that is done, the privacy and security regulations will comply with HIPAA requirements.
The Experts at Efferent Media Can Design and Develop Your Website
If you are a medical practice, HIPAA compliance is a crucial aspect of your website. The experts here at Efferent Media can help you design and develop a website that showcases your business beautifully, is HIPAA compliant, and is SEO-friendly. We tailor each of our projects for you and your business. Contact us today and have the website your business deserves.