Is Your Website HIPAA Compliant?

Anyone in the medical field for any amount of time would be aware of HIPAA procedures in their workplace. For those unfamiliar, HIPAA is short for the 1996 Health Insurance Portability and Accountability Act. It’s a federal law with a purpose to provide the ability to transfer and continue health coverage, reduce health care fraud, and require the protection of handling patient information. The intent of the law and its execution is important for many people who need medical care. However, that doesn’t mean that it doesn’t come with its own complications.

For starters, the act was first codified in 1996. The law came out when e-mail was just getting popular and the internet just started running through telephone lines. The way we did business, communication, and marketing were wildly different back then. And while a lot of medical personnel has certainly integrated new technology as means of documenting and communication, they are too busy to know the ins and outs of internet privacy and how the technology works.

So, it is up to both marketing, website, and medical experts to work together to make sure websites are HIPAA compliant. But what do we look for? What makes a website HIPAA compliant? Is there any precedent or regulation that we can look to? That is what we are here to cover today.

Is Your HIPAA Information Protected?

The first thing you gotta ask yourself before anything else is about the protection status of your website. The biggest stress for most medical record keepers is PHI. PHI, or Protected Health Information includes anything that would have to do with a patients personal identity, contact information, and health status. There are 18 types of PHI out there are a lot of legalities tied up in it. So, to simplify things a little, here are a few questions you need to ask yourself about your website.

  • Do I have any patient information, or PHI on my website?
  • Are you storing any PHI on a server where you are hosting your website?
  • Are you collecting any PHI on your website?

If the answer is no, on all 3, then you are golden. But if you have any uncertainties, chances are you need to look into HIPAA compliance on your website.

And most, if not all of medical practices already have or will struggle with this concept on a technological level. Online security is its own career field with experts that already know the ins and outs of how data is stored and encrypted. Sometimes, the information can be too secure in one way and under secure in another. There are handy dandy guides to help with this but let’s be realistic…you want to treat your patients. To possibly quote a famous sci-fi medical expert from the 60’s ” I’m a doctor, not a computer expert!”

Copyright Viacom

Can my Patient Reasonably Access their Records?

The second thing that you need to consider is whether patients can have access to their own medical information. This means having a website that is easy enough for regular people to navigate without freely giving any random personal information. This is where HIPAA becomes more muddy. It becomes a balancing act between making sure people have access to what they need, while protecting their privacy.

But why would they want access to their medical records? They need them for a variety of legal reasons. These reasons include but are not limited to:

  • Moving to a different state or country
  • Someone becoming a sole caretaker or legal representative of another person
  • A parent may need to understand any health complications for their child
  • Someone might want the records of a recently deceased person
  • Lawsuits
  • Notifying the state over disability matters

So, what can you do to help with this balancing act? Luckily, there is all types of technology, such as encrypted web forms for patients to fill out and access later. Another is the use of various types of accounts. A patient might be able to request information with their account and read it after someone from the medical staff grants that permission manually. There are even privileges on websites that limit or outright ban the editing of information. We even have extensions on websites that make web pages easier to see for patients with a variety of visual impairments, as seen on our webpage. There are a variety of strategies that tech companies, marketers and doctors can come up with. It’s only a matter of finding your needs and fitting around what works for you.

Do you want to learn more about technology in medical practice? Maybe you want a website of your own? Or, you could just want more people to see it? Whatever the case may be Purple Tie Guys is on it!

Back to Blog