HIPAA certified website design
Find out all you need to know about HIPAA certified webs design.
Should my website designer be HIPAA certified?
The short answer is no, there is no such thing as HIPAA certification for website designers. When I began to search the best training available, I was confounded by the plethora of companies on the market that purportedly trained for HIPAA compliance. I called the American Medical Association and spoke to one of their lawyers in Washington. She told me the following:
- There is no recognized company that has the authority to confer certification on anyone.
- The primary reason for the above is that the rules themselves as set down by the government are rather nebulous.
Does my website need to be HIPAA compliant?
Only if you are transmitting PHI.
- If at some point you decide to transmit protected health information you can add features or move to more secure hosting.
- You could begin by anticipating that one day you will be transmitting PHI and allow for it.
How to make my website HIPAA compliant?
- SSL certificate for security
- Encryption of forms and data. There are services which will do this like Paubox or Virtru
- Storing the data on a server which is HIPAA compliant. These hosting providers are more expensive than regular hosting but in light of recent lawsuits and damages awarded, they provide great value.
Remember:
- Encrypt all shared patient information
- Back up all data up so that it can be recovered
Who must be HIPAA compliant?
From Forbes:
‘If you belong to the category of “covered entities’ or “business associates,” and you handle “protected health information (PHI),” you and your business are required to be HIPAA-compliant. “Covered entities” describes U.S. health plans, health care clearinghouses, and health care providers.
- Health Care Clearinghouses
Health care clearinghouses are organizations that collect information from a healthcare entity, processes this data in a industry-standard format and delivers it to another entity. Examples of clearinghouses include:
- Billing services
- Community health management information system
- Health Care Providers
- Business Associates
“Business associates” refers to any organization or individual who acts as a vendor or subcontractor with access to PHI. Examples of business associates include:
- Data transmission providers
- Data processing firms
- Data storage or document shredding companies
- Medical equipment companies
- Consultants hired for audits, coding reviews, etc.
- Electronic health information exchanges
- Medical transcription services
- External auditors or accountants
What should my website designer know about HIPAA?
Your website designer must know or be able to advise you on the following:
- Your website designer must direct you to the most secure hosting possible. There are hosting companies that specialize in hosting secure medical websites.
- A SSL certificate is mandatory. Your host will provide it.
- Your website designer must EITHER 1. Know how to build a portal for your patients to sign into. 2. Recommend services such as Paubox or Virtru, which specialize in encrypted communications and eliminate the need for a portal.
Other questions you may have about / for your medical website designer
FAQ
Most frequent questions and answers
To be a Google partner, a company needs to spend $10,000 or more on advertising with Google within 90 days. It must also have two employees who are certified in Google Ads.
Someone who has taken classes online and passed two tests is eligible for certification.
It depends on:
- the nature of your business
- consumer behavior
- the device they are using
Desktop: If consumers are ready to purchase a product, they will click on a paid ad.
Mobile devices: Supposedly, people utilizing mobile devices are more likely to click on paid ads. However, the reality is more complicated. To read more:
Marketers will tell you that Google Ads work. However, Google Ads (Pay per Click) can get costly. The benefit is that you only pay when someone clicks.
If you are actively searching for clients, it might work for you.
Remember, younger people will usually ignore paid ads and go straight for organic results. Those over 65 might not realize they are dealing with ads at all.
Display advertising is geared towards building your brand. A good example of a display ad is the type of banner you see on the right of your Facebook page. Those types of ads are usually more effective if you include image or video content.
To read more about the types of ads involved:
Blogging and SEO. Writing blog posts that answer a question so well that your blog post will be featured in Google snippets ( the answer box) is the goal.
Local SEO, including Google business pages.
Remember, the point of all this advertising is to drive people to your website and get them to convert. No marketer or marketing agency can guarantee results. You will simply have to try to see if PPC works for your practice.
What should my medical website have to be competitive and compliant?
Every Medical website needs to have / be:
- Speed. Your website needs to load quickly.
- Great navigation. Your website needs to be organized in a logical format. Each topic needs to be easily found.
- Responsive. That means a website that will work and function equally well across all devices.
- Attractive. No one will stay on your pages if you have an outdated or ugly website. People make rapid judgments. If your website is cheap or outdated, they will think your knowledge base and practice are outdated as well.
- Optimized for local and voice search.
If you are storing PHI:
- SSL certificate for security
- Encryption of forms and data. There are services which will do this like Paubox or Virtru
- Storing the data on a server which is HIPAA compliant.
Work with us
We are passionate about health and wellness. We are equally passionate about making you stand out from your competitors. We will use all of our design and writing abilities to tell your story and forge an emotional connection between you and your audience. In the end, we did take a HIPAA training course and were awarded a certificate of completion on October 29, 2019.
Please tell us a little bit about your project and we’ll schedule a call.
