How to Make Your Medical Website HIPAA Compliant
Written by: Ryan Flannagan

As a physician, you are undoubtedly familiar with HIPAA compliance laws and taking steps to protect your patients’ personal health information. However, as the healthcare industry ventures into the digital world of healthcare websites, it is important that you keep all aspects of your practice HIPAA compliant. You may be thinking, “Isn’t that my web designers job?” The answer is yes, however you would be surprised at how many web design firms are uneducated on not only the details but the overall existence of the HIPAA laws. Therefore, it is imperative that your practice ensures the HIPAA compliance of your website to protect yourself from penalties. There are two ways to go about this, working with a HIPAA Compliant Web Designer or ensuring your website’s security though a HIPAA Compliance Checklist.



The first of the two options is the easiest, working with a HIPAA Compliant Web Designer. By choosing this option, your practice is bestowed with the peace of mind that the firm building your online presence is knowledgeable and experienced with protecting patient health information. In order to be a fully HIPAA certified firm, all employees must complete the HIPAA security compliance course and pass a quiz to test their knowledge. Therefore, the employees have all the facts relating to HIPAA security as provided by expert lawyers and the federal government. Working with these firms allows your practice to worry more about your patients and less about your security.

However if you decide to work with an uncertified HIPAA web designer it is in the best interest of your practice that you personally confirm the HIPAA compliance of your online presence. Of course, you can only tell your web designer these qualifications and must trust that they are skilled enough to fully implicate them. Regardless, the qualifications of a HIPAA website are important information for all health providers to have.


In order to have a HIPAA Compliant Medical Website:

  • Information that is being transported must ALWAYS be encrypted.
  • PHI is backed up and is recoverable.
  • Using unique access controls the information is only accessible by Authorized personnel.
  • The information is not tampered with or altered.
  • Information can be permanently disposed of when no longer needed.
  • Information located on a server that is secured by HIPAA security rule requirements and/or a web server company who you have a HIPAA Business Associate Agreement with.



Embed this infographic on your site.

Ryan Flannagan
Ryan Flannagan

Ryan Flannagan is the Founder & CEO of Nuanced Media, an international eCommerce marketing agency specializing in Amazon. Nuanced has sold $100s of Millions online and Ryan has built a client base representing a total revenue of over 1.5 billion dollars. Ryan is a published author and has been quoted by a number of media sources such as BuzzFeed, CNBC, and Modern Retail.

Share This