Should Your Website Be HIPAA Compliant?

HIPAA Compliance Requirements for Your Website

A look at what HIPAA compliance entails for healthcare businesses


HIPAA (Health Insurance Portability and Accountability Act) outlines specific requirements for keeping patients’ Protected Health Information (PHI) confidential and secure. Also known as the Kennedy-Kassebaum Act after its sponsors, HIPAA was signed into law in 1996. Under this law, your brick and mortar healthcare business needs to be HIPAA compliant. If any patient information exists on or can be retrieved from it, your website must be HIPAA compliant as well. 

Who Needs to be HIPAA Compliant? 

Businesses that handle sensitive patient information need to be HIPAA compliant, including healthcare providers, health plan and insurance providers, and healthcare clearinghouses. Companies who regularly do business with healthcare entities will also need to be HIPAA compliant if they are likely to come into contact with PHI. Some examples of these businesses include law firms, medical transcription businesses, colleges, and software providers.

*Disclaimer: If you are unsure about whether or not your website needs to be HIPAA compliant, it is best to seek legal help.* 

Requirements for HIPAA Compliance 

A HIPAA-compliant website or online/mobile application keeps sensitive patient information secure. As HIPAA states, this includes any information that "[r]elates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual."

For your website to be HIPAA compliant: 

  • All data needs to be encrypted, whether transmitted, stored, or archived

  • All data should be backed up and recoverable

  • Data should be password-protected and only accessible to approved personnel

  • Data should be able to be permanently deleted when longer needed

  • Your HIPAA policy needs to be prominently displayed on your website

HIPAA also requires you to designate someone on your staff as HIPAA Privacy Officer. This person will help keep your business and website up to date on HIPAA regulations. In order to be successful, this person will need to have access to the proper systems in your ERP or CRM. This may require additional customization of your website or internal software integration.

Why It’s Important to be HIPAA Compliant 

HIPAA ComplianceHIPAA compliance is essential for both your business and the patients that you serve. Your patients and customers expect their information to be kept confidential. When your business or website isn’t HIPAA compliant, it can put your patients’ information at risk of being stolen or tampered with and can put your business at risk of losing patients and incurring fines. Some penalties could cost your business in excess of $1 million dollars.

Clarity Can Help

Our team at Clarity has years of experience building HIPAA-compliant websites. Whether you need to adjust your current website or have a HIPAA-compliant website created, Clarity can help. To find out more, call or click to contact us today!