HIPAA Compliance & Your Website

Nick Fitzgerald

In a 2018 survey of over 1,000 people in the United States, 80 percent said they had used the internet to perform a healthcare-related search in the previous year. 

A good website is essential for any hearing aid provider. However, the website must also adhere to the Health Insurance Portability and Accountability Act (HIPAA) (HIPAA). If it doesn’t, your website could damage your reputation and result in heavy fines and penalties.

What is HIPAA?

First, it is necessary to understand some key terminology.  

HIPAA stands for Health Insurance Portability and Accountability Act. The HIPAA Act of 1996 aims to protect the privacy of all Americans’ health records.

Protected entities are organizations that exchange information as electronic medical or health records subject to HIPAA regulations. These organizations include businesses that offer healthcare goods such as:

  • pharmacies
  • nursing homes
  • doctor, dental, and psychologist practices
  • Health insurance providers
  • HMOs
  • government agencies that subsidize health services
  • military and veterans groups

Covered entities are ultimately responsible for adhering to all HIPAA laws and guidelines. As a hearing healthcare professional, your practice is considered a covered entity. It is down to you to protect your website users’ information. 

Individual personal and medical information obtained from patients, clients, or consumers are referred to as PHI (Protected Health Information) or ePHI (electronic Protected Health Information). You must have a HIPAA-compliant website if you are gathering, storing, or transmitting this information.

PHI examples include: 

  • Name
  • Address
  • DOB (Date of Birth)
  • Telephone Number
  • Email Address
  • Medical Records (information)
  • Financial Information
  • Website Tasks Handling ePHI

PHI can be gathered in a variety of ways on your website, including:

  • Contact Information Forms
  • Patient Portals
  • Live Messaging
  • Online Patient Forms
  • Patient Testimonials and Reviews
  • Other website collection tools

HIPAA compliance is almost certainly needed for your hearing practice website.

Some important questions must be asked about your hearing practice website:

  • Is personal information collected on your website?
  • Is your website transmitting protected health information (PHI)?
  • Is your website’s PHI held on a server?

If you answered yes to any of these questions, make sure your website complies with HIPAA regulations.

Ensuring your website is playing by the rules.

There are many factors to consider when staying HIPAA compliant, but here are a few to get you started.

  • SSL Certificate: Ensuring that your website is secure is one way to protect your patients’ information. To prevent data leaks, Secure Sockets Layer (SSL) can be used. The next time you enter a healthcare website, check the URL before entering any personal details. An SSL Certificate encrypts communication between a web browser and a web server on websites that begin with HTTPS://. This indicates that the healthcare facility complies with HIPAA regulations.
  • Backups: Do you have automatic backups of your site that are never lost and can be restored at any time? Make sure to back up all of your clients’ information.
  • Encryption: Using HIPAA-compliant encrypted web forms, you can guarantee that only you see the PHI you’re collecting. This helps to prevent data breaches and the release of unsecured information.
  • Access: Access controls must be implemented to ensure that only approved individuals can access data on your website. Those individuals must be educated on HIPAA guidelines. You should also use cybersecurity best practices, including creating secure passwords, restricting administrative rights, and scanning for malware regularly.
  • Partners: Do you and the organization that hosts your website have a HIPAA Business Associate Agreement? If not, does the server that hosts your website comply with the HIPAA Security Rule’s rules and requirements?

The privacy of your website users’ data is a top priority. Since technology is constantly evolving and becoming more open, having a high-level security system on your hearing practice website is becoming increasingly necessary. Need more help becoming HIPAA-compliant? Talk to us today!