You know the HIPAA rules about who has access to personal health information (PHI) within your organization. And you know the guidelines about keeping both paper and electronic health records (EHRs) secure. But what are your HIPAA responsibilities when it comes to hospital web development?
Most prospective patients begin to use your site only to conduct research about your healthcare organization. But if they want to request more information or end up choosing you as their provider, they may interact with your website in several ways like:
This is where HIPAA compliant website design comes in. You are responsible for the PHI transmitted in each of these situations -- and this means that all applications on your site must strictly comply with HIPAA rules.
Unfamiliarity with HIPAA compliant web development standards puts healthcare organizations at risk. Here are the most common ways that providers’ websites fall short of HIPAA standards:
An SSL certificate establishes an encrypted connection between your server and the user. It’s an essential element of a HIPAA compliant website because it’s what blocks third parties from being able to access the data transmitted using your site. At Medical Web Experts, our team takes responsibility for obtaining, installing, and renewing the SSL certificate for every site we develop and host.
A business associate agreement (BAA) is a required contract with any subcontractor that will handle or store PHI. When it comes to HIPAA compliant website design, the BAA establishes that the web design and development company will share the responsibility for all patient PHI that is received by them or handled by the site they build. A healthcare organization should never begin a HIPAA compliant web development project without a BAA. When you work with Medical Web Experts, the BAA is signed at the same time as the service agreement, before we begin work. We also commit to signing BAAs with any subcontractor who collaborates on our web projects.
When a current or prospective patient clicks “submit” on any form they use on your site, the information should be securely transmitted to HIPAA compliant systems only. For example, if your contact form inquiries are routed to your email, your email provider must also be HIPAA compliant. Medical Web Experts’ HIPAA compliant website design projects always account for this. If your current site has links to non-HIPAA compliant systems we will point it out and work with you on a solution, like HIPAA email hosting and web hosting, custom HIPAA compliant application development, or process redesign.
To ensure that the forms on your website are HIPAA compliant, we’ve developed a product for offering rich form functionality on your website while meeting HIPAA regulations. The HIPAA Compliant Forms solution allows you to publish custom forms to your website, securely log each form completion and securely transmit the contents to the secure email address of your choosing.
Too often, we see healthcare organizations fail to implement HIPAA compliance measures early on in the software development process. HIPAA measures generally exist at the lowest levels of an application, meaning that implementing the correct measures early on can save you a lot of time and money later. Medical Web Experts is the foremost leader in HIPAA compliant web development and application development. Every website, web application, and mobile app we create passes through careful consideration for HIPAA compliance at every step of the development life cycle.
If you're seeking assistance with a website and/or application which has already been built, it's not too late to work towards HIPAA compliance. Medical Web Experts will audit your website or application for HIPAA compliance and security holes, and work with you on implementing a reasonable, multi-phase approach to compliance. Trust the experts for your next healthcare app development or website development project.
Have a new project? Complete the form below to speak with one of our experts and find out how we can help.
Our office is in Dallas, Texas. We are open Monday to Friday from 9:00am - 5:00pm EST.
5950 Sherry Ln, Ste 405A
Dallas, TX 75225