If you are part of the healthcare industry you know how important these five letters are. The Health Insurance Portability and Accountability Act, commonly referred to as HIPAA, requires all companies that interact with patient data to keep it secure and private. As our lives increasingly move online, this means a HIPAA compliant website is more important than ever.


The HIPAA Compliant.

HIPAA Certified for innovative health services marketers that want to deliver the best patient experiences, eDataPay provides secure, flexible, and easy-to-use solutions for seamless, patient-centric support and billings. This allows providers to transform patient experiences for better outcomes and continuous service. Perfect for companies such as:

1. Start with HIPAA compliant web hosting

Your web host is the first line of defense against compromised patient information. Ask your current host if they have HIPAA compliant practices in place. If they don’t, time to find another host. HIPAA website hosting is a crucial first line of defense for PHI.

Regular scans and updates can help prevent the compromise of sensitive information. And if security issues arise? Your web host has 48 hours to resolve it, according to HIPAA guidelines.

2. Make sure you have an SSL certificate for your website

An SSL certificate creates a secure connection between your website and its server. Think of it this way: if you seal a plastic bag with liquid in it but the seal isn’t tight, the liquid will leak. An SSL certificate helps prevent security leaks.

3. Encrypt and secure all web forms

If patients can use contact forms, chatbots, or appointment services through your site, make sure they are encrypted and secure.


4. Insist on a business associate contract

A business associate contract requires that third-party businesses are HIPAA compliant in their practices, as well.

This means that a bill collector going after delinquent payments must follow the same rules regarding protected health information as the nurse who takes a patient’s blood pressure.

5. Restrict access to PHI

Not everyone in the office needs access to PHI, and the same goes for online access.

As the example above noted, as children get older parents may have less access to their children’s records. Although this can be challenging and frustrating for parents, it is the law in many states.

6. Develop and implement systems for accepting, storing, transmitting, and deleting PHI

If your office does not have systems for handling PHI, take the time to develop them and make them the standard moving forward.

If physician’s assistants are collecting PHI on unsecured tablets and leaving them in the office, this is a potential violation. There are many different ways to handle PHI. The key is to find a HIPAA compliant system that works for you and your staff.

7. Provide HIPAA compliance training to everyone with access

HIPPA compliance training is essential. You cannot expect your employees to understand and follow all aspects of the sometimes-complicated Privacy Rules of HIPAA without appropriate training. Remember the systems you put in place in task #6? Make sure all employees know and understand how to carry them out.

This training should also include the basics of protecting passwords and how to handle patient complaints. HIPAA rules dictate that training occurs “periodically,” so offer annual refreshers for all staff.

Your success is our priority.