How to Setup a HIPAA Compliant Website


One of the most common questions we get asked is: “Is our website HIPAA compliant?” Now, most companies say, “Yeah, it’s HIPAA compliant, you have nothing to worry about.” But here is the problem: the majority of Plastic Surgeons I meet with believe they are following HIPAA guidelines when they are not. I believe this is because most practices put too much faith in their marketing companies to follow these guidelines, when many marketing companies have a hard time understanding the guidelines themselves.

So, I decided to put together a list of the MOST IMPORTANT steps to ensure your website and digital footprint are in fact HIPAA Compliant. Below are seven steps to ensure your website is HIPAA Complaint.

  1. TRANSPORT ENCRYPTION: A fully secure website that is encrypted as it is transmitted across the internet.
  2. BACKUP: Data is never lost, should be backed up on the server daily.
  3. AUTHORIZATION: Authorized personnel should be able to access the website.
  4. INTEGRITY: Is impenetrable from hacks. 
  5. STORAGE ENCRYPTION: Backed up data should be encrypted.
  6. DISPOSAL: Can be removed and deleted permanently.
  7. OMBIBUS/HITECH: Is located on the web server and covered by the HIPAA Business Agreement.

If you would like to learn more about each of these steps as well as how to implement them within your practice, click the button below to download our guide to a HIPAA Compliant Website. 



A Guide to Storytelling

Storytelling is an art form that sets brands apart with creative, engaging stories. Your story can create a narrative that pulls readers or new clients

Read More »

Compare Your Practice

Fill out the form below and we will promptly send you a comprehensive website analysis and competition report. you will gain several key insights and strategic ideas.

Free Whitepaper:

2022 Healthcare Marketing Trends