Did you consider HIPAA in your dental website design?

Dental practices are very aware of HIPAA. But are they aware of HIPAA when it comes to their dental practice websites? Here are some questions to ask your website developer.

Apr 13th, 2016
Content Dam Diq Online Articles 2016 04 Hipaa 1

A quick Google search for “dental website design” reveals 3.98 million results, with helpful consultants and companies promising to build you the best dental website. These include services that will deliver modern, SEO, and mobile-friendly websites that will drive traffic to your practice. But one thing most of these web designers don’t do is mention whether their services include securing your dental website and implementing technical safeguards required by the HIPAA security rule.

We created some questions you should ask your web designer so you can be sure any patients who interact with your site will have a secure and compliant experience.

1. How will patients interact with my website?
If you don’t do anything else, be sure to ask this question. How you and your web designer allow patients to interact with your website dictates what security steps need to be taken. The key deciding factor is if any personal health information (PHI) is going to be transmitted or hosted by your website. Remember, even something like booking an appointment online can fall under this category.

If your website is going to just be a beautiful online flyer for your practice so patients can see what services you offer, find directions, and contact you via phone, then you don’t need to take any extra steps to be HIPAA compliant. But if you want patients to be able to manage their appointments, email you, and fill out online forms, then you need to be sure data transmitted to hosted is secure.

2. Will my website be https or http?
It may just be one letter, but that little ‘s’ makes a big difference in the security of your website. HTTPS adds a layer of encryption so data being transmitted from the website to your server is protected. Once your web designer knows you require that extra protection, they should be able to ensure that the proper SSL Certificate is in place.

3. Will any third-party vendors be used? Will they sign a Business Associates Agreement (BAA)?

Remember, web designers are not necessarily programmers or software engineers. Depending on the features of your website, you’ll need to be sure that any PHI transmitted or hosted is secure in transit and at rest. Most web designers have a group of third party vendors they use to provide the security needed, but be sure that those vendors sign a BAA. North Memorial Health Care found out that not taking this extra step can cost over $1 million in HIPAA settlement fines.

Even a simple email or online form can constitute transmitting PHI. Be sure that your web designer is using a vendor such as Paubox. These vendors will sign a BAA and have done their due diligence that their products meet necessary technical safeguards as outlined in the HIPAA security rule.

RELATED ARTICLES:Tips for staying ‘hip’ with HIPAA regulations for dental practices
Selfies, videos, and social media: Dancing with HIPAA regulation dangers in dental practices

4. Have you designed any other dental or health-care-related websites?
When it comes to securing your website, you want to be sure that you’re using a designer who has experience in health care. Some things that work well in other businesses may need more attention for a health-care-related website. A physical therapy provider found this out the hard way with a $25,000 fine when the company didn’t take the proper steps in using testimonials.

Make your dental website work for you
It takes a lot to run a dental practice, and often something like a website can be just another thing to check off a to-do list. But asking these questions will help ensure that your web designer will build a website that will be an asset and not a liability. Even if you already have a website, it’s good to do a security audit and ask yourself if there are any potential gaps. Using a domain host email such as GoDaddy falls under this category.

Using the right technology and processes can make your website HIPAA compliant, improve your workflows, increase your business, and allow you to focus more on patients.


For the most current dental headlines, click here.


Hoala Greevy is the founder and CEO of Paubox, which offers HIPAA-compliant solutions for dentists and other health-care providers, including email encryption and online forms that eliminate the hassle of portals and delivers a true seamless experience.

More in Marketing