How to Make Your Website

Start With Our Free Masterclass

Meet Mark Croft, co-founder of 30 Degrees North. He's researched many options at all price points that covered entities can use to make their websites HIPAA-compliant. Here are his recommendations on how to do your own website analysis and how to hold onto long-used tools like Google Analytics while meeting the HHS requirements confirmed in March 2024.

HIPAA rules include more than patients on your website.

Take this free masterclass to learn what you need to do.

What are the current HIPAA requirements for websites and digital marketing?

What can I do to be sure our website and marketing tools are HIPAA-compliant?

Can I keep using our existing tools in a HIPAA-compliant way?

Get the answers and get a free digital marketing HIPAA compliance workbook.

Sign up for instant access

What Do Recent HIPAA Changes Mean for Your Medical Practice Website and Digital Marketing?

If you haven’t made changes in the past year to how you collect information from website visitors AND about website visitors, your medical practice or hospital is most likely not HIPAA compliant.

You may not even realize you’re collecting some of these new PHI data points behind the scenes!

Rather than just shutting down all of the sophisticated digital marketing tools you’re using to grow the business, let’s take a look at what you can do to get in compliance as quickly as possible.

What Do You Need to Do to Make Your Website HIPAA Compliant?

1. Collect Information About All Visitors Using HIPAA-Compliant Services

Any personally identifying information about any visitor to a medical practice website must be collected through a HIPAA-compliant service. This applies to every visitor whether they are a patient or could become a patient in the future. Examples include:

  • New patient inquiry forms
  • Blog sign up
  • Newsletter sign up

2. Evaluate EVERY Service Related to Your Website and Digital Marketing Activities

This process requires you to see what data is submitted to third party services that a visitor didn’t submit through a web form. This includes data points such as IP address, which also indicates their city, and device ID. You wouldn’t know it was being stored unless you really look. 

Here are just few of the things you need to review:

  • The content management system (CMS) such as WordPress and any plugins added by the web developer to make the website function
  • Google Analytics
  • Google Ads
  • Facebook/Meta ads
  • Video players
  • Hosting services

And there are dozens more services depending on the complexity of your website.


3. Make Changes to the Services That are Collecting PHI

If you are using services that collect any PHI, such as Google Analytics, it’s time to make changes.

Pro Tip: You don’t have to get rid of Google Analytics and most Google and Meta Ads.

Are you unsure how to go through the process of evaluating and changing your digital marketing services?

You’re not alone.

As a marketer, practice manager, compliance officer, or a physician you must ensure this is addressed.  

You can leverage what we've learned to fast-track your digital marketing compliance with our free online class. 

Take Our FREE Masterclass

How to Keep Using Google Analytics (and other Digital Marketing Tools) in a HIPAA Compliant Way

Participants in our FREE masterclass will receive:

1. A more detailed explanation of how HIPAA has changed and what that means for your digital marketing and website.

2. An explanation of how to identify and audit the services you are using to see if they collect or store PHI. 

3. A better understanding of how you can make changes to your current services to make them HIPAA compliant.

PLUS: A free planning workbook to audit and evaluate all of your digital services and how they handle PHI.

Watch Our On-Demand Masterclass Now.

You can’t afford to miss it.

Sign up for instant access