How to Make Your Website
HIPAA-Compliant

Start With Our Free Masterclass

Meet Mark Croft, co-founder of 30 Degrees North. He's researched many options at all price points that covered entities can use to make their websites HIPAA-compliant. Here are his recommendations on how to do your own website analysis and how to hold onto long-used tools like Google Analytics while meeting the HHS requirements confirmed in March 2024.

HIPAA rules include more than patient data collected through your website.

Watch this free masterclass to learn what you need to do.

What are the current HIPAA requirements for websites and digital marketing?

What can I do to be sure our website and marketing tools are HIPAA-compliant?

Can I keep using our existing tools in a HIPAA-compliant way?

Get the answers and get a free digital marketing HIPAA compliance workbook.

Sign up for instant access to the class

Ready to Get Compliant?

If you haven’t made changes in the past year to how you collect information from website visitors AND about website visitors, your medical practice or hospital is most likely not HIPAA compliant.

You may not even realize you’re collecting some of these new PHI data points behind the scenes!

Rather than just shutting down all of the sophisticated digital marketing tools you’re using to grow the business, let’s take a look at what you can do to get in compliance as quickly as possible.

FROM OUR BLOG

Learn More About What's Required

Our team is on top of the latest rulings and what you need to do to make your website and digital marketing meet HIPAA's latest requirements. Check out our blog.

Latest HIPAA Rules: What Covered Entities Need to Do Now
HIPAA Compliant Website
Latest HIPAA Rules: What Covered Entities Need to Do Now
Top 7 HIPAA-compliance FAQs for Websites (and the Answers You Need to Know)
HIPAA Compliant Website
Top 7 HIPAA-compliance FAQs for Websites (and the Answers You Need to Know)
Four Data Points You May Not Realize are PHI and What to Do About Them
HIPAA Compliant Website
Four Data Points You May Not Realize are PHI and What to Do About Them

Three Steps to Website HIPAA Compliance

(With a Few Steps In Between)

1. Collect Information About All Visitors Using HIPAA-Compliant Services

Any personally identifying information about any visitor to a medical practice website must be collected through a HIPAA-compliant service. This applies to every visitor whether they are a patient or could become a patient in the future. Examples include:

  • New patient inquiry forms
  • Blog sign up
  • Newsletter sign up
purple_arrow

2. Evaluate EVERY Service Related to Your Website and Digital Marketing Activities

This process requires you to see what data is submitted to third party services that a visitor didn’t submit through a web form. This includes data points such as IP address, which also indicates their city, and device ID. You wouldn’t know it was being stored unless you really look. 

Here are just few of the things you need to review:

  • The content management system (CMS) such as WordPress and any plugins added by the web developer to make the website function
  • Google Analytics
  • Google Ads
  • Facebook/Meta ads
  • Video players
  • Hosting services

And there are dozens more services depending on the complexity of your website.

purple_arrow

3. Make Changes to the Services That are Collecting PHI

If you are using services that collect any PHI, such as Google Analytics, it’s time to make changes.

Pro Tip: You don’t have to get rid of Google Analytics and most Google and Meta Ads.

Are you unsure how to go through the process of evaluating and changing your digital marketing services?

You’re not alone.

As a marketer, practice manager, compliance officer, or a physician you must ensure this is addressed.  

You can leverage what we've learned to fast-track your digital marketing compliance with our free online class. 

Take our FREE masterclass

or

Request a FREE live consultation

Why Take the HIPAA Masterclass?

Participants receive the following for FREE:

1. A more detailed explanation of how HIPAA has changed and what that means for your digital marketing and website.

2. An explanation of how to identify and audit the services you are using to see if they collect or store PHI. 

3. A better understanding of how you can make changes to your current services to make them HIPAA compliant.

PLUS: A free planning workbook to audit and evaluate all of your digital services and how they handle PHI.

Get Answers from a HIPAA-Certified Expert

Complete the form for free consultation.