What is HIPAA Compliance?

HIPAA applies to any Protected Health Information (PHI). Your contact forms, appointment scheduling, patient portals, and even review responses must be HIPAA-compliant. Use secure hosting, encrypted forms, and Business Associate Agreements with vendors handling PHI.

A BAA is a contract with any vendor who may access PHI, hosting providers, form services, email platforms. It legally binds them to HIPAA compliance. If they don't offer a BAA, they're not appropriate for healthcare use.

Carefully. You cannot confirm someone is a patient or disclose any health information. Responses should be generic: 'Thank you for your feedback. Please contact our office directly to discuss your experience.' Even acknowledging they're a patient violates HIPAA.

Your website needs HIPAA-compliant hosting and forms if collecting PHI. Standard WordPress or website builders may work with proper add-ons. Specialized healthcare platforms (Jane, SimplePractice) include compliance. Consult a HIPAA expert for your specific situation.

Fines range from $100 to $50,000+ per violation, with annual maximums up to $1.5 million. Criminal penalties can include prison time for willful violations. Beyond fines, breaches damage reputation significantly. Compliance is cheaper than violations.