By Kay Sperduti, Sperduti Communications

In the decades I’ve worked on medical websites, we’ve come a long, long way. Today, I still notice big gaping holes with some sites opting not to list medical providers, failing to list locations or contact information on the home page, poorly designed mobile sites, and using logos that seem to have been designed in the 70’s or ’80s. But the most worrisome issue is the failure to be HIPAA compliant in messaging.

Contact Us forms are frequent additions to sites, allowing site visitors to ask anything. Because there is always a risk of those completing forms to include protected health information, the forms are one of the biggest challenges.

To be HIPAA compliant, contact forms must meet requirements for access control, encryption, and security software. This is because the forms may contain protected health information which is individually identifiable information about a person’s health, healthcare, or payment.

Work closely with your web developer or IT staff member to ensure that your forms meet these standards. One of the easiest ways to achieve compliance is to use ready-made HIPAA-compliant online forms such as those provided by Jotform. These are customizable, online forms that keep protected health information safe through HIPAA and SOC 2 Type II compliance.

There are other important ways to protect patient privacy on your site. These include selecting a HIPAA-compliant web host, obtaining an SSL certificate, and encrypting information collected through chatbots. But don’t forget those patient forms. Even when we don’t ask for or want site users to leave protected health information, they often do.