HIPAA compliance includes website compliance

ADA Member Advantage-endorsed company, ADA resources can help dental practices avoid HIPAA violations

As the year comes to a close, it’s a good time to ensure that your practice is compliant with the requirements of the  Health Insurance Portability and Accountability Act.

And that means your website needs to be compliant, too.

Compliancy Group, a company endorsed by ADA Member Advantage to help dental practices avoid HIPAA penalties through software and one-on-one coaching, has come up with updated advice to help dental practices of all shapes and sizes make sure their websites don’t violate the provisions of HIPAA.

“To be HIPAA-compliant, your practice must ensure that each of the tools you use to run your practice is HIPAA-compliant,” said Kelly Anne Koch, Compliancy Group director of dental relations. “This includes your website. As more dental practices are using websites to promote their practice and make it easier for patients to schedule appointments online, it is more important than ever to make sure that your website, and the tools that have been added to it, are HIPAA-compliant. HIPAA-compliant websites are more secure, so not only do they help meet your legal obligations, they also reduce the likelihood of breaches.”

HIPAA is a national regulation that sets standards for the privacy and security of protected health information.

PHI is any information about a patient’s condition, treatment or payment that can be used to identify the patient, and includes information such as name, address, date of birth, telephone number, email address and dental records.

Under HIPAA, both covered health care providers and their vendors who encounter PHI are mandated to be HIPAA-compliant.

Ms. Koch said that before dentists try to make their website or server HIPAA-compliant, they should ask themselves a few key questions to determine if the website needs to be HIPAA-compliant in the first place:

  • Are you transmitting PHI through your website?
  • Are you storing PHI on a server connected to your website?
  • Are you collecting PHI on your website?

If the answer is “yes” to any of those questions, then your website needs to be HIPAA-compliant.

Using HIPAA-compliant web forms is a good first step, Ms. Koch said.

Several web forms online are WordPress plug-ins and extensions that allow users to place web forms directly onto their site, she said.

Using web forms appropriately can help ensure that any PHI collected will be securely captured, reducing the risk that the PHI will be exposed in a data breach.

Data that is collected in these forms should then also be encrypted. Encryption is essential to running a successful health care business in the digital age, Ms. Koch said. This includes data that is stored internally, in addition to PHI stored on third-party or off-site servers.

“Something to remember about HIPAA-compliant websites is that the data being collected must be kept private and secure throughout the entire course of its use, storage or transmission,” Ms. Koch said. “By implementing safeguards to protect PHI on your website, you’re already performing some of the key components required for an effective HIPAA compliance program.”

As for the website itself, the HIPAA Privacy Rule requires a covered dental practice that maintains a website providing information about its services to prominently post its HIPAA Notice of Privacy Practices on its website.

The HIPAA compliance program for ADA members from Compliancy Group gives practices the tools they need to confidently satisfy the law, along with security policies to guide the creation and implementation of HIPAA-compliant websites.

The ADA also has resources to help with HIPAA compliance on

Additionally, the ADA Store offers The ADA Complete HIPAA Compliance Kit, which has tools to help implement a comprehensive HIPAA compliance program. It includes:

  • The ADA Practical Guide to HIPAA Compliance: Privacy and Security Manual.
  • The ADA Practical Guide to HIPAA Training, a two-level video training program.

Using a step-by-step approach, the kit also has tools to aid in comprehension and documentation, such as:

  • Sample policies and procedures.
  • A sample business associate agreement.
  • A sample Notice of Privacy Practices.
  • A glossary of key terms.
  • A digital version of the manual complete with forms and policies that can be downloaded and customized.

ADA members can receive a 15% discount on the purchase of the kit by using the promo code of 22119 by Feb. 17, 2023.



Recommended Content


© 2023 American Dental Association