Hey all. I’m going be building a RW website for a client who requires HIPAA compliance. This would center around contact forms or patient intake forms. Has anyone encountered this one of their RW websites? My assumption is that this isn’t so much a tools, stacks, add-on question as it is where the site is hosted and if those servers are compliant. And help would be appreciated. Thanks!
Been working with HIPAA Privacy, Security and EDI transactions for over 20 years. It all depends on what you are trying to accomplish. If all you want is contact forms that go back to a central database that only the client has access to there is no problem as long as basic security precautions are followed. Should be the same for the patient intake forms.
Just make sure that there is an NDA between anyone that any of that information is shared with including yourself if you will be testing and having back end access. The access is permissible so long as it is for business related purposes otherwise it must be de-identified.
Let me know what your specific questions are and I will try to assist.
There is already a problem with that site. The information can be used to identify someone which is a big no no with HIPAA privacy. The data must be secured once it is transmitted to the covered entity.
Great advice everyone. Thanks!