Can I Have Patient Communication on My Website?


Patients don’t want to be put on hold. They’re tired of accommodating to constraining office hours. Consequently, they’re looking for easy ways to communicate with their providers. Technology can solve many of patients’ communication frustrations. Many systems allow patients and healthcare staff to communicate without the limitations of phone calls.

One solution is to use the patient portal on your electronic health record system. These portals allow patients to communicate with their providers in a variety of ways. You can link to this portal from your website, creating a convenient tool for your patients.

If you don’t have a patient portal, you can put a communication form directly on your website where patients or potential patients can submit communication requests. This option is fine, as long as the online form is HIPAA-compliant. To be compliant, it must keep patient requests secure from unauthorized viewing.

You have a few security options:

  1. Use a Secure Socket Layer (SSL) on your website. Your website will then display as secure (HTTPS) for your web visitors.
  2. Purchase a secure web communication tool to embed on your website.
  3. Encrypt your entire website.

Furthermore, you must also be sure the communication arrives securely on your end. Web communication forms most often arrive through email. Therefore, you must encrypt the email account associated with the web form and limit access to only the necessary staff.

Lastly, if you use your website as a communication tool, you’ll need to include the website and supporting systems (such as hosting) in your risk analysis, information system activity review, and other security evaluations required by the HIPAA Security Rule.

To learn how HIPAAtrek can guide your HIPAA compliance program, contact us or request a demo.

Need More Guidance? Grab Our PHI Decision Tree!

This simple cheat sheet makes it easy to recognize every time you’re interacting with protected health information.

Decision Tree Preview

Request A HIPAAtrek Demo

HIPAAtrek User
Compliance is complicated. Your compliance software doesn’t have to be. Schedule your demo today!

You Might Also Like

Double Extortion: What It Is, and How You Can Prevent It

If organizations refuse to pay their ransom, attackers are threatening to release the data publicly. This will of course include sensitive information and PHI. Before Double Extortion, we assumed that hackers could not actually access our data and were only with-holding it from victims to disrupt the ability to continue their work. Now we know they can extract this information and publish it online, breaching our patient’s security.

Read More »