Ah-choo! You just faced a lawsuit!
As flu and COVID cases rise, healthcare organizations often see a surge in online appointment requests, symptom questions, and digital communication from patients. With this increased activity, it’s critical to make sure your website and digital tools remain fully HIPAA-compliant.
Many practices don’t realize that HIPAA extends far beyond medical records—it also applies to websites, online forms, chat tools, analytics, and even newsletter platforms.
Common Noncompliance Issues
Google Analytics + Meta Pixel
Tools like Google Analytics and Meta Pixel track IP addresses, page views, and user behavior. On healthcare page ( especially appointment request or symptom-related page) this data becomes PHI.
Risk: Google and Meta do not sign BAAs, so sending PHI to them violates HIPAA.
Bottom line: Do not use these trackers on any page where a patient may share or imply health information.
Using Regular Live Chat for Symptom Questions
Standard chat tools (Tidio, LiveChat, Messenger plugins, etc.) aren’t HIPAA-compliant. If patients share symptoms or medical details, the chat becomes PHI.
Risk: Messages are stored and transmitted through unsecured, non-HIPAA platforms.
Bottom line: Only use HIPAA-compliant chat or redirect medical questions to a secure patient portal.
Website Forms Not Being HIPAA-Compliant
Any form that collects patient information (appointment requests, symptoms, insurance details, or even basic contact info tied to medical intent) is considered PHI.
Risk: Standard website forms (Wix forms, basic form builders) often lack encryption, secure storage, and a BAA, making them noncompliant.
Bottom line: Use HIPAA-secure forms that encrypt data, store it safely, and never send PHI through regular email.
Have a HIPAA Question?
If you have question on HIPAA regulations or want to make sure you are compliant, we’re here.
