Skip to content
English
Sign in
  • There are no suggestions because the search field is empty.

Website HIPAA Compliance

This explains HIPAA considerations in relation to the websites and tools we manage. It is important for our team to understand the limits of what we can and cannot do when handling client projects in industries where HIPAA applies.

What is HIPAA?

  • HIPAA (Health Insurance Portability and Accountability Act) sets standards for protecting sensitive patient health information.
  • Any organization handling personal health information (PHI) must comply with HIPAA regulations.

 

Website Forms and HIPAA

Our standard website platforms are not HIPAA-compliant for form submissions.

This means we cannot collect personal health information (PHI) such as medical history, diagnoses, or other private details through normal website forms.

If a client requires HIPAA compliance, they must use a third-party system or platform specifically designed for HIPAA-compliant form handling.

Call Tracking and HIPAA

CallRail and other call tracking tools are not HIPAA-compliant in our standard use.

Calls should not be recorded if there is a possibility of sharing personal health information.

If clients need call recording with HIPAA protections, they must use systems or providers that guarantee HIPAA compliance.

What We Can Do
  • Build websites and use marketing tools safely as long as no PHI is collected or stored.
  • Work with clients to integrate external HIPAA-compliant systems (for forms, portals, or calls) when needed.
  • Educate clients early in the process about the limitations of our platforms regarding HIPAA.
  • If a client pays for and uses a third-party system that is HIPAA-compliant, that is fine to use.
What We Cannot Do
  • We cannot build HIPAA-compliant form systems directly on our standard platforms.
  • We cannot ask for or store any personal health information in website forms.
  • We cannot record calls through CallRail.
Special Note About Lawyers
  • While HIPAA specifically applies to healthcare, lawyers and legal professionals may have strict confidentiality requirements as well.
  • Sometimes if they handle healthcare related cases we must handle their client data with the same caution: avoid collecting sensitive case or client details in non secure website forms and recorded phone calls.
  • If legal clients need secure intake for legal healthcare related service, they are welcome to use those platforms designed for confidentiality and compliance, but must be paid for by the client.
  • If they do not need it, but take on healthcare related cases please follow the guidelines below.

Precaution for Call Recording Messages: Use a disclaimer such as:

"Thank you for calling. This call may be recorded for quality assurance and training purposes. Please note that this is not a HIPAA compliant line. Do not share any personal health information during this call."

Precaution for Form Fills: Use a disclaimer such as:

"By submitting this form, you consent to the collection and storage of your information for business purposes. Please note that this is not a HIPAA compliant form. Do not share any personal health information (PHI) in this submission."