Are Empathysites HIPAA compliant?
Yes, Empathysites websites can be used in a fully HIPAA compliant way.
Empathysites are marketing tools. As long as you do not use your Empathysite to collect protected health information of patients or future patients or for ongoing patient communication, you will be in alignment with HIPAA with your Empathysite.
Because Empathysites are not designed to handle PHI, protected health information, Empathysites does not provide a BAA (business associates agreement) and our hosting also does not provide one.
Empathysites are designed as marketing tools only and should not replace secure email, secure schedulers, or practice management software like EMRs or EHRs.
Empathysites can be integrated with HIPAA secure third party services like client portals, EHRs, and embeddable forms.
We fully support the Simple Practice booking widget, for one example. And, we’ve also introduced a way to have beautifully styled secure web forms with Hushmail too in addition to the ability to directly embed any secure form you create with Hushmail onto your site.
Details About Optional Features
Empathysites has three features that are up to your discretion to use:
- Contact forms – for initial inquiries, you may request a simple contact form. Contact form submissions are sent through our servers over TLS until hand off to your email service. Contact form submissions are not usually stored on our server as they are sent through it using a PHP-based mail sending function. However, in the case that the PHP-based mail sending function encounters errors with sending, the errors – including the contents of the contact form – may get stored in an error log on our server and administrators here at Empathysites may be notified.
- Comment forms – for therapists who blog, comment forms may be activated on your request. Comment submissions can be reviewed by you before they are published under your post but are stored on your website’s database and therefore also our website hosting.
- Subscribe forms – subscribe forms connect to your email marketing software via their API. In order to hand off the subscribe form submission, the entry into the form may or may not be handled on our server. If this is of concern, we recommend reaching out to the creators of the web APIs for your email marketing software to inquire.
For figuring out if you would like to use these features, you would want to consult with a digital security attorney or professional that understands the digital security guidelines for your licensing. We highly recommend Person Centered Tech for security consultancy.
Or, simply do not request any of these features. Forms are not included on Empathysites by default so it will be up to you to decide if using them is in alignment with your interpretation of HIPAA, your practice policies, and ethical standards.
We’re Passionate About Privacy and Security
Security is something we’re passionate about and we’re on top of the latest developments so that we can continually improve the privacy and security transparency of our services and sites. Ask anything further about our services or tech if you have follow up questions.