HIPAA Compliance &
Data Security

Understanding HIPAA and Website Builders

The Health Insurance Portability and Accountability Act (HIPAA) sets standards for protecting sensitive patient health information. As a website builder for healthcare professionals, we want to be transparent about how HIPAA applies to our services.

What We Do

• Provide a platform for creating professional marketing websites
• Host website content including practice information, services, and educational content
• Enable contact forms for appointment requests and general inquiries
• Offer AI chatbot functionality for common patient questions
• Generate blog and social media content for practice marketing

What We Don't Do

• Store or process electronic Protected Health Information (ePHI)
• Provide electronic health records (EHR) functionality
• Process patient medical records or treatment information
• Handle insurance claims or billing information
• Facilitate doctor-patient communications about specific medical conditions

Your Responsibilities

As a healthcare provider, you are responsible for:

• Ensuring any patient information collected through your website is handled according to HIPAA requirements
• Using HIPAA-compliant methods for any communications involving PHI
• Training staff on proper handling of information received through website forms
• Implementing appropriate safeguards for patient data in your practice
• Obtaining proper patient consent for testimonials or reviews displayed on your website

Contact Forms and Appointment Requests

Our contact forms are designed for general appointment requests and inquiries. They are not intended for transmission of detailed medical information. We recommend:

• Using form fields that collect only basic contact information
• Including clear disclaimers that patients should not include sensitive medical details
• Responding to inquiries through HIPAA-compliant communication channels
• Transferring any sensitive information received to your secure practice systems promptly

AI Chatbot Considerations

Our AI chatbot feature is designed to answer common questions about your practice, services, and general health topics. It is not a substitute for medical advice. The chatbot:

• Does not access, store, or process patient medical records
• Is trained to redirect medical questions to appropriate consultation
• Collects only basic information needed to assist with appointments
• Can be configured to include appropriate medical disclaimers

Data Security Practices

While our platform is not designed to handle PHI, we maintain strong security practices:

• All data transmitted to and from our platform is encrypted using TLS 1.3
• Data at rest is encrypted using AES-256 encryption
• We use secure, SOC 2 Type II certified cloud infrastructure
• Regular security assessments and penetration testing
• Access controls and audit logging for all administrative actions
• Regular backups with secure, encrypted storage

Business Associate Agreement (BAA)

While our platform is designed for marketing websites and not PHI handling, we understand that many healthcare organizations require a BAA for all vendors. We're happy to sign a Business Associate Agreement upon request.

Questions?

If you have questions about HIPAA compliance, data security, or how our platform can work for your healthcare practice, please contact us: