Does my website need to be HIPAA compliant?

If your website will be used to access, store, manage, transfer, or otherwise handle Protected Health Information (including an individual’s health, treatment, and payment information), it needs to be HIPAA compliant.

If your website is an information source not specific to individual patients, then it likely does not need to be HIPAA compliant. We recommend you confirm this with your lawyer.

It is Jottful's recommendation that every website with any sort of medical content include a GDPR/CCPA cookie consent banner and a Privacy Policy page, even if HIPAA compliance is not necessary.