Can’t believe it!

Last Saturday morning I spent 2 hours browsing different pharmacy websites. I was amazed how many of them were not secure or compliant. I would say a good 60% of pharmacy websites are in violation of HIPAA. In addition, 75% of the websites I visited were not secure with SSL. As a website design company that specializes in pharmacy and healthcare websites I cannot stress enough the importance of security and compliance with websites.

In this article I will discuss the reasons why your pharmacy website must be compliant and secure. Many owners don’t put much thought into the security of their website. Websites are often overlooked and never touched again after completion. However, with more and more security incidents involving pharmacies it is essential you lock down your pharmacy website.

What is HIPAA and ADA?

HIPAA (Health Insurance Portability and Accountability Act)  was passed by Congress in 1996. The act mandates standards for healthcare companies including pharmacies to abide by. HIPAA requires the protection and confidential handling of protected health information.

ADA (Americans with Disabilities Act) of 1990 prohibits discrimination against individuals with disabilities. This includes pharmacies and their website presence.

Pharmacy Website HIPAA Compliance

What makes a website HIPAA compliant and why compliance is required. The answer to why is simple, patients are entering PHI (personal health information) on your website. It only makes sense to have this information secure is all forms. If a patient types in their RX Number that is considered PHI info and needs to be protected. From when the user first types their information to the time it’s submitted into the pharmacy system, e-mail or fax — this data should be 100% secure and protected.

Not only do patients send PHI information through refills request but also through contact forms. All contact forms should be 100% HIPAA compliant. Patients often send RX numbers and other PII (personal identifiable information) through contact forms. Don’t think just because your website is managed or hosted through a marketing/IVR company that it is secure and complaint.

How to make your website compliant with HIPAA?

First make sure your website is secure with SSL (Secure Sockets Layer) from your hosting company. SSL is a cryptographic protocol and will secure the connection from your patient to your website.  You may have to purchase this extra but it needs to be part of your website. SSL also helps with SEO as an added benefit.

Second, make sure all of your forms (contact, refill, transfer etc) are all HIPAA compliant. There are a few form providers like Jotform that provide HIPAA protection. Jotform is the form company we use for all of our healthcare websites we create.

Pharmacy Website ADA Compliance

ADA compliance has recently became a large issue for independent pharmacies thanks to the Winn-Dixie lawsuit. The lawsuit which awarded the plaintiffs lawyers $100,000 stated Winn-Dixies’ website was not compliant for the blind.

To be ADA compliant your pharmacy website should be able to be read back to the user clearly. All videos on your website should have text transcripts. All images should have their “alt” tag field filled in. The website should be organized clearly and delineated from one another and are easily navigated throughout the entire site.


By having HIPAA and ADA compliance on your pharmacy website you can rest assured that you are providing a safe and compliant virtual extension of your pharmacy. Now more than ever, cyber security is becoming more and more prevalent. With security breaches happening every day your pharmacy website must be secure and provide a safe place to enter PHI info.

ConfigRX specializes in pharmacy and healthcare websites. We manage our clients websites after design completion to ensure a safe environment of the pharmacies patients. If you are interested in our pharmacy web design service check out our website design page.