medspa mastery logoSubscribe to The Medspa Mastery Report: The Go-To Hub for News, Tools, and Growth in the Aesthetic Industry.

👨‍⚖️ Novo Nordisk Court Victory Halts Compounded Wegovy, Ozempic | AbbVie's DAXI Filing Signals Potential New Addition to Allergan's Neuromodulator Portfolio | The Aesthetic Society Announces Dr. Tracy Pfeifer as New President | ‼️ FDA Issues Serious Warning About Ozempic-Branded Semaglutide Injections | ₿ Young Pharmaceuticals Now Accepts Cryptocurrency| ℹ️ Novo lowers GLP-1 prices to $499 per month 🚨 N.J. will eliminate sales tax on sunscreen | 📰 SkinSpirit Enters the Florida Market with the Opening of New Miami Clinic | ‼️Lilly Suing Strive and Empower Pharmacies over Compound Tirzepatide | ⚖️ Texas Introduces Jenifer Bill to Regulate Medspa Industry | 👨‍⚖️ Novo Nordisk Court Victory Halts Compounded Wegovy, Ozempic | 🚨 California Bill Aims to Limit Anti-Aging Product Sales to Minors, Address Skin Health Concerns| 🏴󠁧󠁢󠁥Merz Aesthetics Extends Partnership with North Carolina Women’s Soccer Team | 🎉 Verve Medical Cosmetics Celebrates 25th of Medspa Success| 🚨 N.J. will eliminate sales tax on sunscreen | AbbVie's DAXI Filing Signals Potential New Addition to Allergan's Neuromodulator Portfolio |

HIPAA Compliance and Your Website: Don’t Fall for the Myths and Scare Tactics

by | Jan 18, 2025 | Business and Operations

man holding phone with a. mask on

Recently, a Medical Spa Owner reached out to us to share an experience they were pretty annoyed by: they received a call from a website design company claiming their site wasn’t HIPAA-compliant because of the platform it was built on.

Specifically, the caller told them:

“because you are using WordPress your website is not HIPPA compliant and you are in danger of getting fines or worse.”

First of all, NO.

Not only does half the world use the WordPress Platform (including Medspa Mastery, because it is – in our opinion – the best website platform out there) but this isn’t even how HIPPA works.

HIPAA Compliance: It’s Not About the Platform

Whether you use WordPress, Wix, Squarespace, Shopify, or any other major website builder, the platform itself is not inherently “HIPAA-compliant” or “non-compliant.” 

 

The platform is just a tool. It’s how you use it that matters.

It’s Not About the Platform—It’s About How You Use It

Whether you’re using WordPress, Squarespace, Wix, or another platform, none of these are inherently “HIPAA-compliant” or “non-compliant.”

When Does HIPAA Apply to Your Website?

Most medspa websites don’t directly handle sensitive patient information. Instead, they link to or embed HIPAA-compliant systems like PatientNow, Aesthetic Record, or other secure platforms for scheduling and records. These systems already meet HIPAA requirements, so your website isn’t the one managing private data.

However, HIPAA compliance might come into play on your site in a few situations:

  • Sharing Before-and-After Photo
    • If you’re website has a Gallery Page showcasing your amazing results with before-and-after photos, you must have signed consent from your clients.

No exceptions!
This isn’t about your website’s platform or plugins—it’s about having the proper paperwork.

  • Collecting Data Through Forms
    • If you have a form on your website where people enter personal or medical information (e.g., name, contact info, medical history), this is where you need to pay attention.
cute red car driving eratic

Here’s a simple analogy:

Think of your website like a car. A car isn’t automatically safe—it depends on how you drive it. Similarly, your website can be HIPAA-compliant if you use the right security measures and practices.

Beware of Scare Tactics

If someone tells you your website isn’t HIPAA-compliant because of the platform you’re using, they’re probably trying to sell you something. Platforms like WordPress, Squarespace, and others can all be used in ways that meet HIPAA standards.

Ask yourself:

  • Are you collecting sensitive information directly on your site?
  • Are you sharing patient photos without consent?

If the answer is no, you’re likely in the clear. If the answer is yes, follow the steps above to ensure compliance.

Want to Learn More?

If you’re still unsure about whether your website is meeting compliance standards, check out our related post:
👉 How to Ensure Your Medspa Website Is Compliant

Remember, HIPAA compliance doesn’t have to be overwhelming. It’s not about the platform you use—it’s about taking a few simple steps to protect your clients and your business.

Submit a Comment

Your email address will not be published. Required fields are marked *