Call: (866) 432-8235

Read the Latest from Upward:

Your Health Care Website May Be Capturing PHI Without You Knowing It

WRITTEN by: Bill Sterzenbach |
categories: Healthcare

Jun 2015


Are your health care website visitors "oversharing"? Oversharing can lead to potential HIPAA violations. Sometimes visitors are guilty of TMI (Too Much Information). In this article we'll share some tips on how to detect and avoid "TMI PHI".

People Will Overshare. This Creates PHI

We run audits on our customer's websites from time to time looking for issues where visitors may have shared more information than they were asked to share. In these audits we almost always find something like the following.

My husband has been struggling with issues with his lower back for nearly 10 years...

Here is a classic overshare. What type of form was this? In this case it may have been a registration for a fun run. People tend to really overshare about their health concerns.

How Can You Find TMI?

When looking for "TMI PHI" you'll need to get creative. We generally tend to run a full-text database search for phrases such as "my wife" or "my husband" as these phrases do not typically occur in webpage content and are common in cases of TMI.

Depending upon how your website data is structured, you may be able to run a search of your webform submissions from your CMS administration area.

You can ask your web hosting provider or web development partner to do a search each month - it will provide much needed peace of mind.

How Can You Avoid TMI?

The easiest way to avoid unwanted PHI is to create your webforms without free text fields. This simply removes the ability for the visitor to start sharing.

Often the fix is as simple as replacing a comment field with a dropdown allowing the visitor to select from pre-existing categories, events, etc.

But I WANT to Collect PHI!

There are many cases where you are asking for this type of information, and in these cases of course PHI is appropriate. In these cases, I'm assuming you have a HIPAA compliant website and hosting configuration, and that you're ready for PHI.

This article is really focused on health care websites who have not established a HIPAA compliant environment due to the fact that they don't believe they have PHI on their site.

We Can Help

Are you worried that you may have some TMI PHI on your website? Give us a call - 866.824.0287 - we can help you audit your website for uninvited PHI and provide recommendations on how to either make your website HIPAA safe, or avoid collecting PHI unintentionally. 

more insights

Upward Joins Forces with Lamark Media

Apr 21, 2021

Paving the Way for Accelerated Growth and Unparalleled Cross-Channel...Read

Most Surprising Reason for a Hospital 1-Star Review

Feb 14, 2020

As a health care provider, you will get one-star reviews. You just can't...Read

How Virtual Reality Can Save the Day for Trade Show Experiences

Feb 14, 2020

Listen in as Mark Goodwin chats with Zach Myers and Bill Sterzenbach on how...Read

The #1 Reason (by a wide margin) Health Care Patients Posted 1-Star Reviews

Jul 11, 2019

Upward recently analyzed over 3,800 hospital reviews from all over the US. We...Read