Privacy Practices and Your Website—Why and How

TEMPLATE %2F%2F Blog Post Banner (1).png

You may not be aware of this, but one important component of HIPAA is that you must post your Notice of Privacy Practices on your website. According to the HHS website

  • A covered entity (that’s you!) must prominently post and make available its notice on any web site it maintains that provides information about its customer services or benefits.

Fortunately, HHS also provides free templates for creating a Notice of Privacy Practices. You can download a PDF version (more suitable for a brochure) or a text-only version that is very easy to copy and paste to your website. 

Where should it go on your website? You can post it on your policies page, or create a separate page that just hosts the Notice of Privacy Practices. In your consent form, you can point your clients to the website and have them indicate if they also want a hard copy (which you are obligated to provide on request). 

You do also need to have some more general policies on your website, and I highly recommend this package of templates for online businesses (this is an affiliate link). You will get a website privacy policy (different from the Notice of Privacy Practices), a disclaimer (particularly useful if you have a blog), and terms of use. Once you buy them, they are yours and they come with instructions for customization. 


Annie Headshot.png

About the Author

Annie Frisbie, MA, IBCLC is the creator of the IBCLC Private Practice Essential Toolkit, a collection of books, resources, legal forms, training manuals, and workbooks aimed at helping private practice lactation consultants build a private practice that’s ethical, profitable, sustainable, and enjoyable.