Privacy
HIPAA
If your site collects, displays, or transmits protected health information, HIPAA applies. A privacy policy plus an explicit Notice of Privacy Practices and a clear consent flow are the minimum visible signals.
What it is
The Health Insurance Portability and Accountability Act, with rules administered by HHS. The Privacy Rule (45 CFR Part 164 Subpart E) governs how covered entities and business associates may use and disclose protected health information (PHI); the Security Rule covers the technical safeguards for electronic PHI.
Why it matters
OCR penalties run from $100 to $50,000 per violation, capped at $2M+ per identical-violation type per year, and willful neglect can pile on criminal liability. Any patient portal, telehealth flow, intake form, or third-party tracking pixel that touches PHI is a HIPAA exposure.
Who it applies to
U.S. healthcare providers, health plans, clearinghouses, and their business associates — anyone whose site touches protected health information.
- Jurisdictions: United States
How WQI scores it
Web Quality Index considers this standard satisfied when all of the 3 supporting factors pass.
| # | Factor | Status |
|---|---|---|
| 46 | Cookie banner presence + CMP detection | planned |
| 47 | Privacy policy page presence | planned |
| 51 | Cookie scan — actual cookies set on first load | planned |
0 of 3 supporting factors are currently collected. Sites where the remaining 3 haven't been measured will show as partial or unknown on this standard until the data lands.
Related standards
Standards that share factors with this one
Auto-computed from overlapping factor tickets in satisfiedBy, excluding standards already listed under "See also" above. Strong overlap suggests these standards rise and fall together when sites are scored.
Other references
- regulation HHS — Summary of the HIPAA Privacy Rule
- regulation HHS — HIPAA Security Rule
- guidance HHS bulletin on online tracking technologies and PHI