So we’re really good at creating and implementing small ecommerce solutions into websites. Anything from a fairly complex PayPal donation form, with options to turn the donation into a recurring subscription; all the way to a simple payment form with nothing more than an amount and credit card fields. We can do all that stuff. Did I mention we’re pretty good at it?

What? Fiddler Won’t Help You With Something?

You’re probably reading this because you’re a medical professional (dentist, physical therapist, chiropractor, podiatrist, etc), or you work for one, and are wondering why we can’t do this same kind of thing for you? We do it for our other clients, why not your medical business? The answer is really simple. It’s just 1 word: HIPAA (okay, so it’s actually a 5-word acronym, but still, you get the point…).

Before I continue, I want to say that I’m not a lawyer, and this is not legal advice. This is just my understanding as best I’ve been able to figure out. As a company we’re playing it safe. If you get good legal advice that suggests otherwise (especially if they’re willing to take responsibility should it prove wrong), then we’ll be happy to handle this differently.

HIPAA is a huge issue for doing anything with your medically-related business, on the web. We’d be more than happy to just set you up a little payment form or portal. But HIPAA says we can’t. Our hands are legally tied. If patients are going to submit their patient information over your website, the website must be fully HIPAA compliant.

So even if your bank or merchant processor is telling you its really easy to integrate their payment system into a website, we still can’t do that. We’d be exposing you to huge liability, unless we made it fully HIPAA compliant. Unfortunately HPAA compliance is rather complex and very expensive. We couldn’t offer our inexpensive $199/month websites for medical professionals, if we had to make it HIPAA compliant. It would need to cost upwards of 700 dollars per month to make it viable for us. Even if we had a large amount of medical professionals as clients, we’d still likely not take this on, as it doesn’t really fit with our core business model

What About Your Contact Form?

So what about the contact form on your site now? I knew you were going to ask that, so I prepared a good answer. Basically a contact form is people voluntarily reaching out to you and doesn’t necessarily indicate that they’re a patient. Therefore it’s okay to have a generic contact form that potential patients may contact you through.

So What Are Your Options?

Your options are pretty simple, just setup a payment portal with a HIPAA compliant company that specializes in medical payment portals. They’ll make sure all the security is in place, and everything fully HIPAA compliant. Since they do that for a lot of medical businesses, they can spread the costs around and make it much more cost-effective for you than we could.

Once you’ve done that, give us the link to that portal, and we’ll link to it from your website. That way people can easily click through from the website, to your patient portal. You’ll still get paid, and everything work smoothly for the patient. But we don’t have to get involved in HIPAA. We’ll leave that to the specialists.

Where to Start?

I’ve had a hard time finding examples of these kinds of companies/services. So I don’t blame you if you’ve been frustrated or confused by this. The place to start is with your internal billing software company. Ask them if they have a web-portal solution for online payments. If they provide a service like this, or integrate with one, that will be the easiest option for you.

If they don’t, you could try out Nextgen, or Zirmed. I’m not endorsing either of these. I don’t know anything about them. But the appear to be legit businesses, and the hospital in my area uses Nextgen.