HIPAA Website Risk Triage

Surface-level HIPAA risks on your patient-facing website — in under 60 seconds. OCR fines start at $100 per violation.

Triage My Site
Health Keywords Detected
Info
H01

We flag pages containing terms like "appointment", "patient", "diagnosis", "insurance", "symptoms" — these pages are subject to stricter data handling requirements.

Health Forms Over HTTP
Critical
H02

Any form on a health-related page that submits data over HTTP (not HTTPS) is a critical HIPAA risk. PHI must be encrypted in transit.

Missing Notice of Privacy Practices
High
H03

HIPAA requires covered entities to prominently link their Notice of Privacy Practices. We check for this on pages that appear health-related.

File Upload on Health Pages
High
H04

File upload fields on healthcare pages (lab results, medical records) must be protected by encryption and access controls.

Third-Party Chat Widgets
Medium
H05

Intercom, Drift, Zendesk, and similar chat tools may inadvertently receive PHI. These widgets on health pages should have BAAs in place.

Disclaimer: Evora IQ provides automated surface-level triage of publicly accessible website pages. This is not a HIPAA compliance audit and does not assess backend systems, workforce policies, BAAs, or risk management programs. Consult a qualified healthcare attorney or HIPAA compliance officer for a complete assessment.
Start Free Trial