.png)
Menu
HIPAA-compliant website development
HIPAA-compliant website design and development for healthcare teams
We design and build websites and applications for companies in healthcare, health tech, and hospital systems. We handle HIPAA and BAAs at the start of the project, before any design work begins.
Healthcare websites and applications, scoped to what touches patient data
A healthcare project usually has several parts, each with different requirements. A marketing site, a patient intake form, a patient portal, and a clinical content hub all handle patient information differently. Before design starts, we map which parts touch patient information and which parts don't.
%20(1).jpg)
.jpg)
.jpg)
.avif)
What we build for healthcare and health-tech teams.
Healthcare
websites
Marketing sites for clinical brands, provider groups, hospital systems, and health-tech companies. Built on Webflow when the public surface does not handle PHI.
Patient-facing
applications
Custom web applications where patients access information, submit requests, and interact with your team. We scope each one against the patient information it handles and build it on systems set up for that work.
Internal tools for
healthcare teams
Admin and operations tools that connect to the rest of your stack. We scope these against HIPAA the same way we scope patient-facing work.
How we handle HIPAA on a healthcare project
Before any design work begins, we walk through the project with you and identify which parts will collect or display patient information and which parts will not. That covers forms, portals, dashboards, content pages, and integrations. If any part of the project involves us handling patient information directly, we sign a Business Associate Agreement before the work starts.
That conversation gives us the plan for the build. The marketing site and any pages that do not handle patient information are built on Webflow. Anything that does handle patient information is built on systems set up for that work and covered by the Business Associate Agreement.
Who we work with
Healthcare
services
Clinical brands, provider groups, telehealth companies, and direct-to-consumer healthcare businesses building a serious public presence.
Health tech
and software
AI-driven medical tools, patient platforms, and clinical SaaS companies who need a marketing site, a product surface, or both.
Hospitals and
enterprise health systems
Multi-location systems and enterprise providers replacing legacy websites with something marketing and IT can both run.
How a healthcare engagement with us runs
Before any design work begins, we walk through the project with you and identify which parts will collect or display patient information and which parts will not. That covers forms, portals, dashboards, content pages, and integrations. If any part of the project involves us handling patient information directly, we sign a Business Associate Agreement before the work starts.
That conversation gives us the plan for the build. The marketing site and any pages that do not handle patient information are built on Webflow. Anything that does handle patient information is built on systems set up for that work and covered by the Business Associate Agreement.
Healthcare websites and applications we have built
Enterprise project
AI scribe-based technology that removes the need for manual documentation. Designed to help medical doctors automate the documentation process.
DeepScribe
Enterprise project
Not-for-profit health benefits provider headquartered in Winnipeg, Manitoba, Canada.
Manitoba Blue Cross
Enterprise project
The largest health property in the U.S., dedicated to helping millions achieve better health with a shared commitment to wellness.
RVO Health
See our work
What industry leaders say about working with our team
HIPAA website FAQ
What is HIPAA-compliant website design and development?
HIPAA-compliant website design and development is the design and build of websites and applications that meet the safeguards required by HIPAA when the project handles Protected Health Information. It applies to the parts of a site or application that collect, store, transmit, or display PHI. A marketing page that does not handle PHI does not need to be HIPAA-compliant.
Do you sign Business Associate Agreements?
Yes. When our work involves us directly handling PHI, we sign a BAA before the engagement begins. When our work is limited to a public-facing marketing site that does not handle PHI, a BAA is not required.
What is a Business Associate Agreement, and when do I need one?
A BAA is the contract HIPAA requires between a covered entity and any vendor who handles PHI on its behalf. If a vendor will collect, store, transmit, or display PHI as part of the work, a BAA is required. If the work does not touch PHI, a BAA is not required.
Can the public marketing site live on Webflow if the patient portal handles PHI?
Yes. The marketing site can run on Webflow while a patient portal or any other workflow that handles patient information runs on a separate system set up for that work. We have built healthcare projects with this split before.
Are Webflow forms HIPAA-compliant by default?
No platform's standard forms are HIPAA-compliant by default, and Webflow's native forms are not built to handle patient information. For any form on a healthcare site that could collect patient information, the right form setup is part of the upfront scoping conversation, so the form provider and the way the data is handled match the project.
What's the difference between a HIPAA-compliant website and a regular website?
The difference is in what the site does, not what it looks like. A regular website serves marketing content. A HIPAA-compliant website includes the technical safeguards required to collect, store, transmit, or display PHI in line with the regulation, plus the contractual layer with the BAA.
Do you build patient portals and patient-facing applications?
Yes. We have built custom web applications for healthcare clients, including patient portals and patient management systems. These are scoped against the data they handle, and we sign a Business Associate Agreement when the work involves us handling patient information directly.
How do you handle HIPAA at the start of a project?
Before any design work begins, we walk through the project with you and identify which parts will collect or display patient information and which parts will not. That conversation decides where each part of the project will live, what systems it will run on, and whether we need to sign a Business Associate Agreement before we start.
Are you a HIPAA-certified agency?
HIPAA is a regulatory framework, not a certification scheme. There is no official "HIPAA-certified" status that an agency can hold, and any agency claiming to be HIPAA-certified is using the term loosely. What an agency can do is sign BAAs, build to the regulation's safeguards, and work with infrastructure providers who do the same.
Do you work with covered entities, business associates, or both?
Both. We have worked with healthcare clients on both sides, including covered entities and companies building products for covered entities. When the engagement requires us to handle patient information on a covered entity's behalf, we operate as a business associate and sign a Business Associate Agreement.
Ready to talk through your healthcare project?
Tell us what you're building and what patient information is in scope. We'll come back with a clear path to launch and a scope that fits the HIPAA requirements of the project.
Do you need another service?
Website Redesign
B2B and enterprise website redesigns on Webflow. Strategy through launch, without losing what's already ranking.
Wordpress -> Webflow
A clean migration from WordPress to Webflow. Content, redirects, and SEO carried through the transition.
Webflow Maintenance
Ongoing Webflow site care, billed by the hour with no retainer.