Healthcare Website Development Checklist
Best practices for evaluating healthcare and nonprofit websites
By Michael Beck
Michael is a partner at BECK Digital with a weak spot for well written code, optimized queries and servers that hum.
Why Accessibility and Security are Crucial to Healthcare & Nonprofit Websites
Designing a new hospital or nonprofit website provides a fresh opportunity to do some updating, rebranding and housekeeping – it also provides an ideal time to review your site’s accessibility and security. Overlooked, accessibility and security barriers can have grave implications on the user experience, which have a roll-over effect on your conversion rates. And before rushing to put new designs in front of your executives, there are some vital government guidelines to take into consideration. These healthcare and nonprofit website development trends should not be overlooked.
Section 508 Compliance
In 1998, the US Workforce Rehabilitation Act of 1973 was amended to strengthen Section 508, which requires all Federal agencies to “make their electronic and information technology accessible to people with disabilities.” While Section 508 technically only applies to the federal sector and their contractors, the larger goal is to encourage accessibility best practices for web-based technology across all industries. 508 compliance is especially important for public institutes, such as hospital and nonprofits, who have higher rates of web use among seniors and the disabled.
Just like public parking lots with handicap spaces and ramps, a website should also accommodate for users with disabilities. Users with vision, hearing or physical difficulties require different technology adaptions to browse the web. With an estimated 48.9 million Americans living with disabilities, and growing rates of online and smartphone use, accessibility is just as crucial online as it is in a parking lot.
Avoiding online accessibility barriers and employing the right technology ensures equal access to the web. Unfortunately, many web development companies look at these compliance modifications as an afterthought, rather than essential to web development and strategy. As Target discovered in court, proper adherence to 508 compliance is essential for users, and thus, online success.
To kick start accessibility, your website should include (hidden) coding elements that can be read and navigated by screen readers. These include:
- Videos with closed-captions
- Site navigation that navigates page sections (i.e., content, menu, footers, images)
- Descriptive text on images or infographics to inform users of image content
- High-contrast ratio between text and background colors
- Font adaptability so the size of text can be easily increased
- Text equivalents for non-text elements
- Proper use of “Tab-Index” in forms
For a more comprehensive assessment for compliance, view the full 508 compliance checklist, or use a tool like AuditGenie, which assesses your level of accessibility and ensures you’re following best practices.
And now comes security. The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for protecting and safeguarding sensitive medical data for patients. Any company dealing with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed. This includes anyone who supports or provides patient treatment, those in healthcare billing and operations, and those with access to patient information. Subcontractors, Covered Entities (CE) and Business Associates (BA) must also be compliant.
A HIPAA-compliant website is just one small piece of a thorough, overall HIPAA compliance plan. To get you going in the right direction, your website should adhere to the following guidelines:
- Encrypted transport of data – All data should be securely transported, meaning your website should be behind a high-trust, secure certificate.
- Secure website and database backups – Your hosting provider should have routine backups in place that are readily available and easily restorable.
- Controlled access to the data – Each user with access to patient data requires a unique set of credentials. Specified user access helps facilitate accurate audit logs and allows for quickly revoking access, if needed.
- Data integrity checks - If data changes in your system, you need to know: who changed it, when was it changed, and what was the previous state. This allows for quick regression if mistakes, such as publishing inaccurate information, are made.
- Storage encryption – All resting data must be encrypted. In other words, information in the database can’t rest in plain text. This prevents easy access to patient information on the off-chance your data is compromised.
- Disposal of unneeded information – The server needs the ability to completely delete and purge unused information from the system without damaging the integrity of referential data.
- Business Associate agreement – Every group with access to the data must execute a Business Associate agreement to ensure adherence to HIPAA compliance policies.
Web design and technology trends to not overlook.
All too often development agencies fall victim to over-designing website interfaces by trying to create sleek and fancy design trends, but neglecting to address usability or improve site performance. A superior user interface should be intuitive, easy to navigate, and clearly organized, and pages should load quickly.
Experienced user interface designers will look at the compliance items outlined in Section 508 and HIPAA as a gateway to delivering expanded web access and an enhanced user experience. And from a business standpoint, when you increase usability and access for all users, the potential to attract new customers (and hence, revenue), also increases.
And don’t forget about the importance of the right web technology to ensure smooth use and access. If a website is not optimized properly by your web developer or agency, it not only has an impact on your search engine placement, but the user experience. Slow page loading or poorly structured pages can prevent access and increase abandonment rates. And if your organization’s services are essential for the disabled population, you risk accessibility or losing them entirely when your site isn’t properly optimized.
To safeguard data and provide equal web access for disabled users, the following items should be integrated on your website:
- Adherence to web standards regarding logo placement
- Adherence to web standards regarding navigation
- Do not require a mouse to navigate the website
- High contrast ratio for 508 Compliance
- Traditional search functionality (i.e., go for simple over stylish)
- Text size adaptability in browsers for 508 Compliance
When it comes to hospital or nonprofit website design, going with standards and not healthcare website design trends, website accessibility, security and optimized interfaces are an essential step in online success. I suggest allocating a large portion of your analysis and design time to simplifying navigation and access for your most popular pages. To be safe, keep this in mind: You want a final web design that is easy for your disabled grandmother and your tech-junkie nephew to use.
What's Up Next?