What "HIPAA-Conscious" Means

It means I never handle your patients' PHI.

I build marketing websites — not patient portals. Your site links to your existing HIPAA-compliant tools like SimplePractice or TherapyNotes if desired. I never collect, store, or process PHI.

What this means for you:

Common Attack Surfaces

Page builders often introduce potential leak points without you realizing it.

Where the Risk Comes From

Page Builder Storage

Wix and Squarespace store form submissions on their servers by default. Many therapists don't realize the HIPAA risks involved on the technical side of websites. Many designers don't understand even the basics of HIPAA.

WordPress Plugins

WPForms, Contact Form 7, and Gravity Forms store submissions in your database. That may include PHI you never intended to collect. Every additional plugin introduces another potential attack surface — and it only takes one outdated plugin to compromise a site.

Designer Blind Spots

Many designers use the same tools for every client — regardless of compliance requirements. Whether they're aware of the risk or not, the result is the same.

What I Do Instead

My Approach

  • Hand-crafted static sites— no databases, no PHI storage
  • Zero contact forms— patients use secure channels
  • Privacy-first analytics— Fathom uses no cookies, collects no personal data, and never stores IP addresses.
  • Direct EHR linking— booking goes to your existing tools
  • Cloudflare hosting— secure, fast, no PHI stored

What I Don't Use

  • No page builders— Wix, Squarespace, WordPress, or others
  • No plugins— nothing that stores or transmits PHI
  • No contact forms— no PHI collection at all
  • No databases— means no PHI storage
  • No BAA required— because I never handle PHI

Bottom line:Your website becomes a secure digital front door — not a liability.

Let's Talk About Your Practice.

If you're thinking about a new site—or not sure where to start—I'd love to hear from you.

01

Reach out

Call or email. Whatever works for you.

02

Talk it through

No pressure. Just a conversation.

03

Decide

Clear next steps. No obligation.

If you're based in or near Knoxville, TN, I'm happy to schedule a visit at your office.

Reveal Contact Methods
— OR —
Frequently Asked Questions.

Everything you need to know.

Do I need a BAA with you? +

No.Because I never handle or store PHI, you don't need a Business Associate Agreement with me.

Will you sign a BAA? +

Absolutely. I'm happy to sign one if your practice needs it. Just ask.

What about contact forms? +

I don't use them. Patients are directed to secure communication channels — phone, secure email, or your EHR scheduler. No forms=no PHI sitting in a database.

Is my patient data stored anywhere? +

No.Your site is built on static, database-free code. Patient records stay in your existing HIPAA-compliant tools like SimplePractice or TherapyNotes.

What makes your approach different? +

Many designers use the same page builders and plugins for every client. I don't. I hand-craft every site from scratch with no database and no PHI storage. No shortcuts. No compliance risks.

What analytics do you use? +

Fathom — a privacy-first analytics tool that collects no personal data, uses no cookies, and never stores IP addresses.

How do you take payments? +

Payments are processed securely through Stripe . I never see, store, or have access to your credit card or banking details. Stripe handles everything. You get a receipt. I get a notification. That's it.

Where is my website hosted? +

Cloudflare — secure, fast, and I never touch patient records.