Healthcare Website Design

Healthcare website design.

Q: How do MedicalBusiness and Physician schema chain on a multi-physician practice site?

The practice location marks up as MedicalBusiness (or a more specific subtype like MedicalClinic , Hospital , or Dentist ). Each attending physician marks up as Physician (which inherits from Person and MedicalOrganization ). The connection runs via the employee or member property on the MedicalBusiness , and the worksFor or location property on the Physician . The Physician markup uses the sameAs property to link directly to the NPI registry page, the state medical board license profile, and the ABMS verification page. The explicit chaining is the load-bearing mechanism that transfers off-site EEAT to the on-site author byline. Per-physician JSON-LD ships on the author byline and aggregates to the practice's MedicalBusiness node site-wide.

Q: What schema does NOT belong on a commercial service page?

MedicalCondition , MedicalProcedure , MedicalTherapy , and Drug belong on encyclopedic editorial content authored by credentialed physicians . Applying them to a marketing service page that sells a procedure reads to Google's medical-content classifiers as an attempt to manipulate medical rich results. The manual-action pattern for spammy structured data is documented. Commercial service pages mark up as MedicalBusiness + availableService with the service named and described at the marketing register. The clinical types sit on the editorial layer where the named physician author carries the credential.

Abstract

Three architectural surfaces a generic small-business build does not handle. HIPAA-aware intake forms under 45 CFR 164. MedicalBusiness + Physician schema with sameAs chaining to NPPES, ABMS verification, state medical board. Editorial-layer separation from commercial pages so the clinical schema types stay off the marketing surface. ADA Title III sits on top of all three.

Book a diagnostic →

Architectural surfaces addressed

45 CFR 164.514 De-identification standard HHS 2023 Bulletin Tracking technologies on covered-entity sites ADA Title III Accessibility MedicalBusiness Schema.org primary type Physician.sameAs Entity-graph reconciliation

Intake layer

HIPAA-compliant intake forms, tracking-technology discipline, BAA-routed analytics.

Patient-facing intake forms collect Protected Health Information by default. Name plus appointment-type plus chief complaint is PHI as soon as the form lands in the practice's pipeline. Generic SaaS form vendors (Typeform, Google Forms, Jotform's default tier) cannot lawfully process the data without a Business Associate Agreement, encryption-in-transit and at-rest matching the HIPAA Security Rule technical safeguards, and a data-flow record. The architecture routes the intake through a HIPAA-aware vendor (Jotform HIPAA, Formstack Healthcare, or self-hosted with the encryption stack), captures consent for any marketing uses inline, and posts to a back-end that does not pass through generic logging.

Tracking technologies face a stricter rule. The HHS Office for Civil Rights bulletin (initial 2022-12-01, updated 2024-03) states that tracking technologies on a covered entity's webpages can constitute disclosures of PHI to the tracking vendor when the data includes patient identity or interaction signals¹ . Google Analytics, Meta Pixel, and similar trackers on a medical practice's site trigger the disclosure when they fire on authenticated patient surfaces or capture identifying queries on unauthenticated pages. Several covered entities have entered OCR resolution agreements over tracking-technology configurations since the bulletin issued. The architectural fix is server-side analytics where the vendor will sign a Business Associate Agreement and the events strip identifiers before they cross the boundary.

De-identification under 45 CFR 164.514 Safe Harbor exempts 18 specific identifiers (names, geographic subdivisions smaller than state, dates more granular than year, contact endpoints, account numbers, biometric identifiers, full-face photographs, and more)³ . The intake architecture handles de-identification as a workflow input: data that travels into analytics, into the marketing surface, or into the editorial-content pipeline gets de-identified at the boundary or carries explicit authorization under 45 CFR 164.508.

Schema + entity layer

MedicalBusiness + Physician + sameAs to NPI, ABMS, state medical board.

The schema architecture marks the practice location as MedicalBusiness (or a more specific subtype: MedicalClinic, Hospital, Dentist, etc.). Each attending physician marks up as Physician, which inherits from Person and MedicalOrganization⁴ . The connection between facility and practitioner runs via employee or member on the MedicalBusiness, and worksFor or location on the Physician. The Physician node uses the sameAs property to chain to the NPI registry profile at NPPES⁸ , the state medical board license profile, and the ABMS verification page⁷ .

The sameAs chain is the load-bearing mechanism that transfers off-site EEAT to the on-site author byline. Without the chain, Google's entity resolver does not consolidate the physician across the public directory ecosystem and the practice's editorial content competes for ranking without the underlying entity signal. Praxis builds the chain into the JSON-LD on every author byline and into the practice's primary MedicalBusiness node site-wide.

The discipline that goes with the schema is what does NOT mark up. MedicalCondition, MedicalProcedure, MedicalTherapy, and Drug belong on encyclopedic editorial content. Applying them to a commercial service page that markets a procedure reads to Google's medical-content classifiers as an attempt to manipulate medical rich results² . The manual-action pattern for spammy structured data is well-documented. Commercial pages stay on MedicalBusiness + availableService. The clinical types ship only on the editorial template where a credentialed physician fronts the byline.

Editorial layer + accessibility

Editorial template separated from commercial. ABMS bylines. ADA Title III at WCAG 2.1 AA.

Articles authored or reviewed by the practice's physicians sit on a distinct template from the commercial service pages. The editorial template surfaces a named-author byline at the top of the article: name, ABMS board certification with member-board name, active state license number and jurisdiction, ACGME-accredited residency, and the link chain to NPI + state board + ABMS verification. Body copy reads peer-reviewed-journal adjacent. Numbered citation marks in the body link to a bibliography section at the article's end. The article-template structure tells Google's Reviews System framework where to read for the practicing-physician reviewer signal.

Accessibility runs on top of the architecture. ADA Title III applies to places of public accommodation and healthcare provider websites are treated as extensions of the physical practice⁵ . The working compliance target is WCAG 2.1 Level AA conformance⁶ . Common gaps surface in form-field labeling on appointment-booking surfaces, color contrast on procedure-page calls-to-action, keyboard navigation in patient-portal modals, and missing alt text on procedure illustrations. The accessibility audit runs alongside the schema and HIPAA audits in the diagnostic phase. Remediations route through the design system, not through one-off page patches, so the compliance state holds as the site grows.

The architecture sits inside the broader medical SEO work at Praxis. The website-design surface is one input. The schema layer, the editorial-content layer, the directory layer, the GBP layer all run against the same architectural discipline.

MedicalBusinessPrimary type for the practice facility.
PhysicianEach attending. Inherits from Person + MedicalOrganization.
employee / memberFacility → practitioner connection on MedicalBusiness.
worksFor / locationPractitioner → facility connection on Physician.
sameAsChain to NPPES + state medical board + ABMS verification.
usNPIMachine-readable NPI linkage on Physician.
availableServicePer-service surface. CPT-aligned where appropriate.
hospitalAffiliationInstitutional EEAT for hospital-affiliated physicians.
isAcceptingNewPatientsFilter-parameter parity with Zocdoc + aggregator filters.
45 CFR 164.514De-identification Safe Harbor. 18 identifiers.
HHS 2023+Tracking technology bulletin. BAA-routed analytics.
ADA Title IIIAccessibility. WCAG 2.1 AA target.

References

01.U.S. Department of Health and Human Services, Office for Civil Rights. Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates. HHS OCR Bulletin (initial 2022-12-01, updated 2024-03). 2024. https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/hipaa-online-tracking/index.html
02.Google Search Central. Structured data guidelines and medical-content discipline. Google Search Central documentation. 2024. https://developers.google.com/search/docs/appearance/structured-data/sd-policies
03.U.S. Department of Health and Human Services. 45 CFR §164.514. De-identification of protected health information. Code of Federal Regulations, HIPAA Privacy Rule. 2024. https://www.ecfr.gov/current/title-45/subtitle-A/subchapter-C/part-164/subpart-E/section-164.514
04.Schema.org community. MedicalBusiness, Physician, and MedicalOrganization vocabularies. Schema.org. 2024. https://schema.org/MedicalBusiness
05.U.S. Department of Justice, Civil Rights Division. ADA Title III and accessibility of public accommodation websites. Department of Justice guidance. 2024. https://www.ada.gov/resources/web-guidance/
06.World Wide Web Consortium. Web Content Accessibility Guidelines (WCAG) 2.1, Level AA. W3C Recommendation. 2018. https://www.w3.org/TR/WCAG21/
07.American Board of Medical Specialties. ABMS Board Certification and Maintenance of Certification. ABMS. 2024. https://www.abms.org/board-certification/
08.Centers for Medicare and Medicaid Services. National Plan and Provider Enumeration System (NPPES) NPI Registry. CMS. 2024. https://npiregistry.cms.hhs.gov/

Common questions

Questions practice administrators ask about the architecture. Before scoping the rebuild.

01.

What separates a healthcare website design from a generic small-business build?

Three architectural surfaces the generic build does not handle. First, the intake-form layer has to address Protected Health Information under HIPAA at 45 CFR 164. Forms collecting any PHI cannot ship through generic SaaS form vendors without a Business Associate Agreement, the back-end transport encryption matching the Security Rule technical safeguards, and the consent capture for any marketing uses. Second, the schema layer marks up as MedicalBusiness with chained Physician entities, not LocalBusiness. The Physician.sameAs chain reaches NPPES, ABMS verification, and the state medical board. Third, the editorial-content surface fronts each article with a named ABMS-board-certified author byline aligned to the article topic. The Reviews System framework reads first-party editorial content for that signal.

02.

What did the 2023 HHS bulletin change about tracking technologies?

In December 2022 the HHS Office for Civil Rights issued a bulletin on the use of online tracking technologies by HIPAA-regulated entities and updated it through 2024. The bulletin states that tracking technologies on user-authenticated webpages and on unauthenticated webpages of covered entities and business associates can constitute disclosures of PHI to the tracking technology vendor when the information includes the patient's identity or their interaction with the covered entity. Google Analytics, Meta Pixel, and similar trackers on a medical practice's site can trigger the disclosure. The remediation pattern is HIPAA-aware analytics (server-side, IP-masked, no PHI in events) and Business Associate Agreements where the vendor will sign one. Several practices have entered OCR resolution agreements over tracking-technology violations since the bulletin issued.

03.

How do MedicalBusiness and Physician schema chain on a multi-physician practice site?

The practice location marks up as MedicalBusiness (or a more specific subtype like MedicalClinic, Hospital, or Dentist). Each attending physician marks up as Physician (which inherits from Person and MedicalOrganization). The connection runs via the employee or member property on the MedicalBusiness, and the worksFor or location property on the Physician. The Physician markup uses the sameAs property to link directly to the NPI registry page, the state medical board license profile, and the ABMS verification page. The explicit chaining is the load-bearing mechanism that transfers off-site EEAT to the on-site author byline. Per-physician JSON-LD ships on the author byline and aggregates to the practice's MedicalBusiness node site-wide.

04.

Does ADA Title III actually apply to medical practice websites?

Yes, in most U.S. circuits. Title III of the Americans with Disabilities Act applies to places of public accommodation. The Department of Justice has consistently taken the position that healthcare provider websites are extensions of the physical place of public accommodation. Federal court decisions in the Eleventh Circuit and elsewhere have applied Title III to medical practice websites. WCAG 2.1 Level AA conformance is the working compliance target. Common gaps surface in form-field labeling, color contrast on appointment-booking surfaces, keyboard navigation in modals, and missing alt text on procedure illustrations. The accessibility audit runs alongside the schema and HIPAA audits in the diagnostic phase.

05.

Where does the medical-publication editorial layout fit in the architecture?

Editorial articles where the practice's physicians author content sit on a distinct template from commercial service pages. The editorial template surfaces a named-author byline at the top of the article with ABMS board certification, active state license, ACGME-accredited residency, and the link chain to NPI + state board + ABMS verification. The article body uses serif display for headlines, sans for body copy, and a citation chrome (numbered references with a bibliography section) that reads as peer-reviewed-journal adjacent. The commercial service pages stay on a separate template with the schema reserved to MedicalBusiness + availableService. Mixing the templates (clinical schema on marketing pages) is the documented spammy-structured-data manual-action pattern; keeping them separated is part of the architecture.

06.

What schema does NOT belong on a commercial service page?

MedicalCondition, MedicalProcedure, MedicalTherapy, and Drug belong on encyclopedic editorial content authored by credentialed physicians. Applying them to a marketing service page that sells a procedure reads to Google's medical-content classifiers as an attempt to manipulate medical rich results. The manual-action pattern for spammy structured data is documented. Commercial service pages mark up as MedicalBusiness + availableService with the service named and described at the marketing register. The clinical types sit on the editorial layer where the named physician author carries the credential.

Stop watching your competitors rank

If your patient-intake form posts to a generic SaaS vendor without a BAA, the OCR exposure surfaces before any SEO work matters.

The diagnostic audits the intake stack against HIPAA Security Rule technical safeguards, the tracking-technology layer against the HHS 2023 bulletin, the schema layer against the MedicalBusiness + Physician + sameAs chain, the editorial-template separation against the Reviews System framework, and the accessibility layer against WCAG 2.1 AA. Comes back inside two weeks.

Book a diagnostic → Email us