Is your practice website compliant with the new changes it needs to perform well in 2018? I could probably come up with a dozen important things to update on most practice websites, but even the newest and best probably have issues with some of these four issues that have gained importance in 2018. Ignoring these changes can have serious consequences for your business.
- Mobile Website Performance and Speed Optimization
- Secure, Fast Website Hosting
- “Not Secure” Warnings
- GDPR Compliance
Mobile Website Speed Optimization
Now that mobile devices account for more than half of all website visitors for most companies, Google has made it clear that (just like your patients), they have no patience with slow sites. To rank well, your practice website must display well on mobile devices such as phones and tablets – and quickly, too!
“To make our results more useful, we’ve begun experiments to make our index mobile-first. Although our search index will continue to be a single index of websites and apps, our algorithms will eventually primarily use the mobile version of a site’s content to rank pages from that site, to understand structured data, and to show snippets from those pages in our results. Of course, while our index will be built from mobile documents, we’re going to continue to build a great search experience for all users, whether they come from mobile or desktop devices.”
Your website must also display fast on these devices. Google has stated that as of July 2018, they will have a “Speed Update” that will affect the rankings of slow mobile sites.
I was recently working with a client who wanted some new SEO-optimized content for his site, but when I looked it over, I told him that it was far more essential to optimize his site speed, especially on mobile. It was taking 56 seconds to load on a phone over a 3G network. That’s just not acceptable to anyone wanting to get information these days – and that doesn’t make Google happy.
“The average time it takes to fully load a mobile landing page is 22 seconds, according to a new analysis. Yet 53% of visits are abandoned if a mobile site takes longer than three seconds to load. That’s a big problem.”
If your website builder did not specifically tell you they would optimize the speed of your practice website, it wasn’t done. Most don’t do it. Most don’t know HOW to do it. How fast is fast enough? We aim for 2 seconds or less on desktop, and three or less on mobile.
Of course, it depends on the complexity of your site, but sometimes it’s better to simplify rather than lose your visitor completely.
53% of mobile site visits leave a page that takes longer than three seconds to load - Google Click To TweetIf you can’t get your website speeds fast enough, people simply leave. In website optimization terms, that’s called a “bounce”. Here’s Google’s data from 2017 on how mobile website speed impacts bounces. If you want to see what Google thinks of your mobile site speed, go here.
Secure, Fast Website Hosting
From an overall perspective of your marketing, your website hosting is a trivial item. You make a decision once, and you pay a relatively small amount, and if all goes well you forget about it until the bill comes in next year for renewal. However hosting your practice website on a company that has slow servers, downtime, or even poor support can hit your business hard.
As you read above, site speed matters. You can’t make your practice website fast enough if their servers are slow, and that means you’ll lose new patients you would have otherwise had. Time to first byte is the time it takes for the web hosting servers to start delivering data to a browser. I’ve seen that be a couple of seconds on its own, with some poor hosting companies. You can’t get a site loading in less than two seconds, if two seconds have passed before the server even starts communicating.
“We found a clear correlation between a faster time to first byte (TTFB) and a higher search engine rank.”
– Moz
Further, the number of site hacks rose dramatically last year. A good hosting company provides an environment that impedes hackers, but some just don’t get it… or do it.
I could roll out a technical laundry list of what we look for in a hosting company, talk about PHP versions and SSD drives… but the bottom line is that the servers have to be fast, reliable, and as secure as possible. We ensure our clients have quality hosting, moving the website to a new host if required – and then we monitor uptime so that we’re promptly informed of any issues.
Your Practice Website May Soon Show Up As “Not Secure”
In July 2018, Google has warned that non-HTTPS sites will begin to show prominent warnings to Chrome browser users. Worldwide, this is about 50% of browsers are Chrome. Currently, about 43% of United States browsers, and 42% in Canada are Chrome. So there’s a good chance your practice website visitors will see this scary warning after July, unless your site is HTTPS. That’s not going to create confidence and trust in your practice.

Example of warning Chrome Browsers will show on non-HTTPS sites in July 2018.
If this happens on your practice website, visitors may well leave and choose another site to visit. In addition, Google has hinted that HTTPS sites may have a slight advantage in search ranking over HTTP (non-HTTPS) sites. That’s pretty important, since reaching the first page of Google is critical for drawing new in new business. Did you know that only 2% of searchers ever go past the first page of search results?
According to Google, 81 of the top 100 sites on the web use HTTPS.
If you don’t know what HTTPS is, that’s pretty common. You’ve increasingly seen websites that have addresses (URLs) beginning with HTTPS, instead of HTTP. What this means is that data going to and from your web browser to the website’s server is encrypted. Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, which controls how data is sent between your browser and the website you are looking at. The server which stores the website’s pages communicates with your browser using encrypted data transmission.
This means that hackers, governments, your internet service provider, or other eavesdroppers can’t listen in. HTTPS also protects against visitors being redirected to an impostor website – this is why reputable banks and businesses taking online payments always use HTTPS. As your browser connects to an HTTPS-secured server, it checks the website’s security certificate and ensures it was issued by a legitimate authority and hasn’t expired.
In the United States, Health and Human Services have specific requirements for HIPAA compliance that may affect your health practice. If HIPAA applies to your practice, your website must reach their encrypted data transmission standards if there is any transmission of patient or health information through it. Properly configured HTTPS sites with an SSL (Secure Sockets Layer) encryption layer and SSL Certificate are essential for the confidentiality of data sent between a patient’s browser and the web server hosting your website.
GDPR Compliance
On May 25, 2018, the European Union’s new rules on General Data Protection Regulation came into effect. These rules are designed to give citizens of the European Union (EU) and the European Economic Area (EEA) more control over their data. GDPR can impact most businesses on the web, unless they block website access from European Union countries… and the fines for non-compliance are huge. For example, imagine that your practice has a newsletter signup online, and some of your subscribers are from the EU… you need to comply. The solution isn’t to get rid of your newsletter or block access, although some organizations did that when the deadline was reached and they weren’t ready. Basically, there are five broad steps to compliance. We’re not legal experts, but we can give you a rough outline.
- Identify the data you store pertaining to EU/EEA individuals. You’ll need to allow customers to see data you have on them on request. You’ll need to delete it on request too, as long as other legal obligations allow.
- Clean up your data and remove any expired information you no longer need. Store only what you must have and keep track of all copies.
- Create policies around collecting, accessing, storing and disposing of this data. Post them publicly, and make them clear and comprehensible. You’re going to need a new Privacy Policy.
- Secure your data. If your data is breached, you’ll have obligations to report the breach within 72 hours.
- Document the steps you’ve taken to ensure GDPR compliance – this can help you show “good faith” and avoid fines.
Some of the things you’ll need to specifically review and update will include your Privacy Policy (GDPR has specific requirements for how it is written) as well as how you will respond to data removal requests. The GDPR states that customers “have a right to be forgotten” and organizations should be able to remove all of a person’s data within 24 hours. You need a process for taking these requests, and you need to ensure they’re acted upon promptly – this will require changes to your website. Even small things like having a subscription checkbox checked by default can be an issue, so a review of how you’re asking for information on your practice website is essential.
Staying On Top Of Practice Website Updates
Every single one of our practice marketing packages includes website maintenance, because these days, if your website doesn’t perform, neither does the rest of your marketing. We understand that tracking the technical changes in online marketing and search engine optimization is pretty much a full-time job. That’s why our clients hire us to take care of it.