You may not be aware of this, but one important component of HIPAA is that you must post your Notice of Privacy Practices on your website. According to the HHS website:
A covered entity (that’s you!) must prominently post and make available its notice on any web site it maintains that provides information about its customer services or benefits.
Fortunately, HHS also provides free templates for creating a Notice of Privacy Practices. You can download a PDF version (more suitable for a brochure) or a text-only version that is very easy to copy and paste to your website.
Where should it go on your website? You can post it on your policies page, or create a separate page that just hosts the Notice of Privacy Practices. In your consent form, you can point your clients to the website and have them indicate if they also want a hard copy (which you are obligated to provide on request).
Website Terms & Conditions are more general policies that apply to visitors of your site. You can find a customizable template for sale in the store and also bundled with the Lactation Private Practice Essential Toolkit. They have been attorney reviewed for the US and Canada and include GDPR guidance.