Is Your Medical Website HIPAA Secure?

Is Your Medical Website HIPAA Secure?

by Shearly (SU)

As we mentioned in a previous blog post, a great website is the foundation for any online marketing strategy. However, for healthcare professionals, having a great website isn’t enough – it also needs to be HIPAA secure. This means that any time protected health information (PHI) is transmitted or stored, you should have proper procedures and policies in place, in addition to technical security.

SSL Protection 

Secure Sockets Layer (SSL) is a standard web security technology that creates an encrypted link between a web server (aka your website) and a web browser. For a medical website, it is used to encrypt patient information so that the initial transmission of PHI (from the patient to the web server) is secure. From here, the information can either be stored on a web server, or passed through to someone via email.

Email Encryption

PHI should never be emailed over a ‘standard’ email connection. Instead, you should use a HIPAA-compliant email system that encrypts the transmission of this private information. Luckily, several vendors offer secure email solutions including secure online forms that can work with most email platforms, including Google Apps and Office 365.

Information Storage

Whether you store data on your own web server or on a 3rd party web server, you need to ensure that the hosting is HIPAA compliant. Key considerations include the physical security of the server, established policies for the disposal of data (if necessary), and logs and audits of software and hardware use and access.

Security Testing

Both your website and web server should be regularly tested for security vulnerabilities. According to HIPAA guidelines, you will only have up to 48 hours to resolve any security issues, so it’s best that you – and your web host, if appropriate – are aware and running regular intrusion tests.

As keeping up-to-date on all HIPAA requirements for your website can be complex, a great solution is the addition of a Patient Portal. The combination of these two online resources enables you to keep your website focused on the important task of marketing – and growing – your business, while your HIPAA-compliant Patient Portal provides a secure environment to transmit and store all patient data (PHI). These portals also benefit your patients by enabling them to easily and safely:

• Schedule appointments
• Complete registration forms
• Send secure email 
• Access lab results
• Request prescription refills
• Create and maintain a personal health record (PHR)

Do you need a HIPAA secure website? Or are you considering the addition of a HIPAA-compliant Patient Portal?

Contact iHealthSpot at 877-709-0999 for your FREE consultation with the experts today!