As we mentioned in a previous blog post, a great website is a foundation for any online marketing strategy. However, for healthcare professionals, having a great website isn’t enough – it also needs to be HIPAA secure. This means that any time protected health information (PHI) is transmitted or stored, you should have proper procedures and policies in place, in addition to technical security.
Secure Sockets Layer (SSL) is a standard web security technology that creates an encrypted link between a web server (aka your website) and a web browser. For a medical website, it is used to encrypt patient information so that the initial transmission of PHI (from the patient to the webserver) is secure. From here, the information can either be stored on a web server or passed through to someone via email.
PHI should never be emailed over a ‘standard’ email connection. Instead, you should use a HIPAA-compliant email system that encrypts the transmission of this private information. Luckily, several vendors offer secure email solutions including secure online forms that can work with most email platforms, including Google Apps and Office 365.
Whether you store data on your own web server or on a 3rd party web server, you need to ensure that the hosting is HIPAA compliant. Key considerations include the physical security of the server, established policies for the disposal of data (if necessary), and logs and audits of software and hardware use and access.
Both your website and web server should be regularly tested for security vulnerabilities. According to HIPAA guidelines, you will only have up to 48 hours to resolve any security issues, so it’s best that you – and your web host, if appropriate – are aware and running regular intrusion tests.
Keeping up-to-date on all HIPAA requirements for your website can be complex, a great solution is the addition of a Patient Portal. The combination of these two online resources enables you to keep your website focused on the important task of marketing – and growing – your business, while your HIPAA-compliant Patient Portal provides a secure environment to transmit and store all patient data (PHI). These portals also benefit your patients by enabling them to easily and safely:
- Schedule appointments
- Complete registration forms
- Send secure email
- Access lab results
- Request prescription refills
- Create and maintain a personal health record (PHR)
Do you need a HIPAA secure website? Or are you considering the addition of a HIPAA-compliant Patient Portal?