Your healthcare business needs a website, but you cannot have just any website. A HIPPA compliant medical website is needed to anyone who would want to recruit more patients, but also be sure their information is securely stored and used.
Here are the main steps to a HIPPA compliant medical website
The information ‘transported’ on your medical website HAS to be ENCRYPTED
Protected Health Information (PHI) is routinely stored and transferred on medical websites, but, just as the name implies, it has to be properly protected. Here is why your website should be secured with SSL and HTTPS protocols.
SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. (Find out more: What is SSL?)
HTTP Secure is an extension of the Hypertext Transfer Protocol for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is encrypted by Transport Layer Security, or formerly, its predecessor, Secure Sockets Layer. The protocol is therefore also often referred to as HTTP over TLS, or HTTP over SSL. (Find out more: HTTPS)
Your medical website should be hosted only by providers who allow you to get such an SSL certificate. A hosting plan without this feature will make it impossible for you to have a HIPPA compliant medical website.
A HIPPA compliant medical website allows you to easily backup and restore PHI
Information shouldn’t be lost easily, but Protected Health Information (PHI) HAS to be properly backed up and, if needed, restored. This isn’t such a difficult requirement for your website, since most hosting providers provide backups anyway.
In order to be sure, create backups of your website and the information it stores on a regular basis. Should anything happen to it, you can easily recover the data and restore it.
PHI should be accessed ONLY by authorized users
Your patient information shouldn’t be available to unauthorized users, only through secure logins and available only to the appropriate people.
Your web hosting provider should be a trusted HIPPA Business Associate as well.
PHI is not altered or damaged in any way
We already know that Protected Health Information should be properly stored and accessed only by authorized personnel. It is also mandatory to make sure it cannot be altered at all, even unintentionally.
The good news is that, if you already use SSL encryption as advised, this condition should be easily met.
Information can be easily disposed of when needed
PHI, once backed up and archived, has to expire and be permanently deleted. Same with the decryption keys and server logs. When you no longer use a server, all the data on it has to be properly disposed of.
A Business Associate Agreement is needed for the companies who manage your information
We already mentioned that, a web hosting provider, should provide HIPPA compliant hosting services and also have a Business Associate Agreement signed with you. This way you can be sure everyone who deals with your PHI is properly trained and certified to do so.
While it might seem like a daunting tasks, running a HIPPA compliant medical website is not really that difficult, once you’ve solved these details.
If you want to get more ideas and support, feel free to contact us.