In today's digital age, having a web presence is important in attracting potential patients to your health practice. Those operating within the healthcare industry must have HIPAA compliant websites to protect the information being collected from both current and future patients.
Should your website be HIPAA compliant?
If you answer yes to one or more of the questions that the Compliancy Group asks below, you should have a HIPAA compliant website.
- Are you collecting Personal Health Information (PHI) on your website?
- Are you transmitting PHI through your website?
- Are you storing PHI on a server connected to your website?
How to make your website HIPAA compliant
- Utilize SSL: Using a secure sockets layer on your website will ensure all information passing through your web server is secure.
- Data Encryption: Data collected through web forms should be fully encrypted to avoid a risk of loss or theft during a potential breach.
- Store data on a HIPAA compliant server: The security capability of a server plays an important role in patient data protection. HIPAA has specific requirements for server compliance, which all healthcare providers should familiarize themselves with and implement.
Refer to this important checklist
Still not sure if your data protection is up to HIPAA compliance standards? Refer to this checklist:
- All data collected and shared must be encrypted.
- Back up all data provided by patients.
- Patient health data needs to be recoverable.
- Data collected should be free from alteration and should also be tamper-proof.
- Data no longer required should be permanently deleted.
If your organization does not store or transmit PHI, then having a HIPAA compliant website is not necessary. Taking steps to ensure compliance with HIPAA web requirements is still recommended, in the case that PHI is dealt with in the future.