Fast Guide to a HIPAA Compliant Website

Posted by | webdeprigo-com | 30 November 2018
Fast guide to a HIPAA compliant website

There’s no question that people expect to be able to find anything online, including doctors, and as much information about them as possible. But as a medical professional, business is much more sensitive and stricter requirements must be followed. Not following these may result in up to a million dollars in fees.

However, here are 7 checks you can do to make sure your site is secured.

Encrypted Transmission:
Data transmitted through the internet needs to be encrypted. By default, information is not encrypted and can be intercepted by anyone that knows how. This has an easy solution and is recommended all sites be encrypted. Use an SSL or TLS certificate to encrypt this and check this box off your list.

Backup:
All data should be backed up regularly. Most web hosts will create backup points for you, however, most e-mails are not automatically backed up and a third party program or technical knowledge may be needed for this.

Proper Authorization:
This is completely dependant on management. Do you share one login to check PHI or does each individual have their own login? Is your hosting provider a trusted HIPAA Business Associate? Best practice is to give each staff member only as much access as they need, and not share logins with others. This includes access to the backup.

Storage Encryption:
This is dependant on your host, make sure your site content is stored in an encrypted server. Normally, data is not encrypted in storage. SSL only affect data transmitted, but we must also secure data stored.

Disposal:
Making sure data that needs to disappear, disappears. This is harder than it sounds because we have so many systems making backups automatically. This may require a lot of scrubbing and manually deleting backups.

Integrity of Data:
If all other precautions are taken, this is checked off. What this refers to, is that data is accurate and has not been altered. It could maliciously be altered by the wrong person having access to the PHI or an outside party exploiting a vulnerability.

BAA:
You’re required to have a Business Associate Agreement with vendors associated with your website. It’s important for your website to be designed, developed, and hosted with knowledge of all HIPAA requirements.

If you’re not able to check off everything in this guide, we recommend discussing this with your web developers and addressing any shortcomings.

Pedro is Graphic and Web Designer at Deprigo since March 2017. He’s worked in the Army as an Aircraft Electrician and is working on perfecting chocolate.

About The Author

Pedro is Graphic and Web Designer at Deprigo since March 2017. He's worked in the Army as an Aircraft Electrician and is working on perfecting chocolate.

Related Blogs

Thinking Different SEO
Posted by webdeprigo-com |
There’s just no escaping the digital world we live in today, and if you own a business, you NEED to be online! According to a study by…
LikesComments Off on Thinking Different About SEO
responsive web design
Posted by gdeprigo-com |
In the modern world of internet marketing, one of your main focuses as a business should be your company's online presence. Using graphic design that enhances the legibility and aesthetic…
14 LikesComments Off on How To Improve User Experience On Your Company’s Mobile Site
web marketing
Posted by gdeprigo-com |
Successful small businesses are great at running a frugal operation while multitasking and managing various disciplines. There's only so much space, so much time, and so much money to go…
12 LikesComments Off on How To Cost-Effectively Market Your Small Business On A Time Sensitive Schedule

Deprigo, Inc.

Design, Print, Go!