Website Security and HIPAA

Encryption and Updates Are A Must

HIPAA security is as important to your online presence as it is internally. Making sure your website visitors (patients, clients, etc) have a secure connection to a website that is up to date and free from malware or other threats is just plain good business practice.

For those who need to conform to the HIPAA rules, encryption and updates are a must.  As outlined at Health and Human Services, the Health Insurance Portability and Accountability Act defines many guidelines and best practices for compliance.

These HIPAA guidelines can be frustratingly general and broad in nature, we think purposefully so it allows you the flexibility on how to apply these rules to your practice. For instance, they won’t recommend software, hardware, systems or technology as they want to leave that to your discretion.

This flexibility leads to more questions and uncertainty on what you should do – especially related to technology and systems you might not be familiar with.

So what do you have to do when it comes to websites?  We recommend you start with the HIPAA Security Rule.

HIPAA Security Rule

The HHS.gov website defines the security rule as follows:

The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.

So what do they mean by “appropriate safeguards”?

The Summary of the HIPAA Security Rule provides a good broad stroke of the overall expectation and under their General Rules it states:

Identify and protect against reasonably anticipated threats to the security or integrity of the information;

This is better information but still a bit broad in nature.

After reviewing other resources on this and other pages, the site references an excellent PDF at HealthIT.gov (part of the ONC under HHS).

This document clearly states that your software and hardware needs to be kept up to date and you should be using encryption.

You and your staff must keep up-to-date with software upgrades and available patches. Remember, security risk analysis and mitigation is an ongoing responsibility for your
practice. Vigilance should be part of your practice’s ongoing activities.

Get Up To Date and Secure

So what would be appropriate safeguards?

The bottom line, we would highly recommend you get your website AND server software up to date and put a process in place to keep them up to date. You should also properly secure it with encryption using SSL and further protect it from attacks using a WAF (Web Application Firewall).

Have more questions?

You can chat with one of our experts using the chat icon to the right or fill out our contact form.

©2019 Developer Squad. All rights reserved.

About Us | FAQ | Free Tools | Blog | Partner with Us | Contact

How We Scan and Remove Malware

You will be given secure access to our portal where you enter the FTP credentials to the main directory of your site (typically the public_html). Our scanners will then do a deep scan of all files. Once found, you can request a cleaning (if purchased) and we will immediately begin the cleaning process.

We start as soon as you set things up and the length of time it takes to scan and remove malware will vary depending on the level of infection and number of files. Typically it takes several hours. Our portal updates you on progress and has 24x7x365 chat support so you are never left alone!

US Based Family Business  •  Money Back Guarantee

US Based Family Business

Cousins Jon and Mike Brennan (bios here) were always close like brothers and so, many years ago, they decided to start a business together. It wasn’t long before Jon’s brother Jeff and their mother Judy (the first programmer in the family!) joined the company. We’ve never looked back!

We pride ourselves on our fanatical customer service and would welcome the opportunity to earn your trust.

Log in with your credentials

Forgot your details?