Is Your Medical Website HIPAA Compliant?

HIPAA compliant website[INSTALLMENT – A Continuing Series] Every physician and medical administrator that we know is intimately—often, intensely—aware of HIPAA’s privacy and security rules. There isn’t a policy, procedure or process that isn’t carefully scrutinized as HIPAA compliant.

This isn’t legal advice, but healthcare professionals know that protected health information (PHI) and electronic protected health information (ePHI) need to be on the safe side of the Health Insurance Portability and Accountability Act and the Department of Health and Human Services.

But, physicians and medical administrators also realize that, in an Internet-driven world, confidentiality, privacy, and data security are vastly larger, dangerous and more complex issues. What’s more, hospital data and medical records are attractive targets for cyber theft and ransomware attacks.

If regulations, compliance and digital security issues aren’t compelling enough to keep you awake at night, consider this: What if your website and digital presence are not HIPAA compliant? Many ordinary, and innocent appearing, healthcare websites are not secure, or inadvertently fail to safeguard all “individually identifiable health information.”

Related: HIPAA Compliant Websites From Healthcare Success

Being HIPAA compliant is vital to every medical website…

Check with your own legal advisor, but here are some of the ways that medical websites, and HIPAA compliance, can be at risk:

Are files, storage, and transmissions secure? Data that is “in the open” (without encryption or SSL/Secure Socket Layer) is at risk. An important compliance checkpoint is having all sensitive material encrypted and secure, particularly when transmitted over the Internet.

Some forms can put you at risk. Generally, when a patient or prospective patient completes an online form—even elementary info such as name, phone number, email—it may be advisable to provide the data with the same level of protection as ePHI. More specifically, “individually identifiable” and “protected health information” is likely to meet the definition of electronic protected health information.

Social media can be a danger zone. Social media is a useful tool to talk about many things under the broad medical umbrella. That said, anything that is specific to an individual patient or identifiable info—even photographs—can violate personal privacy.

Use caution responding to online comments and review sites. It can be tempting to use specific, “he-said-she-said” replies to Internet-posted comments—especially negative mentions. It’s OK to be responsive, but a provider’s reply must avoid reference to a specific, identifiable or individual patient. Even acknowledging that someone is a patient would be inappropriate.

Your favorite iPhone or Blackberry is a target for theft. Mobile devices—a favorite among doctors—are compact and easily “snatch-able,” and that opens the door to cyber theft of stored or accessible information. What’s more, mobile devices themselves that are used to exchange doctor-patient communications may not be secure or HIPAA compliant.

Look for additional articles in this series…

There’s no question that compliance is vitally important for hospitals, group practices, and healthcare providers. In addition, medical websites are an important connection between the professional and the public. HIPAA’s privacy and security rules are a critical consideration. Check with your legal advisor and avoid compliance issues online.

 

Stewart Gandolf
Chief Executive Officer & Creative Director at Healthcare Success
Over the years Stewart has personally marketed and consulted for over 1,457 healthcare clients, ranging from private practices to multi-billion dollar corporations. Additionally, he has marketed a variety of America’s leading companies, including Citicorp, J. Walter Thompson, Grubb & Ellis, Bally Total Fitness, Wells Fargo and Chase Manhattan. Stewart co-founded our company, and today acts as Chief Executive Officer and Creative Director. He is also a frequent author and speaker on the topic of healthcare marketing. His personal accomplishments are supported by a loving wife and two beautiful daughters.

Comments

Continue

Your proposal will include:



Competitor Intel

Recommendations

Our Pricing

...and much more!

“Despite practicing in a hyper-competitive market, our new-patient counts are double what they were for the same time period last year. Hiring Healthcare Success was one of the best business decisions I have ever made.”


– Jonathan Calure, MD