Friday, June 14, 2024
HomeHealth LawIs Your Web site HIPAA-Compliant? | HIPAA & Well being Info Expertise

Is Your Web site HIPAA-Compliant? | HIPAA & Well being Info Expertise


If you’re a HIPAA-covered entity or enterprise affiliate, you seemingly know that affected person PHI could solely be created, acquired, maintained, and transmitted as permitted by the HIPAA Safety Rule and the HIPAA Privateness Rule.  But it’s possible you’ll not have targeted in your firm’s web site as a spot the place PHI is collected and transmitted.  If you’re topic to HIPAA, you need to frequently assess your web site knowledge practices.  As described on this weblog put up, you need to be certain that third-party trackers like Meta Pixel aren’t accessing and disclosing knowledge behind the scenes.  However frequent customer-facing instruments shouldn’t be missed.  Widespread methods during which PHI could also be collected and transmitted embrace:

  • Stay Chat
  • Affected person Portals
  • On-line Affected person Varieties
  • On-line Scheduling Instruments
  • Opinions and Testimonials
  • E mail
  • On-line loyalty Applications

The HIPAA Privateness Rule requires that entities that create, obtain, preserve, and/or transmit PHI take particular measures to guard it. For instance, if your organization retains individually identifiable medical data on a server, that server have to be encrypted and safe. Transmitting PHI contains sending data through electronic mail, textual content, internet types or different sorts of digital messaging. Storing PHI contains storing data in apps, knowledge facilities, and many others. If your organization web site collects, shops, or transmits PHI and doesn’t take cheap measures to safe that knowledge, it might violate HIPAA.

To start remediating dangers, firms ought to:

  • Buy and implement an SSL certificates for the corporate web site
  • Guarantee all internet types on the corporate web site are encrypted and safe
  • Solely ship emails containing PHI by means of encrypted electronic mail servers
  • Associate with hosting firms which might be HIPAA-compliant and have processes for safeguarding PHI
  • Execute BAAs with third events which have entry to PHI (together with hosting firms)
  • Be sure that PHI is barely accessible by licensed people inside your organization




Please enter your comment!
Please enter your name here

Most Popular

Recent Comments