18.8 C
New York
Thursday, September 14, 2023

Is Your Web site HIPAA-Compliant? | HIPAA & Well being Info Know-how

If you’re a HIPAA-covered entity or enterprise affiliate, you possible know that affected person PHI might solely be created, obtained, maintained, and transmitted as permitted by the HIPAA Safety Rule and the HIPAA Privateness Rule.  But you might not have centered in your firm’s web site as a spot the place PHI is collected and transmitted.  If you’re topic to HIPAA, you must frequently assess your web site information practices.  As described on this weblog submit, you must ensure third-party trackers like Meta Pixel aren’t accessing and disclosing information behind the scenes.  However frequent customer-facing instruments shouldn’t be neglected.  Frequent methods wherein PHI could also be collected and transmitted embody:

  • Dwell Chat
  • Affected person Portals
  • On-line Affected person Kinds
  • On-line Scheduling Instruments
  • Critiques and Testimonials
  • E mail
  • On-line loyalty Packages

The HIPAA Privateness Rule requires that entities that create, obtain, keep, and/or transmit PHI take particular measures to guard it. For instance, if your organization retains individually identifiable medical data on a server, that server have to be encrypted and safe. Transmitting PHI contains sending data through e mail, textual content, internet varieties or different sorts of digital messaging. Storing PHI contains storing data in apps, information facilities, and many others. If your organization web site collects, shops, or transmits PHI and doesn’t take cheap measures to safe that information, it could violate HIPAA.

To start remediating dangers, firms ought to:

  • Buy and implement an SSL certificates for the corporate web site
  • Guarantee all internet varieties on the corporate web site are encrypted and safe
  • Solely ship emails containing PHI by way of encrypted e mail servers
  • Companion with hosting firms which might be HIPAA-compliant and have processes for safeguarding PHI
  • Execute BAAs with third events which have entry to PHI (together with hosting firms)
  • Be certain that PHI is barely accessible by licensed people inside your organization

Related Articles


Please enter your comment!
Please enter your name here

Latest Articles