{"id":8406,"date":"2019-06-24T13:47:52","date_gmt":"2019-06-24T17:47:52","guid":{"rendered":"https:\/\/www.whitecoatmedicalmarketing.com\/?p=8406"},"modified":"2019-06-24T13:47:52","modified_gmt":"2019-06-24T17:47:52","slug":"5-must-haves-for-a-hipaa-compliant-website","status":"publish","type":"post","link":"https:\/\/targetmarket.com\/5-must-haves-for-a-hipaa-compliant-website\/","title":{"rendered":"5 Must-Haves for a HIPAA-Compliant Website"},"content":{"rendered":"\n<p><span style=\"font-weight: 400;\">As a healthcare provider, you are already familiar with <a href=\"https:\/\/www.hhs.gov\/hipaa\/for-professionals\/privacy\/index.html\" target=\"_blank\" rel=\"noopener noreferrer\">HIPAA Privacy Rule<\/a>&#8211;a national regulation that sets standards to the privacy and security of protected health information (PHI). But, did you know that your website and social media accounts must also comply with these regulations? This holds true whether healthcare providers manage their online presence internally or use a third-party vendor.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">Before we dig into the essentials of a HIPAA-compliant website, let\u2019s take a look at exactly what data you are responsible to protect both online and off.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span style=\"color: #032c42;\"><b>What is considered PHI?<\/b><\/span><\/h2>\n\n\n\n<p><span style=\"font-weight: 400;\">Protected health information includes the following identifiers:&nbsp;<\/span><\/p>\n\n\n\n<ul><li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Name<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Location<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Dates<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Contact numbers<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Email addresses<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Medical record numbers<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Health plan beneficiary numbers<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Account numbers<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Certificate\/license numbers, including driver\u2019s license numbers<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Vehicle license plate numbers<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">URLs<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">IP address numbers<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Biometric identifiers such as fingerprints<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Full-face photographs and video<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Any other unique identifying numbers, characteristics or codes<\/span><\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span style=\"color: #032c42;\"><b>Features of a HIPAA-Compliant Website<\/b><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><span style=\"color: #18c2bf;\"><b>1. Secure Sockets Layer (SSL) Protection<\/b><\/span><\/h3>\n\n\n\n<p><span style=\"font-weight: 400;\">A secure sockets layer, or SSL, is an encrypted link between a web server and a browser that ensures all data passed between two remains private. This layer of protection keeps everything safely encrypted whenever someone logs into your site or manages their account. In the event someone stole or intercepted information, SSL protection means they wouldn\u2019t be able to make sense of it. Not sure if your website already has SSL protection? Look at the URL in your browser to make sure it begins with \u201chttps\u201d rather than \u201chttp\u201d.<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span style=\"color: #18c2bf;\"><b>2. Data Encryption<\/b><\/span><\/h3>\n\n\n\n<p><span style=\"font-weight: 400;\">Healthcare providers need layers of protection to effectively protect PHI. In addition to SSL protection, you will also need to encrypt any data that you store with full data encryption. If information is collected on a form and then passed through and emailed to an inbox, the data needs to be encrypted both in transit and at rest.<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span style=\"color: #18c2bf;\"><b>3. Secure Server<\/b><\/span><\/h3>\n\n\n\n<p><span style=\"font-weight: 400;\">A HIPAA-compliant website must be hosted on a secure server with proper safeguards such as a firewall. You also need an established and documented policy for the storage, transfer, disposal and reuse of data.\u00a0<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span style=\"color: #18c2bf;\"><b>4. Updated Privacy Policy<\/b><\/span><\/h3>\n\n\n\n<p><span style=\"font-weight: 400;\">A privacy policy is required by federal and state law if you collect personal data. For medical websites, the Notice of Privacy Practices needs to contain all the requirements as defined by HIPAA regulations. The U.S. Department of Health and Human Services has created a sample Notice of Privacy Practices that you can <\/span><a href=\"https:\/\/www.hhs.gov\/hipaa\/for-professionals\/privacy\/guidance\/model-notices-privacy-practices\/index.html\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">download and use<\/span><\/a><span style=\"font-weight: 400;\"> (for free) to meet the requirements.<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span style=\"color: #18c2bf;\"><b>5. Third-Party Agreement<\/b><\/span><\/h3>\n\n\n\n<p><span style=\"font-weight: 400;\">If you are using a third-party vendor, make sure you have an agreement in place that clearly defines the responsibility and requirements of service providers who manage and handle patient health information.\u00a0<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">There are more precautions you need to take for a HIPAA-compliant site, but these are the most important starting points for your practice. If your website is not compliant, there is a higher risk of a breach which potentially could lead to a possible violation and fine.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">Working with established healthcare industry website designers can help minimize the stress in creating a HIPAA-compliant website. They will know everything that\u2019s needed, both on the website\u2019s backend and for patient-facing information.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\"><a href=\"https:\/\/targetmarket.com\/get-in-touch\/\">Request a free consultation<\/a> and learn more about how we can help protect your patients and yourself with a custom-designed HIPAA-compliant website.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Working with established healthcare industry website designers can help minimize the stress in creating a HIPAA-compliant website. They will know everything that\u2019s needed, both on the website\u2019s backend and for patient-facing information.<\/p>\n","protected":false},"author":2,"featured_media":8412,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[9,172,8],"tags":[],"acf":[],"_links":{"self":[{"href":"https:\/\/targetmarket.com\/wp-json\/wp\/v2\/posts\/8406"}],"collection":[{"href":"https:\/\/targetmarket.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/targetmarket.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/targetmarket.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/targetmarket.com\/wp-json\/wp\/v2\/comments?post=8406"}],"version-history":[{"count":0,"href":"https:\/\/targetmarket.com\/wp-json\/wp\/v2\/posts\/8406\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/targetmarket.com\/wp-json\/wp\/v2\/media\/8412"}],"wp:attachment":[{"href":"https:\/\/targetmarket.com\/wp-json\/wp\/v2\/media?parent=8406"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/targetmarket.com\/wp-json\/wp\/v2\/categories?post=8406"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/targetmarket.com\/wp-json\/wp\/v2\/tags?post=8406"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}