Friday, November 3, 2023
HomeHealth LawIs Your Web site HIPAA-Compliant? | HIPAA & Well being Info Expertise

Is Your Web site HIPAA-Compliant? | HIPAA & Well being Info Expertise

If you’re a HIPAA-covered entity or enterprise affiliate, you doubtless know that affected person PHI could solely be created, acquired, maintained, and transmitted as permitted by the HIPAA Safety Rule and the HIPAA Privateness Rule.  But chances are you’ll not have centered in your firm’s web site as a spot the place PHI is collected and transmitted.  If you’re topic to HIPAA, you need to frequently assess your web site information practices.  As described on this weblog submit, you need to make certain third-party trackers like Meta Pixel should not accessing and disclosing information behind the scenes.  However widespread customer-facing instruments shouldn’t be ignored.  Frequent methods by which PHI could also be collected and transmitted embrace:

  • Dwell Chat
  • Affected person Portals
  • On-line Affected person Kinds
  • On-line Scheduling Instruments
  • Evaluations and Testimonials
  • E-mail
  • On-line loyalty Packages

The HIPAA Privateness Rule requires that entities that create, obtain, preserve, and/or transmit PHI take particular measures to guard it. For instance, if your organization retains individually identifiable medical data on a server, that server should be encrypted and safe. Transmitting PHI contains sending data through e mail, textual content, internet kinds or different varieties of digital messaging. Storing PHI contains storing data in apps, information facilities, and many others. If your organization web site collects, shops, or transmits PHI and doesn’t take affordable measures to safe that information, it might violate HIPAA.

To start remediating dangers, corporations ought to:

  • Buy and implement an SSL certificates for the corporate web site
  • Guarantee all internet kinds on the corporate web site are encrypted and safe
  • Solely ship emails containing PHI by means of encrypted e mail servers
  • Companion with website hosting corporations which might be HIPAA-compliant and have processes for shielding PHI
  • Execute BAAs with third events which have entry to PHI (together with website hosting corporations)
  • Make sure that PHI is simply accessible by approved people inside your organization



Please enter your comment!
Please enter your name here

Most Popular

Recent Comments