You in all probability already know that HIPAA violation fines can run as excessive as $50,000 per incident. If that’s not sufficient of a purpose so that you can ensure your healthcare follow web site is HIPAA-compliant, we are able to consider a number of others. This text will discover these causes and provide some useful solutions for making a HIPAA compliant web site for 2022.
In case your web site collects, shops, or transmits PHI (protected well being data) or ePHI (digital protected well being data), and also you don’t take cheap measures to safe these knowledge, you could be in violation of HIPAA. If you’re, you run the chance of HIPAA penalty fines. Relying on the size of violation, variety of sufferers affected, and stage of negligence, fines can vary from $100 to $50,000.
Information breaches usually have three principal causes. They are often attributable to third-party errors, worker actions and misplaced or stolen gadgets containing PHI or ePHI. So, ask your self: does my web site have what it takes to be HIPAA compliant?
What’s the present state of HIPAA compliance?
A latest survey discovered the next details about HIPAA compliance:
- 58% of respondents have a HIPAA compliance plan
- 23% of respondents didn’t have a compliance plan
- 45% of respondents have breach notification insurance policies
- 67% of healthcare organizations plan to spend money on HIPAA audit providers
What are the necessities for a HIPAA web site?
In a nutshell, any data that’s transmitted out of your web site should at all times be encrypted and safe. Your PHI needs to be backed up, recoverable and accessible solely by approved personnel who’ve distinctive entry rights. The data ought to by no means be altered. Private well being data needs to be completely erasable when it’s not wanted.
Does your web site meet HIPAA safety requirements?
In case you reply sure to the next questions, your web site in all probability meets HIPAA safety requirements:
- Does your web site have automated back-ups which are recoverable at any time?
- Are the information that’s transmitted out of your web site encrypted?
- Are your saved knowledge encrypted?
- Are your web site knowledge accessible solely by approved individuals with distinctive permissions?
- In case your web site is not wanted, can it’s completely deleted?
- Do you may have a HIPAA Enterprise Affiliate Settlement with the corporate that hosts
your web site? If not, does the server that hosts your web site meet HIPAA safety guidelines?
What constitutes PHI (protected well being data)?
PHI is personally identifiable medical or cost data associated to a affected person’s well being providers. It contains identifiable demographic or genetic data associated to the bodily or psychological situation of a person. It additionally contains cost or monetary data associated to a person’s healthcare. In case your web site collects individually identifiable medical data resembling signs, situations, or requested healthcare providers, that’s PHI.
In case you acquire well being data from on-line contact varieties or affected person varieties that ask about signs, medical providers, medicines or different health-related data, you should be HIPAA compliant. Ditto for reside chat, affected person portals, affected person opinions or testimonials and different information-collecting instruments which may be in your web site. The Privateness Rule of HIPAA requires that anybody who shops PHI should take cheap measures to guard it. In case your individually identifiable medical data is saved on a server, that server should even be encrypted and safe. Chances are you’ll be transmitting PHI once you ship data by way of e mail, net varieties or different varieties of digital messaging. To remain HIPAA compliant, all emails, e mail servers and net varieties needs to be encrypted and secured.
How will you have a HIPAA compliant web site?
In case you discover that your web site just isn’t compliant, you must comply with these important steps:
- Buy and set up an SSL certificates on your website
- Be sure that all net varieties in your website are encrypted and safe
- Ship emails containing PHI solely via encrypted e mail servers
- Be sure that PHI is barely accessible to approved people
- Associate with a HIPAA-compliant website hosting firm that protects PHI
- Signal a enterprise affiliate contract with any third events who’ve entry to your sufferers’ PHI or who present HIPAA-compliant website hosting
- Set up processes to delete, backup and restore PHI as wanted
Healthcare professionals already know that PHI and ePHI should meet the security guidelines and necessities of the Well being Insurance coverage Portability and Accountability Act and the Division of Well being and Human Providers. In case you take cheap steps to safe PHI, management entry to it and associate with different HIPAA-compliant organizations, you possibly can shield your sufferers’ privateness and keep away from violations and fines.
Why is HIPAA compliance such an enormous concern?
Physicians and medical directors know that confidentiality, knowledge safety and privateness are greater, extra harmful and extra complicated points at the moment than they had been earlier than we turned an Web-driven world. In any case, well being knowledge and medical data make engaging targets for legal actions resembling cyber theft and ransomware assaults.
If these digital safety points aren’t compelling sufficient to maintain you up at night time, then think about that many healthcare web sites are nonetheless not safe and could also be failing to safeguard “individually identifiable well being data.” That’s why being HIPAA compliant is so very important for each healthcare follow web site.
How is your healthcare web site, and HIPAA compliance, put in danger?
Ask your self in case your recordsdata, storage, and transmissions are safe? Remind your self that any knowledge “within the open” with out encryption or an SSL (safe socket layer) are in danger. Ensure that all delicate materials is encrypted and safe, significantly when transmitting over the Web.
Even easy varieties can put you in danger. Usually, a affected person or potential affected person completes a web based type that reveals their identify, telephone quantity and e mail deal with. That private knowledge wants the identical stage of safety as ePHI. Being “individually identifiable” and “protected well being data” signifies that it’s more likely to meet HIPAA’s definition of digital protected well being data.
One other large threat issue is social media. Whereas social media is beneficial for discussing many subjects underneath the healthcare umbrella, data particular to a person affected person or identifiable information resembling pictures can violate private privateness.
If you end up within the place of responding to on-line feedback or evaluation websites, let warning prevail. It’s OK to reply on-line. Simply make it possible for your reply avoids reference to a selected, identifiable or particular person affected person. It’s typically finest to make use of additional warning and keep away from even acknowledging that somebody is your affected person.
Does your smartphone put you in danger?
You guess. Always remember that your sensible telephone is a serious goal for theft. Cellular gadgets are compact and simply to grab out of your hand or any flat floor you allow it on. That opens the door to cyber theft of your saved or accessible data. Cellular gadgets which are used to trade doctor-patient communications will not be both safe or HIPAA compliant.
How do you guarantee your web site’s HIPAA compliance?
Your best choice is to associate with a good healthcare advertising company specializing in HIPAA compliant healthcare advertising. They’ll make it possible for your web site is HIPAA compliant and so they’ll embody it in your healthcare advertising plan. They’ll enable you current your HIPAA compliance as a profit to sufferers who’re fearful about privateness points. Better of all, an excellent healthcare advertising company will enable you keep away from penalties and dear fines whereas defending your peace of thoughts.