Home Health Law Is Your Web site HIPAA-Compliant? | HIPAA & Well being Info Expertise

Is Your Web site HIPAA-Compliant? | HIPAA & Well being Info Expertise

0
Is Your Web site HIPAA-Compliant? | HIPAA & Well being Info Expertise

[ad_1]

In case you are a HIPAA-covered entity or enterprise affiliate, you possible know that affected person PHI could solely be created, obtained, maintained, and transmitted as permitted by the HIPAA Safety Rule and the HIPAA Privateness Rule.  But chances are you’ll not have targeted in your firm’s web site as a spot the place PHI is collected and transmitted.  In case you are topic to HIPAA, it is best to regularly assess your web site knowledge practices.  As described on this weblog submit, it is best to make certain third-party trackers like Meta Pixel will not be accessing and disclosing knowledge behind the scenes.  However widespread customer-facing instruments shouldn’t be neglected.  Widespread methods through which PHI could also be collected and transmitted embody:

  • Stay Chat
  • Affected person Portals
  • On-line Affected person Types
  • On-line Scheduling Instruments
  • Evaluations and Testimonials
  • E-mail
  • On-line loyalty Packages

The HIPAA Privateness Rule requires that entities that create, obtain, keep, and/or transmit PHI take particular measures to guard it. For instance, if your organization retains individually identifiable medical data on a server, that server should be encrypted and safe. Transmitting PHI contains sending data by way of electronic mail, textual content, net varieties or different varieties of digital messaging. Storing PHI contains storing data in apps, knowledge facilities, and so on. If your organization web site collects, shops, or transmits PHI and doesn’t take cheap measures to safe that knowledge, it could violate HIPAA.

To start remediating dangers, corporations ought to:

  • Buy and implement an SSL certificates for the corporate web site
  • Guarantee all net varieties on the corporate web site are encrypted and safe
  • Solely ship emails containing PHI by means of encrypted electronic mail servers
  • Accomplice with internet hosting corporations which are HIPAA-compliant and have processes for shielding PHI
  • Execute BAAs with third events which have entry to PHI (together with internet hosting corporations)
  • Make sure that PHI is simply accessible by licensed people inside your organization

[ad_2]

LEAVE A REPLY

Please enter your comment!
Please enter your name here