MD Clients - What is HIPAA/PHI?
HIPAA Compliance is the most important compliance for health-related sites. It has several requirements, but mostly – recommendations and that makes it really uncertain. The problem arises when any health-related client’s data is lost or stolen. Better Safe, than Sorry. So, what things should be considered to make your site HIPAA-Safe?
- Any health related information of a person should be encrypted before submitting it through the web form.
- The document/form arrives to the addressee as a pdf attachment
- Only a designated addressee knows the username and password and can read the document.
- Any health related information of a client stored on server, should be encrypted and available through designated protected access only. A server should have an extra security to protect information stored on it.
- Any back up of information that is made should be protected
- Any unused information kept on the server, should be destroyed upon request.
If your site does not transmit or store any client-specific information then your site should not worry about being HIPAA compliant. However, if even the "contact us" form includes questions that may relate to a specific health issue, you should consider form encryption.
If you have a website then you have to be sure all private information collected from customers is secured. For example, if you have a contact us form, what kind of questions do you have there? If you only ask for general information, such as name, locality, best time and way to contact, you are all set. Such form do not require being HIPAA-PHI compliant.
An Example of Contact Form, that DOES NOT need to be HIPAA-PHI compliant:
This form does not need to be HIPAA-compliant because it does not collect any private information about the patient.
If you ask any questions regarding the patient’s health issues or symptoms in the contact form, then you need to be sure that your form is secured. That means that the information has to be encrypted while being transmitted or stored on a server.
An Example of Contact Form that DOES NEED to be HIPAA-PHI compliant:
This contact us form is definitely need to be sent secured, because it consist of medical symptoms and conditions of a patient.
If you offer your patients PDF forms to print and bring to your office, filled out, that’s fine, you don’t have to be HIPAA-PHI-compliant.
However, if you ask your patients to submit a patient form with medical information, SSN, and insurance information, you have to be sure that this form will be properly encrypted and sent/stored securely.
Interested in finding out if your site is compliant? Contact us for FREE Consultation.