HIPAA Compliance and the Internet

For Lawyers, Doctors, and Dentists

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is great for protecting sensitive health information for patients, but can be difficult for medical professionals to comply with. The first HIPAA legislation passed in 1996, but the trend towards digital information gathering and storage has incited a national audit program, led by the Office of Civil Rights and starting sometime in 2014.

Keeping records locked in an office is one part of HIPAA compliance, but what about all that information floating around in digital spaces, like your computer systems and website? Here are some steps you can take to stay up to code with HIPAA compliance on the Internet:

Naming Images

Images are essential to a great website, especially in those Before & After galleries. Be careful when adding images to the website because there is a lot of extra data that photos carry. Make sure that your images do not include names, initials or demographic information of the patient. While it seems like a lot of work to do per image, this is not just an extra step towards compliance, but an extra step towards optimization too! Naming image files with keywords (Cosmetic Dentist, TMJ Dentistry, Teeth Whitening) can strength your website’s search rank because search engine crawlers do take into account an image’s meta data, including the image file name you keep on your computer before adding to the web.

Protecting Your Passwords

The services that Page 1 Solutions provide are HIPAA compliant as long as you safely protect your passwords. The information we handle is compliant with HIPAA standards up to the point of delivery, and from there it is up to you, your staff and the practice to ensure your patient information is HIPAA compliant and that the information is only being accessed by authorized people.

Know Your Compliance Agreements, and Those of Your Business Associates

In managing a medical practice, there are so many things to take care of that many services are outsourced. Be sure to check with other companies you work with to see what measures they take to ensure HIPAA compliance. Even Google Apps for Business (Gmail, cloud storage through Drive) are only compliant if you pay for Google services and sign an official business agreement.

Here, at Page 1 Solutions, our mini and main contact forms are secure and our patient forms are encrypted. Our email servers are also secure as long as you protect the passwords and only allow access by authorized personnel. If you are interested in setting up new or additional encrypted patient forms, call recording, or online chat, please contact me today.  I will work with you to ensure that your website and all of its connected services meet compliance with HIPAA mandates.

~ By Laura Nagler, Internet Marketing Consultant