What You Should Know about HTTPS and HIPAA Compliance

Internet Marketing for Attorneys, Surgeons, and Dentists

I’m sure you’ve heard plenty of convincing reasons to switch over to an HTTPS site; the deadline to do so is quickly approaching. I’d like to add one more convincing reason to that list which specifically applies to clients in the medical field: HIPAA compliance.

The first requirement for medical websites that handle electronic Protected Health Information, or e-PHI, is to ensure that any sensitive medical information is encrypted as it travels from a user to a website and finally to a server. This is called Transmission Security:

Transmission Security. A covered entity must implement technical security measures that guard against unauthorized access to e-PHI that is being transmitted over an electronic network.”

How Our Websites Comply

Before the HTTPS requirement started picking up steam in the last year or so, Page 1 Solutions already implemented security features on our clients’ websites to protect the information submitted by users via the onlineforms.

The forms themselves are embedded onto our sites in a similar way that you can embed a YouTube video onto a web page. The embed URL we use to place the forms onto the site is already HTTPS-enabled, which satisfies the Transmission Security requirement.

The forms on our sites are normally the only way we are gathering information from users. We aren’t creating accounts for them or keeping files with their information on the website or on our servers.

So Why Are We Pushing HTTPS?  

The reason we’re asking all of our clients to move over to HTTPS is not just about HIPAA compliance, but also the fact that Google has made HTTPS a ranking factor in search results. As more websites convert to HTTPS, Google will likely increase the weight of that ranking factor. So, to avoid any adverse effects on keyword rankings or SEO performance in general, we urge all of our clients to implement HTTPS on their sites. This will technically give a double layer of security for the forms, and you’ll avoid getting the “Not Secure” pop-up on your site from the browser you are using.

If you have any questions on how HTTPS affects HIPAA compliance or have any additional questions regarding HTTPS and site security in general, please reach out to your IMC by calling 800-368-9910 today.