News

HIPAA Compliance & Gathering Patient Data Electronically

Implementing HIPAA requirements doesn't have to the rocket science.  In fact, with the right support implementation for most practices can be handled without too much effort.  It just takes a little commitment from the organization and basic compliance requirements can be met.

HIPAA and IT 101: Practices sometimes take in patient data from their website via a form.  However, many don't put in the proper protections to make sure their patient's data is secured. These practices often don't realize just how insecure their website is and how vulnerable their patient data is.  Here are some tips to secure your website:
  • If you are using a CMS like WordPress, make sure it's updated to the latest version
    • Older versions of CMS systems are a major security risk and can be easily hacked
  • Make sure the site and especially the form pages where patient data is inputted are secured using SSL/HTTPS
  • Get hosting from a good web host provider that also provides firewall and web application filtering
    • Some web hosts will even fix a site if it does happen to get hacked, which can still happen even with best protection
  • Don't send form data to an email account unless it's encrypted
  • If possible use a secure database to store patient form data rather than send via email
If you aren't sure how secure your IT systems and website are, we recommend having an expert review your systems and provide a security evaluation.  JNT TEK offers free assessments of IT & security systems for practices of any size.