HIPAA Compliant Websites

YES WE DO

Whether you’re building a new website for your medical practice or seeking to make an existing site fully compliant with HIPAA standards, there are plenty of straightforward ways to ensure you have your bases covered.

For a healthcare website, a simple padlock icon won’t cut it. The site needs to have proper encryption methods, access controls, and logging, as well as constant, necessary checks to ensure that everything is running in compliance with HIPAA.

HIPAA COMPLIANT WEBSITE CREATION

These seven tenets built into each website created by Outlet Creative Group keeps Electronic Protected Health Information (ePHI) safe:

• Transport Encryption: Encrypted during transmission over the Internet
• Backup: Backed up in a way that it’s available for recovery
• Authorization: Only accessible by authorized personnel using unique, audited access controls
• Integrity: Not tampered with or altered
• Storage Encryption: Encrypted when it’s stored or archived
• Disposal: Permanently disposed of when it’s no longer needed
• Omnibus/HITECH: Located on the web servers of a company you have a HIPAA Business Associate Agreement with (or hosted in-house with those properly secured servers according to the HIPAA security rule requirements).

It’s safe to say that any out-of-the-box website that you can build using a third-party provider probably isn’t HIPAA-compliant. Instead, you need to pay strict attention to transmission, ensuring that information stays encrypted and unaltered as it flows across the Internet.

We prefer to use Rackspace as our secure website host.