What happens when you mix legal jargon with medicine and science? HIPAA regulations! While they’re not a laughing matter (except for when we try too hard to make it punny), HIPAA guidelines don’t need to be scary or overwhelming like Emily Post’s “Etiquette”. There are so many websites and articles out there (yes, the all-encompassing “there”) to help you navigate how to make sure your organization is HIPAA Complaint. We’ve taken the liberty of bullet pointing some requirements and tips on making you website HIPAA compliant (If you haven’t noticed, websites are kind of our thing).
So first off, what is HIPAA? A strange hippopotamus that’s too cool for the 3 syllables? No, HIPAA is the Health Insurance Portability and Accountability Act. The HIPAA Security Act is in place to dictate how computers are used regarding patient privacy where patient data and information are concerned. The USS Department of Health and Human Services outlines it best as follows: “All HIPAA entities provide a security plan with safeguards explicitly defined for the following areas:
To abide by HIPAA regulations certain guidelines must be followed. Here’s a quick snapshot of some of the bigger features HIPAA compliant websites must posses:
- Secure web server - a server running secure socket layers is the minimum needed.
- Secure access control -- in addition to a traditional user id and password, it may be a good idea to use a strong password or smart card as additional security.
- Session timeout - this assures that confidential data is not left on an unattended screen.
When you start your website out as HIPAA Compliant it will ultimately cost less than trying to go back and ensure that the site is following by all the HIPAA regulations.
Below are a few extra links for some leisurely reading on the topic. We are always trying to keep up to date on the latest technologies that make “HIPAA Compliant” an easier title to achieve.