Open post

October is National Cybersecurity Awareness Month

Observe National Cybersecurity Awareness Month with an eye toward improving your computer, dental website and data security which are parts of HIPAA compliance.  There are many aspects of HIPAA compliance to consider for your patient data, patient communications and dental marketing.  I have already written several dental blog entries and social media posts about the need to make your dental website secure with an SSL certificate.

Here are some helpful links to HIPAA reference materials created by The Department of Health and Human Services Office for Civil Rights (OCR):

Here is just a partial list of HIPAA compliance tasks that you can implement now:

  1. Provide staff training in HIPAA.  Here is a cost effective on-line program created by the American Dental Association.
  2. Implement Business Associate Agreements.
  3. Conduct an assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of patient data.
  4. Implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply with § 164.306(a).
  5. Add a HIPAA Sanction policy to your employment manual.  Ensure that all staff members receive the new policy with documentation.
  6. Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.
  7. A covered entity that maintains a a dental website that provides information about the covered entity’s customer services or benefits must prominently post its notice on the website.

I encourage you to subscribe to the HIPAA Journal.  It is a FREE on-line journal providing valuable information and news about HIPAA for the healthcare professionals.  They just published an article entitled: “Why Dental Offices Should be Worried About HIPAA Compliance.”

HIPAA compliance is a process.  Keep working toward getting a secure website.  If you need help, please call Cutting Edge Practice at 847-370-9131 or reach out to your IT professional.

2 Reasons to Comply with HTTPS Everywhere

 Google prompts website owners to adopt HTTPS Everywhere

Safeguarding information is important to Google and it should be important to each of us. In 2014, Google adopted HTTPS Everywhere to move website owners to secure their websites and their data.  As healthcare providers, HIPAA has strict rules on how we manage patient information and patient communications.

Many dentists use their websites to collect patient information.   Dentists want their websites to be as interactive as possible.  Dental websites collect patient data from new patients as well as from current patients.  Data collected on these forms are transmitted to the dental office in the form of an email.  Here are common forms used on dental websites:

  • Contact Us form
  • Make An Appointment form
  • Health History form
  • Dental History form
  • Financial Information form

Addressing the encryption of patient data is of paramount importance to maintain HIPAA compliance.  Adding secure socket layer (SSL) protection in the form of a SSL certificate through your website host and email host is a good place to start.  Make sure that your patient-information portals are moved to an SSL page. Restricting access to the website and data coming to your office through your website should be restricted to trusted personnel.

Emails containing patient information must be encrypted at both ends to be HIPAA complaint.  Hosting companies like Godaddy and NetworkSolutions a company, have staff devoted to helping website owners with SSL certificates and encrypted email.  Contact your hosting company for a phone consultation regarding website and email security and compliance.

HTTPS Affects Your Search Engine Placement

Google has announced that it will begin penalizing websites that have not been secured. The HTTPS designation is given to websites that have been secured.  Websites with URLs that appear as HTTP:// instead of HTTPS:// will be flagged by Google as unsecured.  Google will be giving preference to secured websites in search engine placement.

So you now have 2 reasons to adopt HTTPS Everywhere:

  1. HIPAA compliance
  2. Improved Google search placement

For those of you who are interested, here is a 45 minute video made by Google explaining their “HTTP Everywhere” initiative in detail.

Scroll to top