5 More Tips for A HIPAA Compliant Website

Last week, I went over 5 tips for a HIPAA complaint website. If you are collecting protected health information (PHI), then you need to prioritize having a compliant site and adhere to the HIPAA standards. Let’s take a look at what that means and I’ll give you 5 more tips to protect yourself from possible fines or even jail time.

LINKS:
____________________________________________

https://etactics.com/blog/how-to-make...
___________________________________________

1. Develop And Implement Systems For Handling PHI
If your business does not have systems for directly handling PHI, it's time to develop them. HIPAA-compliant services must be secure during internet transfer, which includes end-to-end encryption for any information sent between healthcare providers.

This includes:
* Collecting PHI
* Storing PHI
* Transmitting PHI

2. Offsite Backups
Having an offsite copy of daily backups for disaster recovery is very important. These backups of your business production system data are easily retrievable incase a restore is necessary.

While we are on the subject, having an onsite backup solution is also an option. The main difference being the geographical location of the stored data. Offsite backup uses an offsite server while onsite backup uses a local storage system and does not need internet access.

3. Provide HIPAA Compliance Training
While this might not be a service offered by your web host, it is still very important to remember when working with electronic PHI. Well, any PHI really. Providing HIPAA compliance training to your employees strengthens that first line of defense. Lack of knowledge of HIPAA protocols is one of the biggest risks when it comes to your daily office operations.

Make sure your employees understand how to stay HIPAA compliant while interacting with sensitive information by offering training. Good news is it doesn’t have to be boring! Offering online training that both properly educates your team but is also engaging is a balancing act, but isn’t impossible. And remember that effective training comes with repetition. We suggest renewing your certification annually to stay up to date with these regulations.

4. Security of Data Center and Auditing
We recommend also looking beyond healthcare law certifications when judging a website host’s security stance. Also make sure to take into consideration the audit aspect of protected health information.
Having a system to produce audit reports helps to provide detailed information and assurance about an organization's security, availability, processing integrity, confidentiality and privacy controls. This report will help you verify that the third-party you work with has the ability to keep records online and the identity of your patients secure!

5. Managed Firewall
Protecting network traffic, including the flow of sensitive data, starts with a strong firewall. Firewall management is the process of monitoring a firewall (or even multiple firewalls) to maintain a safe network.

A managed firewall should include the following:
* Prompt security responses.
* Routine device health checks.
* Log monitoring.
* And authority over network ingress and egress points.
The system itself should include:
* Load balancing.
* Redundancy via a secondary firewall.
* Global blacklisting.
* Virtual private network (VPN) connectivity.
* Stateful filtering.
* Monitoring.
* Reporting.

Clients trust their health to physicians and other healthcare professionals, and they want to feel their sensitive information is in good hands too!

► Reach out to Etactics @ https://www.etactics.com​
►Subscribe: https://rb.gy/pso1fq​ to learn more tips and tricks in healthcare, health IT, and cybersecurity.
►Find us on LinkedIn:   / etactics-inc  
►Find us on Facebook:   / ​  

#HIPAAWebsite #HIPAACompliantWebsite