" web site Archives - LuxSci

Posts Tagged ‘web site’

If my web site is very simple, do I have to worry about HIPAA compliance?

Friday, March 24th, 2017

We received this questions via Ask Erik from a Physicians’ Association:

“Our company website does not contain any patient information.  As a healthcare group, do we need to worry about HIPAA compliance for our site? It contains forms, news and some company polices and procedures but no patient information whatsoever. Thank you.”

Thank you for your question!  Here, we delve into how you can answer this for your site.

 

Read the rest of this post »

Should your web site database have its own dedicated server?

Wednesday, March 15th, 2017

It comes down to security and reliability.  Should your web site be on one server (or a cluster of servers) and your database be on its own dedicated server (or servers)?  What are the pros and cons?  Is it worth the expense?  We shall delve into these business-critical questions in this article.

Dedicated Databases for Secure Web hosting

Lets look at the security and reliability impact of the various common configuration choices.

Shared Hosting

In a shared hosting environment, generally, your web site and database are hosted on the same server as the web sites and databases of many other businesses (and hackers…?) unknown to you and outside of your control.

Read the rest of this post »

7 Steps to Make your Web Site HIPAA-Secure

Friday, February 13th, 2015

Doctors and medical professionals are feeling increasing pressure to get their business online (e.g. use of electronic prescriptions, web appointments, and remote medicine are both trendy and critical for building and sustaining revenue streams in the tightening medical market).  This push includes making available protected health information to patients via a web site and collecting similar private information from patients or would-be patients.

However, where the health information of an identifiable individual is involved, the Health Insurance Portability and Accountability Act (HIPAA) is the official compliance document.  And with the Omnibus rule in place, all web sites, old and new, must be properly designed or their owners face potential financial liability into the millions of dollars.

So, what do these requirements mean and how can HIPAA be followed in the context of a website?

Read the rest of this post »

HIPAA-Compliant Web Sites: Requirements and Best Practices

Thursday, February 27th, 2014

We are approached frequently by webmasters and site designers asking for clarification on or guidelines for using ePHI in web sites that must be HIPAA compliant.

While we have discussed previously what makes a web page secure in general and also what in particular makes a web site HIPAA compliant, it seems that a concise recommendation that spells out what you should and should not do with web sites in shared and dedicated environments would be particularly useful to many.

Read the rest of this post »

HIPAA Compliant Emails Sent From your Web Site: Best Practices

Tuesday, January 7th, 2014

You buy a HIPAA compliant web hosting infrastructure.  You configure your web site to send out email messages in the simplest way, e.g. through PHP mail, or some other generic and standard mechanism.  You think you are all set — but you are not.

HIPAA compliant web hosting services provide a server infrastructure that allows you to be compliant; however, it doesn’t make you compliant.  Your web designers must make choices and program your site so that it properly respects ePHI.  If they do not do all the appropriate things, you will be out of compliance.  E.g. see: 7 steps to make your web site HIPAA-secure.

In particular, email messages sent in the “normal way” from a web site will go out insecurely in a way that will violate the HIPAA Security Rule if they contain ePHI of any kind.  E.g. they will not be encrypted and will not be archived.

Read the rest of this post »

LUXSCI