" web site Archives - HIPAA News, Web & Email Security Tips & News - Plus More | LuxSci
LuxSci

Posts Tagged ‘web site’

Does Your Website Have Grown Up Security?

Friday, April 14th, 2017

Website security used to be simple – configure a few settings and call it a day.

That’s not enough to secure your company’s online presence today. First, reducing website security to a single technology oversimplifies the security threats you face. Second, you also need to give thought to the full range of security risks you face.

Read the rest of this post »

If my web site is very simple, do I have to worry about HIPAA compliance?

Friday, March 24th, 2017

We received this questions via Ask Erik from a Physicians’ Association:

“Our company website does not contain any patient information.  As a healthcare group, do we need to worry about HIPAA compliance for our site? It contains forms, news and some company polices and procedures but no patient information whatsoever. Thank you.”

Thank you for your question!  Here, we delve into how you can answer this for your site.

 

Read the rest of this post »

Should your web site database have its own dedicated server?

Wednesday, March 15th, 2017

It comes down to security and reliability.  Should your web site be on one server (or a cluster of servers) and your database be on its own dedicated server (or servers)?  What are the pros and cons?  Is it worth the expense?  We shall delve into these business-critical questions in this article.

Dedicated Databases for Secure Web hosting

Lets look at the security and reliability impact of the various common configuration choices.

Shared Hosting

In a shared hosting environment, generally, your web site and database are hosted on the same server as the web sites and databases of many other businesses (and hackers…?) unknown to you and outside of your control.

Read the rest of this post »

7 Steps to Make your Web Site HIPAA-Secure

Friday, February 13th, 2015

Doctors and medical professionals are feeling increasing pressure to get their business online (e.g. use of electronic prescriptions, web appointments, and remote medicine are both trendy and critical for building and sustaining revenue streams in the tightening medical market).  This push includes making available protected health information to patients via a web site and collecting similar private information from patients or would-be patients.

However, where the health information of an identifiable individual is involved, the Health Insurance Portability and Accountability Act (HIPAA) is the official compliance document.  And with the Omnibus rule in place, all web sites, old and new, must be properly designed or their owners face potential financial liability into the millions of dollars.

So, what do these requirements mean and how can HIPAA be followed in the context of a website?

Read the rest of this post »

HIPAA-Compliant Web Sites: Requirements and Best Practices

Thursday, February 27th, 2014

We are approached frequently by webmasters and site designers asking for clarification on or guidelines for using ePHI in web sites that must be HIPAA compliant.

While we have discussed previously what makes a web page secure in general and also what in particular makes a web site HIPAA compliant, it seems that a concise recommendation that spells out what you should and should not do with web sites in shared and dedicated environments would be particularly useful to many.

Read the rest of this post »

HIPAA Compliant Emails Sent From your Web Site: Best Practices

Tuesday, January 7th, 2014

You buy a HIPAA compliant web hosting infrastructure.  You configure your web site to send out email messages in the simplest way, e.g. through PHP mail, or some other generic and standard mechanism.  You think you are all set — but you are not.

HIPAA compliant web hosting services provide a server infrastructure that allows you to be compliant; however, it doesn’t make you compliant.  Your web designers must make choices and program your site so that it properly respects ePHI.  If they do not do all the appropriate things, you will be out of compliance.  E.g. see: 7 steps to make your web site HIPAA-secure.

In particular, email messages sent in the “normal way” from a web site will go out insecurely in a way that will violate the HIPAA Security Rule if they contain ePHI of any kind.  E.g. they will not be encrypted and will not be archived.

Read the rest of this post »

Everything You Wanted to Know about SSL Certificates

Tuesday, January 8th, 2013

SSL certificates are pervasively used on the Internet for securing all the data sent between servers, devices, clouds, phones, computers, etc.  SSL certificates are intrinsic in the encryption of communications using  “SSL and TLS” (how do these work?  What is the difference?) — you can’t have secure communications without them!

In this article, we answer many common and not-so-common questions about SSL certificates.

Read the rest of this post »

Reports: Web Site Analytics and Logs at LuxSci

Tuesday, September 11th, 2012

LuxSci captures log files and creates automatic basic web site analytic reports for its web hosting customers.  This article provides an overview of what reports are available, where to access them, and recommendations for getting more advanced web site analytics.

Read the rest of this post »

Web Form To Email – Doesn’t Get Any Easier!

Friday, January 8th, 2010

One of the most ubiquitous parts of a web site is the “contact us” form.  Other types of forms abound  — for collecting customer requests, quote requests, surveys, customer feed back, etc.  In the vast majority of cases, all of these forms send their data to a program on the web server which collects the data and sends someone an email message with the content.  Web form to email.

Quick and easy.  However, the quick and easy solutions to setting this up do not take care of things such as:

Read the rest of this post »

Recipe: Completely Secure Collection of Web Form Data using SSL and PGP or S/MIME

Tuesday, March 17th, 2009

The situation: your organization needs to collect information from clients through from(s) on your web site, but that information is sensitive. So, you need to be absolutely sure that the information is transferred from the users of your web site to you in as secure a fashion as possible. This means that

  1. no one but you (or optionally your authorized staff) can intercept or read the information,
  2. the information is never stored insecurely anywhere
  3. the information cannot be modified without your knowledge

Why would this high level of security and privacy be necessary? There are many cases where they are essential; some of these include:

Read the rest of this post »