One of the most common questions we get asked is: “Is our website HIPAA compliant?” Now, most companies say, “Yeah, it’s HIPAA compliant, you have nothing to worry about.” But here is the problem: the majority of Plastic Surgeons I meet with believe they are following HIPAA guidelines when they are not. I believe this is because most practices put too much faith in their marketing companies to follow these guidelines, when many marketing companies have a hard time understanding the guidelines themselves.

So, I decided to put together a list of the MOST IMPORTANT steps to ensure your website and digital footprint are in fact HIPAA Compliant. Below are seven steps to ensure your website is HIPAA Complaint.

1. TRANSPORT ENCRYPTION: A fully secure website that is encrypted as it is transmitted across the internet.
2. BACKUP: Data is never lost, should be backed up on the server daily.
3. AUTHORIZATION: Authorized personnel should be able to access the website.
4. INTEGRITY: Is impenetrable from hacks. 
5. STORAGE ENCRYPTION: Backed up data should be encrypted.
6. DISPOSAL: Can be removed and deleted permanently.
7. OMBIBUS/HITECH: Is located on the web server and covered by the HIPAA Business Agreement.

If you would like to learn more about each of these steps as well as how to implement them within your practice, click the button below to download our guide to a HIPAA Compliant Website.