Monday, January 3, 2011
How secure a Web site for HIPAA
HIPAA, the health insurance portability and Accountability Act, to a slightly more complicated medical website as to get it. With the expansion of the Internet, many health professionals are employed to obtain online orders and files. All medical sites which must contain personal records of patients be compliant with HIPAA, before they can be made public. To comply with HIPAA guidelines are not necessarily cut and dried and several measures to meet the legal requirements.Difficulty: ModerateInstructions1Verify, that your website requirements of HIPAA. Patient information should always encrypted as it is transmitted and stored so that it is recoverable, when it lost over the Internet. Have only authorized personnel have access to sensitive information and registrations can be altered in any way. Data should be encrypted when it is stored. You need to make available also the data. 2Purchase Certificate SSL, your Web site for "https://". Host your website can directly provide SSL. Users should can only access information from this secure manner. A separate, non-secure version can be hosted on the Internet. All the information a user submits need to server. 3Verify protected information on the website may be lost. Create a backup of the data on a daily basis to ensure that, if something happens on the Web site server information quickly can be or restored. Most Web hosts with the registers have a kind of backup. Make sure that only authorized personnel can access the backups require an access code or a key to the records 4EncryPT and secure data make it impossible to change or spoof by KennwörteRN and authorizing persons to read the access authorization information. There is no way to ensure that the information has not changed, if not previously encrypted. You can implement a digital signature to safely improve information security. 5Store. Necessarily ensure backups is accessible by individuals, who have the right to information, by in a locked location where keys. 6Dispose have only authorized personnel data, if the folders are no longer needed. All sites where the information is extracted, must remove the information. Follow the paths that are information and delete backups if necessary.