Doctors and medical professionals are feeling a growing pressure to get their business online (i.e. even use of electronic prescriptions is being pushed). This includes making available protected health information to patients via a web site and collecting similar private information from patients or would-be patients. If doctors can show that they are using digital systems with their health care practices in a meaningful way by 2011, they may be eligible for some serious money (part of the proposed stimulus package — the Health Information Technology for Economic and Clinical Health Act (HITECH)).
However, where the health information of an identifiable individual is involved, the Health Insurance Portability and Accountability Act (HIPAA) is the official compliance document. So, what do these requirements mean and how can HIPAA be followed in the context of a website?
What are the HIPAA requirements for a web site?
HIPAA is an unusual law in that it makes a lot of recommendations (addressable items) and a few assertions (required items) and in the end, it is up to each organization to determine what they need to do to be compliant. This creates a great deal of flexibility and also a great deal of uncertainty. In general, to be HIPAA-compliant, a web site must at a minimum ensure that all protected health information:
The above is the simplified basics requirements of HIPAA. We also use the HIPAA security check list. This is what has made us a certified HIPAA compliant hosting facility. We have HIPAA security certified staff.