Is Your Website Hosting HIPAA Compliant?
Is Your Website Hosting HIPAA Compliant?
May 31, 2018 by eMedEvents


At eMedEvents, we understand that as healthcare providers you are required to have your website adhere to HIPAA rules and regulations to safeguard the interest of your patients. With the implementation of the Health Insurance Portability and Accounting Act of 1996 (HIPAA), healthcare providers must abide by specific guidelines for the protection of patients’ data. Any violation could result in civil or criminal penalties which can include hefty fines and imprisonment.

Entities covered by HIPAA are:

  • Healthcare Providers
  • Health Plans
  • Healthcare Clearing Houses

HIPAA’s subcategory known as “Electronic Protection Health Information (ePHI)” outlines the rules for data storage and privacy for healthcare organizations. It requires existing as well as new healthcare facilities to update and upgrade their web hosting systems.

The main purpose of HIPAA for web hosting is divided into 3 sections:

  • Providing privacy and security standards to maintain confidentiality and integrity of the health information of individuals by encrypting the data.
  • Creating a standardized electronic transmission of common administrative and financial data and training your admin department about how to protect the data.
  • Maintaining data protection of any physical record using various levels of security precautions like CCTV, limited access to use data storage devices, etc.

As for your website hosting, it needs to fulfill 4 security criteria:

  • Network: Any form of protected health information (PHI) should not be easily accessed by anyone without the consent of the individual. It prohibits public access using any form of technology such as email, USBs, shared servers & internet, etc. of PHI.
  • Technological Measures: It has given a set of guidelines for the technical aspect of the website such as user access to data, emergency data retrieval, encryption of data policy, limited access to sensitive data, login and log out procedure, and much more.
  • Technical Policies: It requires healthcare providers to maintain a backup of data offsite. This data must be maintained in its true form, any alteration or destruction should be avoided.
  • Physical Data: HIPAA requires limited and monitored access to any storage devices that contain PHI and any physical data. This means that limited authorization is to be given to various members of the organization.

If you still have questions regarding HIPAA, then we recommend you read further on these websites:

  • Health Insurance Portability and Accountability Act
  • Texas Health and Human Services
  • American Medical Association

eMedEvents is the largest online database for CME events and medical conferences around the world. Here you can browse through thousands of conferences in 147 countries. Search by speaker, specialty, and location to find your next conference. Want to manage your CME on the go? Try the eMedEvents mobile app. Find your next great medical conference online or in one of more than 3500 other great cities around the world.


Trending Speakers