Due to privacy rules under HIPAA and the HITECH Act, medical practices function under stringent security guidelines meant to ensure patient privacy. This means that when building a website for your practice, it’s vital that you choose a secure web host. Before you settle on a platform, make sure you’ve checked for these 5 features – otherwise you may find yourself facing more than just tech problems with your site.
Protect The Premises
When considering a web host, you’ll need to think about more than just digital security. In fact, before you even get that far, you should check on the physical safety of the hosting environment. Since the server for your site likely won’t be on your premises, check into the host’s storage facility. The host should be able to attest to environmental protections such as water and heat protection, fire prevention, and physical theft. Ask about who has access to the server facility, how the system is backed up, and how often it’s inspected.
Make sure someone is always nearby to troubleshoot physical problems with the server. Just because your site seems to exist in the nebulous world of cyberspace doesn’t mean it won’t need physical upkeep – and a great host will have that upkeep prescheduled.
Building Better Business Associates
While we typically think of HIPAA as exclusively impacting healthcare providers and insurance companies, HIPAA also sets out rules for a category known as business associates (BAs). The HITECH Act further consolidated the rules for BAs, which are also required to protect all patient information. Web hosts, email systems, and EHR companies are all considered BAs.
Discuss the rules for BAs with potential web hosts and test their familiarity with the rules. If the host seems unclear about how these protections work, they aren’t the host for you. As a medical practice, you should never work with a company that doesn’t have a complete grasp of HIPAA’s BA regulations. Don’t let them learn the rules at your expense.
Going Up Or Going Down
An important feature that contributes to website success is sustained “uptime.” Essentially this means that the site is up and running, and for an average website this is important because users want access. But for healthcare websites like patient portals that are used for records and communication, excess downtime can be a barrier to proper practice function. Talk to other companies that use this host and ask about their uptime statistics. You don’t want to spend a day shut down because your host server isn’t working.
Stage A RAID
RAID is a great security system and some hosts offer it for free as part of their services while others offer it at a fee. Either way, using RAID can help your practice protect vital information, even if the server crashes. You can’t afford to lose patient medical data, so choose RAID-protected hosting for your site.
As important as RAID is, it’s not a firewall and it can’t replace the value of this standard protection. Talk to your host about their firewall and how the company handles any security issues.
Once you’ve chosen a web host and confirmed their security practices, make sure you don’t become complacent. Practice ongoing risk assessment to ensure patient privacy, and if you’re unsure about the components of a proper risk assessment, consult with an IT firm with specialization in health information security and HIPAA/HITECH regulations. As we grow more dependent on technology, we need to be more aware – don’t get caught by a bad web host.