HIPAA Security Basics: Keeping your Medical Web-Based Business Compliant

By: Shobha Lizaso

Medical web-based businesses have been on the rise, while the number of HIPAA enforcement actions by the US Department of Health and Human Services (HHS) has risen exponentially as well. Since the beginning of this year, HHS has announced several large settlements with companies that failed to comply with HIPAA Compliance requirements. For example, in January, HHS announced a $2.2 million settlement with a health insurance company when a breach resulted from a stolen portable USB device containing PHI. Also, In February, HHS announced a penalty of $3.2 million against a medical center for a breach that arose from a theft of an unencrypted laptop containing PHI. This enforcement activity is becoming the norm, so it is best to ensure that your medical website is legally compliant.

If you are handling any PHI on or through your website, you must ensure that your website is up to speed with HIPAA compliance. Here are some recommendations to address the security and privacy of PHI that your website may manage (please note that this is not a comprehensive list):Continue reading