We are noticing an increasing trend of websites that are requesting patient data in a way this is unsecure and in violation of HIPAA.  We are seeing this more with home health / home care, and the problem is largely associated with one very popular company providing home health websites.  Web pages that require enhanced security are those that ask for any information that could be used for identity theft or other forms of fraud.  This includes any submit form prompting users to give insurance policy numbers, Medicare numbers, birth dates, credit card numbers, etc.  Here’s how to easily determine if these forms are providing proper security.

When viewing the pages that request sensitive data, you should see a lock icon in the address bar at the top.  This is also good to know personally, because you should never give private information online unless you see a lock icon in the address bar.  See this referral form set up by Brazzell Marketing Agency for an example of a referral form set up with proper security: https://appromed.net/Referrals.php.  You can click the lock icon in the address bar for more information on the type of security this page is providing.  If a physical therapy or home health website is requesting sensitive patient information without the lock icon on the page, that company is in violation of HIPAA – which provides very specific details for proper encryption of patient information online.  If a website is asking applicants for social security numbers or birth dates in an unsecure way, that company is exposing those applicants to identity theft and violating their trust.

One easy option is to adjust forms so they do not request sensitive data.  Otherwise, websites can add needed security for $25 to $300 per year varying widely based on the quality of the security added and from whom you are purchasing it.  You can usually purchase security conveniently from the company hosting your website, and a little development work on the website may be necessary to make the security certificate work smoothly and reliably.  At Brazzell Marketing Agency, the highest quality 256-bit encryption security can be added to a hosting account for $50 per year.

To understand what the security does, it is helpful to first understand that the most vulnerable point for private information on the internet is as it travels from an individual’s computer to the server hosting the website.  It is common for hackers to get copies of that data without interfering with the transfer of the data in any way.  Encryption solves this problem.  When a webpage has encryption, the server in essence hands the user’s web browser a way to encode a very complex secret code.  When the user hits submit on a form, before the information is sent, it is put into a highly complex code.  The server on the other end can translate the code back into readable information for the appropriate people.  If any hacker in between captures that data, all they get is long, undecipherable strings of characters.