While most pregnancy clinics have chosen to encrypt their website with an SSL certificate, in order to encrypt the data going in and out of their website. Many organizations have not considered the next step in encryption. The next step is to encrypt your website data at-rest, while it is stored on the server hard drive – by storing it on an encrypted hard drive.
Schedule a Meeting to Learn More
Storing website data at rest on an encrypted hard drive is a security protocol requirement that HIPAA has promoted heavily.
Nearly all client-facing pregnancy center/clinic websites feature an appointment request form. It is reasonable to consider the data collected in this appointment request form to be at least the foreshadowing of PHI (Personal Health Information) or possibly actual PHI.
Missy Clifton is the owner of Learning Is Created and a certified HIPAA professional. She provides compliance training, both HIPAA and OSHA, to equip pregnancy centers and other pro-life organizations. In regard to HIPAA, she serves four types of centers. First, centers that are HIPAA covered entities and are required to comply with HIPAA. Second, centers that are in states that require them to comply with HIPAA, Texas for example. Third, centers who have contractual obligation to comply with HIPAA, and fourth, centers who operate in accordance with HIPAA to understand and maintain the confidentiality and security of the sensitive patient data they create, use, and maintain. State and federal legal landscapes are evolving, and it is her mission to ensure the safety of centers regarding compliance.
Jor-El Godsey with Heartbeat International notes that confidentiality and privacy of information has been a hallmark of the pregnancy help movement from its inception. Our collective commitment is captured in the national standard of ethical practices called, “Our Commitment of Care and Competence” found here: https://www.heartbeatinternational.org/about-us/commitment-of-care.
For those who need to comply with HIPAA or for those who decide to voluntarily follow HIPAA derived standards or for those who follow another set of standards to guide them in their security protocols, storing PHI or potential PHI on an encrypted hard drive instead of an unencrypted hard drive is reasonable.
At iRapture.com, we offer encrypted hosting for storing website data and email and the cost is higher than regular hosting that uses unencrypted hard drives. If you would like to learn more about your options to host your website files and email (while on the server) on an encrypted hard drive, please request a time to talk with Jacob.
Schedule a Meeting to Learn More