"One of our main objectives was to create a site that was HIPAA compliant, and they delivered."
- Bob Richardson, Chief Compliance Officer, Central Control Management
In 2014, Wide Web met one of their toughest challenges yet - creating an easy-to-edit HIPAA-compliant website. Bob Richardson had recently taken a position as the Chief Compliance Officer at Central Control Management; a leader in the healthcare industry specialized in long-term care facilities across the state of Louisiana. During his evaluation of Central Control's technology, Bob ran a penetration test on their, then, current website. When the test failed in a few major areas he contacted us to see if we could help to make their site secure enough to comply with the HIPAA Security Rule.
In a nutshell, the HIPAA Security Rule outlines the measures that need to be taken in order for ePHI to stay private. This includes hosting your website on a secure server and ensuring any information transmitted via the website is encrypted. If you're unsure whether you're website is (or needs to be) HIPAA Compliant refer to this quick cheat sheet we put together.
So now that we knew the weaknesses of their site, how did we go about fixing them? The first thing? Research. Massive amounts of research. We knew we wanted to use our Website Grid platform but also knew that it wasn't enough to be HIPAA Compliant on it's own so what else could we do? Our development team looked at all our options and in the end was able to develop a solution that would marry our content management system and a HIPAA Compliant hosting provider. We also included Bob in our discussions to make sure that the solution we had developed met all the standards of the HIPAA Security Rule.
After design, development, implementation and of course, lots of testing, their new site was ready to go! We helped them to secure an SSL certificate for their site, set up permissions, create secure forms and set up encrypted form notifications for all website inquiries. Both Wide Web and Central Control are confident that we have met all the requirements of the HIPAA Security Rule:
- Automatic backups that can be recovered at any time.
- Encrypted data; both stored and transmitted.
- Accessible by authorized persons only with unique permissions and auditing.
- Ability to be permanently deleted.
- Server with security standards meeting the HIPAA Security Rule
Wide Web Marketing is proud to offer provide secure, HIPAA-compliant websites that can be edited with our Website Grid content management system. Since
working with Central Control we have implemented our solution for 4 additional businesses with more in production. If you would like to discuss what
it will take to create your HIPAA-complaint site, contact us to schedule a meeting.