Skip to Content

Five Considerations for HIPAA Compliant eCommerce

Helping your HIPAA compliant ecommerce site be even more secure

HIPAA Compliance for eCommerce Sites

HIPAA compliance websites by Clarity VenturesIf your eCommerce website comes in contact with individuals’ personal protected health information (PHI), it most likely needs to be in HIPAA compliance. When dealing with PHI, your eCommerce site needs to be extremely secure in order to prevent others from accessing your customer’s personal information. Below are five things to consider to help make your eCommerce site HIPAA compliant and protected.

So now we can offer our clients HIPAA compliant hosting on Microsoft Azure starting at $100 per month! Clarity Ventures
Top Things You Need to Know

Five Considerations for HIPAA eCommerce

There can be quite a big list of things that are needed. The most important is to know that there is not a governing body that "certifies" your site to be HIPAA compliant. There's a governing body that has drafted the guidelines that you need to follow, and can assess penalties if your site is breached and you violate the guidelines. So our best piece of advice is to talk to someone, like Clarity, that has designed, built and delivered literally dozens of HIPAA compliant portals, HIPAA compliant eCommerce stores, Doctor-Patient portals, mobile healthcare apps, online pharmacies and more. Ask questions, and make sure they get you up to speed.

Here's a short list of things to get you started:

Data in Transit, at rest, stored?

1. Data Encryption

One of the requirements of a HIPAA compliant website is having all of your data encrypted. Data that is transmitted, archived, and stored all needs to be encrypted in order to keep people’s PHI secure and private. Consider taking it a step further and encrypting the data within your database, which will help increase the safety of your customer’s private and personal health information. Normal fines of $210 per piece of data leaked in a breach are common. Remember the big Target leak a few years back? Imagine 20 million customer records @ $210 each!

Protecting Data in Transit

2. HIPAA SSL Certificate

A Secure Socket Layer (SSL) is another essential for HIPAA compliance. HIPAA SSL requirements mean that you need to purchase a certificate. SSL adds a layer of protection that allows you to transmit private information and data securely to and from your site or portal (i.e. data in transit). Your eCommerce site should pass all of its transmission over SSL to ensure that any customer's private information remains private and safe.

SSL certificates are renewed each year and run from $39 to 300 a year. The cheaper certificates don't do any domain validation, and thus doesn't convey trust to the people using your site. For HIPAA SSL, spend the few extra bucks and get at least a domain certificate or EV certificate.

Clarity HIPAA Projects
Protecting Data Tampering

3. Logging Use & Access to Data Records

When someone accesses the data records that contain private personal information, that use needs to be logged. Many programs, including firewalls, can automatically log who accessed the data, when they accessed it, and whether or not they made changes to the data. This helps trace how many people have seen the information and who may have altered it. If there is a breach in the system, it can also help determine who breached it and when it happened. This data is commonly requested by courts in cases of insurance fraud. There may be additional HIPPA policy for eCommerce companies that track the sale of narcotics and controlled substances, so add the extra protections up front. The unique PHI edits must be recorded as who, when and what the old and new values of the data changed are. This must all be stored in a separate log that is also encrypted.

Data Tokenization (Similar to PCI)

4. Minimizing Availability of Secure Data

When you are dealing with sensitive information such as PHI, it can be difficult to keep and protect customer’s private information. The tokenization of data helps to accomplish this. Tokenization is a process where private information is replaced by unique symbols or numbers that are unrelated to the original information. This enables you to store the private information while keeping it secure and making it difficult for hackers to decode any information if they are able to breach your systems.

Secure Hosting

5. Authentication & IP Blocking

To help keep your website secure and in follow HIPAA standards, you can use an authentication process. By requiring authentication credentials that only the server that hosts the site has, no one else will be able to access it. You can also use IP blocking which enables you to block any IP addresses that you don’t want accessing your site or systems.

Finally, the hosting environment you chose must facilitate everything above and those used to run around $1,200/month up to 2018. Microsoft Azure finally figured out a way to provide HIPAA hosting for under $400 a month, so we started using them for all of our HIPAA compliant sites. Just in 2019, Google and Amazon joined the game and are offering hosting at around that $400 per month range, so Azure stepped it up again and is offering their micro-services in a HIPAA fashion. That means that a HIPAA secure database is $20 a month, a HIPAA file storage drive is $30 a month, and a server (VM) around $50. So now we can configure HIPAA compliant hosting on Microsoft Azure starting at $100 a month.

HIPAA Development Experts

Clarity Can Help

Our team at Clarity has worked on developing HIPAA compliant sites, portals, mHealth apps, eCommerce solutions for over 15 years. Our experts understand the ins and outs of HIPAA compliance and what it takes to make your website and customers’ information as secure as possible, lowering your risk to ensure compliance and security. Clarity even offers HIPAA compliant web hosting for your websites. To find out more about how Clarity can help your site with its HIPAA compliance development or HIPAA compliant eCommerce platform, call or click to contact us today!

 

icon description

Find out more

Click here to review options to gather more info. From resource guides to complimentary expert review... we're here to help!

image description
Back to top
Request a Quote
 
Please feel free to send any associated files to us at:
[email protected]
 
Privacy Statement | Terms of Use
Click anywhere outside this form to close.
Request a Demo
 
Please feel free to send any associated files to us at:
[email protected]
 
Privacy Statement | Terms of Use
Click anywhere outside this form to close.
Ask an Expert
 
Please feel free to send any associated files to us at:
[email protected]
 
Privacy Statement | Terms of Use
Click anywhere outside this form to close.
Newsletter
 
Please feel free to send any associated files to us at:
[email protected]
 
Privacy Statement | Terms of Use
Click anywhere outside this form to close.