One of the most frustrating aspects of becoming HIPAA compliant is the ambiguous nature of the law itself. Not only have the HIPAA Security and Privacy rules changed many times since 1996, but the law is still very nebulous as to what “HIPAA compliance” means.
The Office for Civil Rights (OCR) doesn’t have a HIPAA checklist that says, “If you do X, Y, and Z, you’re completely HIPAA compliant and we will never find you liable for a breach.”
Because there’s no official HIPAA-compliant software checklist, the term “industry best practices” is often used to describe the steps to take to secure your websites, portals, apps, and servers from attackers. That’s why it’s so important to work with a developer that has experience in the HIPAA space; knowing what to secure—and the best way to do it—ensures that your ePHI remains safe.
Industry best practices for HIPAA information have evolved to include the use of content delivery networks (CDNs). CDNs put an extra layer between your publicly accessible endpoints, namely patient/customer portals, and the servers providing the information they need. Some CDNs, such as Cloudflare, offer additional security measures as well. Let’s talk about how CDNs can increase HIPAA compliance and make your websites more efficient.