The Doctor image by Luke Fildes via wikipedia
Eric Gockel

Written by Eric Gockel


While searching online for a local optometrist today, I ran across one that had an online Patient Info Form. Handy I thought, even though I didn’t need to fill it out.

However, they were asking for personal medical information, i.e. “list medical problems”, HIV, etc. and the page the form was on wasn’t even secured with HTTPS.

When transmitting personal information online, it’s always good practice to do so securely, even more so for medical websites lest they run afoul of the Health Insurance Portability and Accountability Act (HIPAA).

Hopefully your website is doing this already. If not, you may want to also make sure that:

  • Data collected is on a HIPAA compliant hosting server.
  • If the data collected is being emailed to the physician, the email service also needs to be HIPAA compliant.
  • If HIPAA is involved, your website developer and medical practice should have a Business Associate Agreement.

Read more about adding HTTPS to your website.