troubleshooting Question

Are there any HIPAA considerations involved with taking form submissions on a web site for a medical services company?

Avatar of TechStudio
TechStudio asked on
Web DevelopmentSecurityWeb Services
5 Comments4 Solutions295 ViewsLast Modified:
I am in the process of building a web site for a medical services company. They perform drug screenings and provide vaccination services as a couple main examples. The plan for their web site is to create an area where their clients, businesses who employ fairly large numbers of workers who they want to screen, can submit a form input which authorizes the medical services company to perform a drug screening, charge the client and mail a paper copy of the results to the client. This is a basic overview of the form submission:

Client => Automatically selected field when user logs in. ie. ACME, Inc.
Employee Name => Person who will be screened, John Q Public
Screening Options => Types of screenings and tests to be performed
Work Order Number => Some arbitrary number for paperwork. ie. 283.01
Appointment Time/Date => Time and date of appointment

... so essentially the only medically significant information is the patient's name. However, the form may expand to include answers to questions such as "what medical conditions do you currently have" or "are you allergic to anything?" and so on. There will never be any social security numbers or payment information.

I plan to use the following methods to secure the login area on top of usual good development.

* SSL Certificate for front and back-end of site
* Complex password requirements
* When a submission hits the site an alert email is sent, but only to say a submission has been made. A clerk must log in using a complex password to find the information on the site's back-end under SSL.

This brings me to my question.

Does anyone know if these operations are covered under HIPAA and if there are any specific requirements the web site must adhere to therein?
David L. Hansen

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 4 Answers and 5 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 4 Answers and 5 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros