Quality certifications are considered a mark of excellence in many industries, especially in healthcare. Becoming certified confirms your commitment to quality and the positive impact it will have on your organization. Since your website is a virtual extension of your organization, it should be held to the same standard. There are several key measures that relate to quality, usability and security to determine if your current website is on par.
WCGA 2.0 – Website Accessibility
If you are a healthcare provider who receives funds from the federal government, you must now meet WCAG 2.0 AA website accessibility standards. Those organizations that fail to comply may face a penalty. Since content is added and changed all the time, it’s important to run your site through a 508/WCAG 2.0 checker so that you have verification that your site remains compliant.
See if your healthcare site is WCAG 2.0 AA compliant
Page Speed
Page speed has been used as a ranking signal in search for some time. Earlier this year, Google announced that page speed is now also a key ranking factor for mobile searches. As mobile use continues to increase, mobile search and user experience (UX) is more relevant than ever before. The time it takes for your page to load on a mobile device may make or break how well your site performs in search or how well (or not) your site converts its users.
The time is now for optimizing your site’s page speed.
GTmetrix is a page speed tool that gives some you insight on how well your site loads and provides recommendations on how to optimize it for improved page speed performance. Compressing your images, removing unused plug-ins, using a content delivery network (CDN), caching files, minifying code are all things that will help to improve page speed.
Grade your website’s page speed
HIPAA Security
HIPAA compliance for any healthcare provider means making sure reasonable steps are taken to ensure protected health information (PHI) is and remains safe. When that data is collected, transmitted or stored online, it means there are proper technical, physical and administrative safeguards are in place to keep data secure. Failure to do so can mean fines from $100 to $50,000 per violation.
When patient information such as patient name, email address and or phone number is collected on your website, it should never be sent to you through standard email. When ePHI is collected through a web form, it is done using a secure connection where HTTPS is visible in the URL. Just having an HTTPS doesn’t mean that ePHI is being handled appropriately. Typically that is done using a secure application that maintains proper access control and documentation.
SSL – Secure Encryption Protocol
Is your organization using SSL for your healthcare website? If not, you should be. As we’ve mentioned before, beginning July 2018, Google Chrome will mark all HTTP sites as “not secure.” This is one of the next steps that Google is taking to make HTTPS the default for websites.
So a bit more about SSL. Also known as TLS, SSL is a cryptographic protocol used to establish a secure communication between two systems. It is used to authenticate one or both systems, and protect the confidentiality and integrity of information that passes between them. To improve security and block known attacks such as POODLE and BEAST exploits, TLS has undergone several revisions. To meet the the new PCI Data Security Standard for safeguarding data, hosting environments must upgrade to a more secure encryption protocol called TLS v1.2 by June, 30 2018.
See if your web host is using TLS v1.2
Are you looking to improve the quality and security of your website
Entrust your healthcare site to an agency who has the expertise and experience to get it done well… and right. Please contact Practis today for a free evaluation of your site.