HIPAA compliance is more than SSL or TLS encryption

Even if your website has an SSL certificate, it may not be secure enough to handle HIPAA compliant information. MedForward offers a secure online forms solution for this specific purpose. In addition to the SSL, the security of the web server and organization should meet a data security standard. This standard covers such items such as:

• Type of firewall solution in place
• Physical security of the server
• Backup standards and how back ups are handled
• Training and processes for employees
• Processes for handling software source code
• Maintenance of audit trails
• Specific user accounts
• Encryption at rest, and
• Additional security requirements and processes.

Also, HIPAA requires that your organization has a business associate agreement on file with your vendor. Some business associate agreements state that the software can be HIPAA compliant if used and configured correctly. However, MedForward’s HIPAA compliant secure online forms service is configured specifically for this purpose, so it does not require an expert configuration to be used properly.