Recently, we were involved in an interesting project with one of our client’s websites. Currently their organization falls under HIPAA guidelines and as their software development partner, we were tasked with helping maintain the security of their internal website used for case notes and patient tracking. Our developers provided a form that allowed their staff to enter in case note for patients, simple enough. However, the problem was that Chrome provides an automatic spell checker built into the browser. The spell checker takes text from each textbox and submits it back to Google, Google then provides suggestions for spelling. Our client, as we suspect most clients, did not have a HIPAA agreement with Google which was a security violation for their site. Ultimately the solution was to install a spell checker on the same server as the main internal website application, ensuring all case notes stay on the secure server and never leave. As in this instanace, sometimes the simple things are the most important.
If you have questions about your HIPAA compliance with a public or private website give us a call. We would be happy to discuss it with you.