Please do not send any personal health information through this form.
Email communication is not secure. Do not share your health information via email.
No matter how it’s worded, even in giant blinking letters, whenever there is an opportunity to type text into a message area, people will, without fail, share personal information through website Contact Us forms. This likely triggers a whole process of information deletion at the receiving end, and is a constant privacy concern for security officers. It is the responsibility of health care providers to ensure that information is handled properly, even if it was improperly sent through your website.
There are hundreds of available website Content Management Systems (CMS), but few are optimized for displaying health care services or gathering Personal Health Information (PHI) from patients and clients. Caredove takes your website security seriously, and we have a few tips to help boost your site's integrity and improve the management and security of PHI.
This turns the "http" at the beginning of your URL to "https" which encrypts requests and responses between your website and the website viewer. This also makes your website harder to hack, protecting your information and any client information that might be held in your website. Having a site secured with an SSL certificate is the bare minimum of security measures you should implement on your website, especially if you are promoting healthcare security and privacy standards in your workplace. It is the most standardized "stamp of approval" for a website's authenticity and trustworthiness. Depending on your website provider, you can get free or low cost SSL certificates that are simple to implement.
Hacker bots can scan thousands of web pages every day looking for an exposed email address. These email addresses are then victim to higher volumes of spam and junk mail, which can be an insidious way for hackers to gain access to your private information through a scam process called phishing. If a team of receptionists or front desk staff are sharing access to a general email inbox, any one of them could fall victim to a phishing scam, where they are tricked into entering passwords or credit card information into a fake form, handing over the keys to their virtual lives to an unknown hacker.
Contact forms are an excellent way to gather leads and handle incoming inquiries from your website. But there are several reasons why a contact form is NOT the best way to gather information about your clients. Contact form submissions likely land in a general email inbox for your organization, managed by multiple front desk staff. Overall, email is NOT a secure place to hold patient information.
If your contact form is NOT going to a general email inbox, that means that the data is stored directly in your CMS. The top five website Content Management Systems under attack in 2018 were:
These CMS are at risk of compromising any PHI you have stored in your website. Many CMS have servers all over the world, which means your client PHI could be travelling to countries with much less strict privacy standards than Canada. Storing PHI outside of Canada might be in breach of your organization's privacy and security standards.
Contact forms can be integrated to lead pipeline software like Hubspot or Salesforce, making it easy for your sales team or intake staff to action leads without living in an email inbox. Even if you have an integration to one of these softwares, which ensures leads and PHI does not land in an email inbox, many of these lead tracking softwares are not PIPEDA and HIPAA compliant, meaning they do not meet Canadian and American healthcare privacy and security standards. If you are handing PHI in one of these systems, make sure that they are meeting the healthcare standards necessary to properly handle your client information.
You will likely be able to make things clearer if you manage service requests in a compliant system like Caredove.
Caredove can embed a secure contact form on your site, or build and host your entire website if you are concerned about your site's overall security. We guarantee a secure, responsive and beautiful website, with all your Caredove services and contact forms seamlessly integrated, making it easy for patients and clinicians to send service requests from their computer, tablet or phone. Learn more about our WebBuilder, and how we can improve your website security and your client experience.