Do you know if your practice’s website is being served over a secure connection?
It’s easy to find the answer. Look at the top of your browser window in the address bar. If your web address starts with “https,” then your site has a secure connection. Many browsers will also put a little lock icon next to the URL in the address bar if the site is secure. If the URL starts with just “http,” your site is not being served over a secure connection.
Chrome, a web browser run by Google, recently announced that it would begin marking all websites using insecure connections as “Not Secure” starting in July 2018. If your website has forms or other text input fields and is not using a secure connection, this notice is already showing up for your website in Chrome. Chrome is currently the most-used internet browser, holding over 50% of the market share worldwide, so this change will be noticeable to many internet users.
What does it mean to have a secure connection for your practice’s website, and why are browsers like Chrome pushing so hard for secure connections? Let’s dig in.
What Does HTTPS Mean?
HTTPS stands for Hypertext Transfer Protocol Secure. Sites with “https” use Secure Sockets Layer (SSL) to encrypt data. There are a lot of technical aspects to how this works, but essentially, any data transmitted between the web browser and the website is encrypted. This means that if the data is intercepted, it will be unreadable.
When you visit a site that is “https,” rather than just “http,” you can be assured that any information you submit is secure and protected. This is especially important for any site that processes private information like credit cards or even passwords. If you are buying something online, make sure that at a minimum, the credit card submission area is “https” to keep your credit card information secure. Anytime you need to enter login information or submit any other private information, you should also ensure that your information is secure.
Why HTTPS Is Important for Your Practice
As a medical practice, you’re well aware of HIPAA laws and your obligation to keep patient information secure and private. This extends to your website, as well. If your website has a contact form or appointment request form, you are required to take the necessary precautions to keep that information secure. Switching your site to “https” is the best way to ensure that the information submitted on those forms remains secure and private.
Browsers like Chrome, Firefox, and Safari already indicate that sites are secure by putting a little green lock icon next to the URL in the browser window. This is a subtle way of letting website visitors know that a site is secure. The planned security warnings will be more noticeable. Starting July 2018, Chrome’s plan is to have text that reads “Not Secure” next to all HTTP URLs in the browser. HTTP websites that have forms or text input fields already have the “Not Secure” warning in Chrome browsers, so this warning may already be showing up for your website if you have those features. It’s also important to keep in mind that other browsers may eventually follow suit with the standards Chrome has set for security in order to compete.
Browser security warnings can also affect the patient experience on your website. If a patient visits your site and sees a security warning, he or she may have be hesitant about continuing on your site out of concern that private information could be intercepted. Even if you have taken steps to make your forms and other submission areas secure, the “Not Secure” marker on the rest of your site may be a red flag for those patients. That’s not the type of impression you want to make. You want your patients to know that you will do everything possible to ensure that their information is always kept secure and private.
If your practice has a website, security should be a top priority. These upcoming changes by Chrome indicate that security is becoming increasingly important. As a medical practice, protecting your patients’ information is also very important. Give yourselves, and your patients, the peace of mind that comes with knowing private data is secure.