 |
|
|
|
|
|
||
      |
|
||
 |
 |
|
|
|
|||
 |
| Web & New Media Services |
| IRT Information |
HIPAA Compliance
Storing, sharing and working with patient-related data, commonly referred to as PHI or Personal Health Information, all fall under the requirements of HIPAA. Site owners and publishers are obligated to comply with HIPAA. IRT offers solutions for storing and working with private data. Please contact us through Web Help before beginning any project involving patient or other private information.
An Important Distinction: Access Security vs. Transaction Security
IRT offers a number of solutions to accomodate your unique security needs. These methods, however, only provide access security, ensuring that only the people you want to have access can get in to view or download your content.
They do not provide secure transmission of the content between the server and the user’s browser. For secure transmission, you must use the https:// URL method in linking and referencing the content. This method is required for all HIPPA-related data transmission. For more information about secure transmission, please contact WebHelp.
Secure by Directory
All the methods discussed are applied at the directory level. This means that all the contents of a given directory are secured, not the individual page. To secure a specific page, it must be located within a secured directory.
Stanford Web Authentication (WebAuth)
Stanford Web Authentication restricts site or page access to users in the Stanford community through the use of SUNet IDs.
Web materials can be restricted to all Stanford users or to specific users. More
Request WebAuth
How to implement WebAuth yourself
How to sponsor a SUNet ID
BasicAuth: Restricting Access by Username/Password
You can also limit your site, or parts of it, to users with specific usernames and passwords controlled by you. The advantage is that you can allow access by anyone you choose, with or without a SUNet ID. The disadvantage is that, in practice, this is a low-security method. It is not recommended for HIPAA or other high-risk data.
Restricting Access by Domain
Restricting access by domain is simple way to limit access to a site to computers within the Stanford Medical Center. You may have information that only pertains to personnel in your department, or sensitive information that the general population of Web surfers shouldn't see.
