How to avoid a website “Not secure” warning on your dental website
You may have heard that dental practice websites without an SSL certificate are now showing a “Not secure” warning in Google Chrome and Mozilla Firefox. You may be confused about what https and SSL are and whether your practice website needs an upgrade with an SSL certificate. You may also be concerned about HIPAA compliance and online patient health information security. Fear not, in this blog post we will explain SSL certificates, https, HIPAA compliance and why you need to upgrade as soon as possible.
What is SSL
SSL stands for Secure Socket Layer. It might sound complex, but it’s quite simple. SSL certificates validate your website’s identity and encrypt the patient health information (PHI) sent to or received from, your site. This encryption layer keeps internet bad guys from spying on any data exchange between you and your patients. Requests for appointments and new patient sign-ups are considered patient health information (PHI), so it’s important for this information to be encrypted via SSL to comply with HIPAA and protect your PHI. When you have an SSL Certificate protecting your website, your patients can trust that the information they enter on any secured page is private and can’t be stolen or compromised by hackers or cyber criminals. SSL also gives website visitors and potential new patients a feeling of trust when they visit your website. Most people are now aware of the need for a secure website connection when they are providing information to a website. First.Dentist can install your certificate and secure your server, which will protect your PHI and practice from HIPAA and security issues.
What does the SSL certificate do?
An SSL certificate creates a secure tunnel through which information including patient health information, usernames, and passwords and more, can pass safely between an office computer, your website, a patient’s computer and your server. The information is secured with HIPAA compliant encryption protocols.
What are the benefits of having an SSL certificate on my practice website?
- Improves new patient trust and conversion. SSL Certificates inspire trust and show patients that you value their privacy.
- Improves practice branding and positioning. Internet savvy consumers like dental and medical practices that have modern, secure and functional websites.
- Encryption of patient health information. An SSL certificate protects your patient’s sensitive health information such as their name, address, password, or appointment information by encrypting the data during transmission from their computer to your web server. An SSL certificate is required by HIPAA to protect PHI.
- Better search engine visibility. Google favors websites with SSL, so you may get a search engine ranking boost.
- Prevents hacking and phishing. SSL certificates guard against phishing and hacking attempts. Hackers often attempt to spoof medical and other types of websites to obtain password and personal information. Hackers can’t get past SSL certificates. SSL helps your patients stay safe if your website is the victim of a phishing attack because they know your practice has an SSL certificate.
What happens if I don’t get an SSL Certificate?
“Not secure” warnings were implemented by Google Chrome in January 2017 for sites that do not use an SSL certificate and collect any type of information (including names, emails, appointment requests, etc.). Google will be rolling out the “Not secure” for all websites without an SSL sometime in early 2018. Internet users are learning to avoid sites that display this not secure warning. Patient health information (PHI) must always be encrypted according to HIPAA. All new patient contact and appointment requests are considered PHI. Any page that collects or displays protected health information, patient appointment requests, or which is used for logging users in, which transmits authorization cookies, etc., must be protected by SSL and must not be accessible insecurely. The first step to ensuring that you have a secure website is an SSL certificate. SSL certificates meet HIPAA’s data transmission security requirements regarding communications between the end user and your website. However, your SSL encryption configuration must be strong enough to meet HIPAA requirements. HIPAA requires a level of encryption tested by the National Institute of Standards and Technology (NIST) and judged to meet this standard. First.Dentist SSL certificates exceed the HIPAA standards for encryption processes.
Is an SSL important for my search engine rankings and SEO?
Google has stated that SSL certificates are a ranking factor for websites. Google is strongly pushing for a more secure web, and moving forward you can expect Google to increase the visibility of dental websites that use SSL certificates. Installing an SSL certificate correctly is a difficult and technical task. There are many steps and many important updates to your online profiles like Google Search Console and Google Analytics. Incorrect installation and setup can damage your search engine rankings profoundly. First.Dentist is a premiere SEO provider…we’ve been in the industry since 1997. We have a 50 point checklist that ensures your website is configured properly and that your rankings won’t suffer. You can trust we will install your certificate properly. We are also dental industry and HIPAA experts, so we can help you choose an SSL certificate that will offer HIPAA compliance and the top level of security.
First.Dentist website SSL upgrade features
- SHA-2 and 2048-bit encryption – the strongest on the market
- HIPAA security support and compliance – our SSL certificates are stronger than HIPAA requirements
- Improved Google search engine rankings
- Compatible with all major browsers
- Display a security seal on your site
- Complete installation and testing
- Website upgrade to implement SSL
How will people know my practice website is safe?
When a visitor enters an SSL-protected page on your website, their browser bar displays a padlock icon and the “https://” prefix in the URL address. While most internet users now know to look for those SSL indicators, you can also add a site seal to your website to show visitors your site is verified and secured. Visitors can click the seal to view your certificate’s status and details, seeing for themselves that it’s safe to send sensitive information to your website. Websites protected by a Premium EV SSL display a green browser bar as well, giving new patients the green light to book an appointment. The certificates we use support up to 256-bit encryption and work with all of the major desktop and mobile browsers on the market. They are HIPAA compliant.
What does First.Dentist do?
- Select your HIPAA compliant Premium Organizational Level SSL or Premium EV SSL
- Assist you in the process of applying for your SSL
- Install SSL certificate on domain
- Configure and test the SSL certificate
- Add HTTPS version of your site, configure analytics and reporting in Google Analytics, Google Search Console and other Analytics properties to update your reporting data
- Set up ranking monitoring to ensure that your search engine rankings are not impacted (there should actually be a positive impact in a few months!)
- Crawl your site to identify and fix any broken links or out of date website structures and make sure hard coded links are all updated to https links (this is superior for SEO and website performance to just using a plugin or a redirect)
- Update social links, hot linked images and other external links that may break the SSL certification
- Create new sitemaps and upload to Google Search Console, manage the upgrade process so the search engines can properly process your redirects
- Update Robots.txt, canonical tags and other important site code (JSONLD and schema) that can influence search engine rankings
- Implement HTTP Strict Transport Security (HSTS). This response header tells user agents to only access HTTPS pages even when directed to an HTTP page. This eliminates redirects, speeds up response time, and provides extra security
- Removal of insecure HTTP version of your website to comply with HIPAA
First.Dentist is happy to offer an affordable upgrade for your website to an essential security feature – HTTPS SSL certificates. Show your patients your site is safe, your practice is trustworthy, assist your Google search rankings, protect your practice and support your HIPAA compliance plan.
What is the cost
The cost is only a one time fee $599 plus the cost of your SSL certificate ($39 for an OV and $88 for an EV). SSL certificates must be renewed every year. Contact us today to upgrade your practice website to a secure connection at (800) 370-9045 or email us at [email protected]