Q: One of my colleagues made a website accessible to invitees only. He plans to upload a spreadsheet that contains clients’ names and diagnoses. The spreadsheet will be password-protected. Will this website compromise our HIPAA compliance?
A: Posting patient-identifiable health information on any website, even if it is password-protected, could result in a breach of patient confidentiality. This situation requires a detailed review by your organization’s compliance officer before your colleague proceeds any further.
Chris Apgar, CISSP answered this question in the June 2010 issue of the HCPro newsletter Briefings on HIPAA. For more information about this newsletter visit the HCMarketplace .