Website Update: New Security Features Go Live!
By Adam Pick on October 14, 2017
I get lots of excellent questions about heart valve disease from our patient community. And, I do my best to answer those questions to help educate and empower people just like you.
Recently, I’ve received a different type of excellent question specific to our website. That question is, “Is HeartValveSurgery.com secure?”
The simple answer to this question is “Yes”. This website is designed to be secure. The long answer to this question is much more complex. That said, I wanted to share with you several updates specific to the security that protects you, our community and the information shared at this website.
First, I want you to know that I am personally committed to making every member of this community feel safe. In a world full of cyber attacks and hacking, I have spent a good amount of time learning about security. When I realized that I did not have all the skills needed to keep up with the changes in website security, I hired consultants, programmers and security experts to ensure that HVS is taking all steps needed to protect this community.
Second, in January, 2017, I hired a team to audit and evaluate the security of HVS. During the audit, I learned there were opportunities to enhance the security of HVS – specifically around HIPAA.
Over the next 3 months, we embedded several new physical and administrative controls to guard information that was shared across HVS. The results of this “Journey to HIPAA Compliance” were fantastic. On March 6, we received an attestation letter from a security consulting firm that our website was HIPAA compliant.
Did I stop there to ensure the security of HVS?
After we received the attestation letter for HIPAA compliance, I decided it was time to put the entire website in a secure, encrypted environment.
You might think this is no big deal. You might think that putting an SSL certificate across HVS is easy to do. However, this migration from a “HTTP” to a “HTTPS” was a monster! The reason is that HVS is 11 years old and has 10,000+ pages of information. There are many different systems that power the website you see. These systems “talk” to each other. So, if there is an issue with one system, the other system might get confused. If that happens… problems occur and the website breaks. Not good.
For this reason, we needed to ensure that all steps were taken to ensure a smooth, effective migration. As a result, I hired another consultant to coach me and our programming team through this process. In total, we worked on this migration for over two months. We had three separate check-lists to guide this migration before, during and after the shift to a secure server system.
Today, I am happy to report that the migration to a site-wide HTTPS environment is complete. To see this, simply check your browser URL address. You will notice that every single page on this website is now in a secure “HTTPS” mode. (If you didn’t know, that extra “S” means secure.)
Am I done enhancing the security of HVS?
The answer is no.
There will always be new and different strategies to make this website more secure. That said, I hope this post helps you learn about the efforts and resources I am extended to provide you a secure environment to get educated and empowered. If you have any questions, please let me know.
Keep on tickin!