What is HIPAA compliant hosting?

You may have seen HIPAA compliance appear  in your search for a secure web hosting provider, but what exactly is a HIPAA server? What is HIPAA, for that matter? You may also be wondering if you  need to be using a HIPAA compliant server? These are all great questions!We first need to start with the term HIPAA, as it’s quite a vital piece to understanding when a HIPAA compliant server is necessary.

hipaa compliance hosting

What is HIPAA?

The Health Insurance Portability and Accountability Act of 1996 (more commonly called HIPAA) mandated necessary protocols be defined and followed when handling Personal Health Information (PHI). PHI records are any form of medical record that contains information which can identify an individual person. The purpose of HIPAA is to ensure the integrity and confidentiality of the sensitive data within these kinds of records. The 2010 Health Information Technology for Economic and Clinical Health Act (HITECH) modified HIPAA to include electronic Personal Health Information (ePHI). Also, sometimes called Electronic Medical Records (EMR).

What is a HIPAA server?

A HIPAA compliant server is one that follows the guidelines defined by HIPAA to prevent medical record information data breaches. ePHI data breaches can be detrimental to individual or entity reputations and result in severe legal consequences.  In part 164 of the Code of Federal Regulations (CFR) within HIPAA, it specifies: 

Paragraph 164.308(a)(1)(i) Standard: Security Management Practices—Implement policies and procedures to prevent, detect, contain, and correct security violations.

HIPAA mandates that entities handling PHI data adopt and invoke their own set of policies to protect the integrity and confidentiality of these records. It’s up to the individual entities to determine how to approach these aspects of protecting the data. The following is a list of sample policies that address these requirements and would constitute a valid HIPAA server:

  • Physical Data Storage Security: Any media or servers which contain ePHI data, must be secured from unauthorized physical access. This often includes using locked cages or cabinets.
  • Physical Data Destruction Security: Destruction of ePHI data, is usually peer-reviewed and logged by a chain of custody certificates that explicitly state how the data was destroyed.
  • Data Access Security: Maintaining remote and physical access control lists and chain of custody logging to ensure every time the data is accessed, it’s by an authorized and documented individual.
  • Data Integrity Security: This generally takes on the form of action logging, in addition to chain of custody logging. Any form of action done to the data must be documented and logged.
  • Data Transfer Security: When transmitting data over network interfaces, the connection must be encrypted end-to-end to insure security.
  • Data Breach Reporting: Anytime there is a breach of HIPAA policies, the breach and potential impact of the breach must be documented, logged and reported immediately.

When do I need a HIPAA server?

A HIPAA compliant server is necessary only when storing, transferring, reading, displaying or otherwise accessing any form of data that contains individually identifiable Health Information. Anonymous medical data is not subject to HIPAA or HITECH and is not required to be secured in the same way. In general, if you’re not in the Health Industry, there is no need for a HIPAA compliant server. The CFR part 160.103 specifically defines Health Information as:

Health information means any information, including genetic information, whether oral or recorded in any form or medium, that:

(1) Is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and

(2) Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.hipaa compliance hosting

How can Liquid Web help?

Liquid Web has you covered! We have designed a robust suite of HIPAA-compliant, fully managed hosting solutions. We take care of all the necessary policy enforcement and documentation with the day to day systems administration of your HIPAA servers. Our support staff is fully armed with the required knowledge to enforce our HIPAA procedures. You can rest assured that we will handle any necessary HIPAA related actions when working on one of your HIPAA servers. You can see a full list of these policies, how we enact them, and our HIPAA compliant offerings here: HIPAA Compliant Data Centers & Solutions. You can even chat with a HIPAA Specialist right away to answer any looming questions you may still have.

 

Is there a way to stop bots from being able to crawl add-to-cart links on my site?

Having search engines crawl add-to-cart links and other unwanted pages can damage your SEO rankings. Add-to-links can cause more specific issues because those pages are not cached, and this can also increase your CPU and memory usage as they are hit repeatedly.

Fortunately, it is very simple to adapt your site’s robot.txt file to make sure Google and other search engines are only the crawling pages you want. You can these lines of code into the site robots.txt file, specifically to address the add-to-cart links:

User-agent: *
Disallow: /*add-to-cart=*

When you add these lines to the robot.txt file the file is not saying that any search engine that hits the site cannot index your add-to-cart links.

We also recommend that you adapt your robots.txt file to disallow indexing of the cart, checkout and my-account pages, which can be done by adding the lines below, to the same file.

Disallow: /cart/
Disallow: /checkout/
Disallow: /my-account/

Is there a way to display the stock status in a dropdown for product variations on my store?

Do you have products that tend to sell out, or that you typically sell in bulk? It can be beneficial to display the available product quantity to ensure your customers can order the quantity or volume they need.

Displaying your stock availability is as simple as adding a quick code snippet to your theme’s function.php.

How can I add external/affiliate products to my store?

If you sell products as an Amazon, or other company affiliate, then you probably want to mark those products as external or affiliate products. This is something you can do within a default WooCommerce install, and it requires no special plugins or code.

First, add your new product, then choose External/Affiliate product from the Product Data dropdown menu.

In this section you can set the external URL, any special button text, and the price.

Example:

How do I enable multiple products to be added to cart on my store?

Online shopping is one of the great conveniences of this age, and anything you can do to make purchasing easier is appreciated by your customers and likely to bring in more revenue through your store. An easy way to enable more sales is allowing customers to add multiple products to the cart, without having to leave their current page.

Offering this functionality is as simple as installing the WooCom Add Multiple Products plugin and using the newly added widget.

In addition, you can use this shortcode to add the input form to other pages:

[wamp_product_input]

From there, you can then choose which individual products this ability applies to via your settings page.

Is there a way to conditionally show or hide checkout fields for specific products or product categories in my store?

WooCommerce out of the box is great. It helps you quickly build a checkout process, gives you basic reporting, provides you with a way to add products to your store, and even helps setup shipping for you. But what happens if you want a little more control over your checkout process? What if you want to push the boundaries a bit and hide some checkout fields from the checkout process on specific products or product categories where those fields don’t make sense?

That’s what we’re going to cover in this tutorial.

The only way I currently know how to remove checkout fields is by doing it with code. Let’s start out simple by setting up a simple function to remove a checkout field. This is very basic. Simply add the following to your theme’s functions.php file (or create a simple plugin that you could add this to.)

What’s great about this code snippet is that you can add any fields you want removed from your checkout process.

Note: You do want to be careful with this though. Removing fields from your checkout process can cause you to not get enough information from the purchaser.

While this removes a checkout field, it doesn’t do it for specific products or product categories. Let’s move into that next.

Product Specific Conditional

Ok, when you want to conditionally remove a field based on if a product is in the cart or not, we need to do a little more work. We’ll be building off of the initial function we just went over.

We first need to create a new function that checks to see if a specific product ID is in the cart. We’ll have an array in there, so we’ll be looking for multiple products, which is helpful if you have multiple products that you don’t want to have a field/s show up in the checkout process.

After we have the array of product IDs, we then create an array of products that are in the cart. We’ll loop through the IDs and see if any of our product IDs are in there. If we find one (or multiple), we return true. This way we can use that true in our removal checkout field function.

Here’s the function for our products and the products that are in the cart.

In the first array, you can change those product IDs to match the IDs of the products you’re looking for.

With this additional function, we now need to go back to our other function and make a slight change. We need to check to see if our function returns true or false. Here’s that logic added to our first function.

That’s it. We can now search for specific products and remove checkout fields if those products are in the cart. In the next section, we’ll look at adapting our code to look for specific categories.

Product Category Conditional

Using similar code that we did previously, we can modify one function to check for categories instead of product IDs.

The biggest difference here is that we initially need to have an array of categories instead of IDs. We then need to figure out the cart products and what categories they belong too. This is a bit more complicated so there are a few foreach blocks to get to the categories.

We then compare the product categories we have in our array with the product categories that are in the cart. If our categories exist, we’ll return true, otherwise we’ll return false. Here’s that code with some comments for assistance.

And all we need to do is look at our second function and replace wc_ninja_product_is_in_the_cart() with our new function wc_ninja_category_is_in_the_cart().

How can I use ACF Pro to add custom tabs to WooCommerce products?

Advanced Custom Fields Pro is a plugin that allows you to do a number of things. However, in this tutorial, we’re going to walk you through how to add custom tabs to WooCommerce products.

Please note that this tutorial is a bit of a developer tutorial. You will be adding some code to your theme’s functions.php file and adding another php file to your theme. You also need to make sure that you have the Advanced Custom Fields Pro plugin installed and activated on your site.

The first thing you need to do is create a new file in your theme’s folder. We’ll call it acf-fields.php. We’ll add the following code to the file.

This code is what creates the ACF repeater fields and thus creates the tabs on your WooCommerce product.

Next, you’ll need to add this code to your theme’s functions.php file. This will set up the tabs in your theme.

With both files being uploaded to your site, you will now have ACF custom tabs on your WooCommerce products.