Is Your Direct Primary Care Website Secure? Why It Matters and How to Make the Fix

by

We recently surveyed more than 700 DPC provider sites nationwide and found that only 1 in 5— a mere 20%—had a secure front-facing public website. Find out why this matters and how to make the fix, if you’re in the 80% who need to take action. 

The Why’s and How’s of HTTPS Website Security

If you are a Direct Primary Care Provider, providing outstanding medical care is your area of expertise. But you don’t need to be a Web Guru to learn about the difference between an HTTP and an HTTPS website, and why making sure your DPC site offers visitors a secure HTTPS site is important.

And even beyond that, as a consumer yourself in the online world, learning the difference between whether you are visiting a secure or non-secure site can help you make smart choices in your own personal online activities.

With all the talk surrounding consumer data and security in online activities, consumers are becoming more educated about privacy and security issues, and saying that “We just didn’t know” doesn’t cut it with the general public these days. So if you’re one of the 80% of DPC medical groups who don’t offer your visitors a secure site, you may want to pay attention.

What is the Difference between an HTTP Vs. HTTPS Site?

As you might already know, HTTP is short for Hyper Text Transfer Protocol, the protocol over which your browser and any website exchange data. HTTPS is a secure protocol, adding a level of security to online exchanges by encrypting communications between a browser and a website; HTTP does not add encryption, which means that information exchanged between a visitor’s browser and a website is vulnerable to hackers and other bad players on the internet.

3 solid reasons to switch your regular http-site to a secure site:

1. If you are asking your visitors to share any information, such as name, email address or other contact info, you need to assure your visitors that their information is encrypted and cannot be accessed by unauthorized parties. (And if you are not offering ways for your visitors to submit information, you would benefit from a consultation with a Web marketing specialist.)

2. Google itself is encouraging all transactions on the Web to be secure ones. Not only don’t you want your site to be flagged as an insecure site to a visitor, but your site may be downgraded in search returns (or not shown at all) if you don’t offer your potential visitors a secure website.

3. Some browsers send visitors an alert when they visit a non-secure site. This security alert calls your practice’s website into question, and that’s a dicey way to try to get off on the right foot with a potential client or patient. Savvy online consumers will not proceed to any site flagged as insecure.

How to Identify if a Site is Secure if It is Not Flagged By Your Browser

1. Look for the “Secure” icon in the address bar: If you’ve done much browsing online, you may have noticed that when you visit a site, in the address bar you’ll see either:

  • an icon of a lock before the URL in a secure site, or
  • a small lower-case ‘i’ encircled to the left of the site URL of a non-secure site.

2. Simply look at the URL and see if it says “HTTP” or “HTTPS” before the beginning of your website address.

What To Do If Your Site is Not Secure

If you’re aware that your own medical practice website is not secure, here’s what you need to do to convert your site to a secure one:

Purchase an SSL (Secure Socket Layer) Certificate from your website’s hosting company. Often a hosting company will do most of the configuring that will convert your site from HTTP to HTTPS.
If your hosting company can’t provide you with an SSL, you will need to find someone who is capable of carrying out all of the technical steps required, such as purchasing the SSL, generating keys, changing links to HTTPS, setting up redirects, writing a bit of code and taking the many manual steps required to ensure that the switch is both successful and complete.