Main Content

Your Portal Security Checklist

Posted on by Jenny Wan
Lock on Digital Screen

Your Portal Security Checklist

With continuous stories of hacking and breaches, it’s no wonder that portal security has become a hot topic in healthcare. Survey after survey of healthcare executives identifies cybersecurity as one of their top challenges.

Web portals play a critical part in protecting data and staying HIPAA-compliant; is yours keeping up with the demands? As you evaluate your portal, here’s a checklist to help you determine whether your portal is compliance-ready.


1. Does your portal use multiple methods for maintaining HIPAA compliance?

Does the portal use 24/7 monitoring and does it watch for potential hackers? Does it use encryption to protect the data and functionality? Is data encrypted in motion and at rest? Is your portal hosted in a center that is compliant with HIPAA, HITECH, PCI, and DOD standards?


2. Do your live chat and email tools protect personal health information?

When users access your live chat and email tools, does the content of the message leave the portal? Have the chat and email solutions you use been tested for HIPAA compliance and security? Does the portal keep a permanent record of your messages in case you need to audit them?

3. Does your portal let you create additional levels of security and restrictions?

Can you decide how soon a login account expires after a period of no use? Can you choose how many failed login attempts can happen before a user is locked out? Are you able to limit the types of data that can be seen by brokers or by your internal staff? Can you turn off functionality that shouldn’t be accessed by certain stakeholders?

4. Does your portal give end-users the ability to manage privacy and security themselves?

Do plan members have the ability to grant or deny their spouse access to their PHI? Can members securely give their physician or case manager access to their medical documents?


There is no “one and done” way to manage HIPAA compliance and data security. If you answered “no” to any of the questions above, you may need to consider whether your portal is as secure as it should be.

To learn more how to better secure your data through HPS’ portal solutions, schedule a demo.

Schedule a Demo