HIPPA and SSL – What you Need to Know:
As hospitals and healthcare related business rely more and more on web based applications and web accessible information, HIPAA requires all web sites making available protected health information (ePHI) must be compliant. The first step in meeting HIPAA compliancy is making sure that your website is secure and protected by SSL.
Levels of SSL:
Domain Validated SSL Certificates
The Domain Validated SSL Certificate validates the domain is registered and someone with admin rights is aware of and approves the certificate request.
The validation process is normally performed via email or DNS. The owner is requested to prove admin right by receiving and confirming an email sent to an administrative email for the domain, or by configuring some specific DNS records for the domain.
The order normally takes from a few minutes to a few hours.
If the certificate is valid and signed by a trusted authority, the browsers indicate a successfully secured HTTPS connection.
Organization Validated SSL Certificates
The Organization Validated SSL Certificate (OV certificate) validates the domain ownership, plus organization information included in the certificate such as name, city, state and country.
The validation process is similar to the domain validated certificate, but it requires additional documentation to certify the company identity.
The order can take from a few hours to a few days, due to the company validation process.
The Organization Validated SSL Certificates display the company information in the certificate details.
Extended Validation SSL Certificates
The Extended Validation SSL Certificate (EV certificate) requires an extended validation of the business. It validates domain ownership and organization information, plus the legal existence of the organization. It also validates that the organization is aware of the SSL certificate request and approves it.
The validation requires documentation to certify the company identity plus a set of additional steps and checks.
The order can take from a few days to a few weeks, due to the extended validation process.
The Extended Validation SSL Certificates are generally identified with a green address bar in the browser containing the company name.
Single-name SSL Certificates
Single-name SSL certificates protects a single subdomain (hostname).
For example, if you purchase a certificate for www.example.com it will not secure mail.example.com.
On sole discretion of the certificate authority, if you purchase a single-name certificate for the www hostname (www.example.com) the certificate may also include the root domain.
Wildcard SSL Certificates
Wildcard SSL certificates protect an unlimited number of subdomains for a single domain.
For example, if you purchase a certificate for *.example.com it will secure foo.example.com,bar.example.com, etc. However, it will not secure foo.else.example.com.
Multi-Domain SSL Certificates
Multi-domain SSL certificates protect different domains with a single certificate.
You can normally secure a combination of different subdomains from different domains.