As a trained HIPPA privacy Business Associate, it concerns me that so many therapists think so little of their clients privacy they don't bother to encrypt their websites with HTTPS. Perhaps they just haven't thought it through and don't realize that an unencrypted website leaves their site visitors vulnerable to what's called a "man in the middle" attack. This can occur when a viewer is on a shared network, such as school, work, an airport or coffee shop. Others on the same network can see what they're viewing and, if they are malicious, insert false information.
Google is starting to come down hard on these websites, downgrading them in search results and warning viewers who input any type of information on a website form. And that's a good thing, because we can use all the privacy we can get.
So how do you make your website secure? Step one is obtaining an SSL certificate from a reliable source. Some are free, some charge an annual fee. Step two is setting up your certificate with your domain name server, and step three is fixing any problems in your website which prevent you from seeing a green padlock on your website.
In researching over 100 websites, I noticed that a handful of therapists had obtained security certificates and still did not have a green padlock. This occurs when a certificate is not installed properly with the domain name server (DNS) or when there are issues within the website preventing certification (WordPress is notorious for this).
If you are technically oriented you can probably purchase a certificate, install it on your DNS, and fix any errors in your website. If you're not that technical, or if you've purchased a certificate and still don't have the green padlock, you may need to hire a professional who will ensure it's done correctly. And it's not necessarily expensive; you can probably get it done for about what you would charge for a couple of sessions. But please, for your website visitors protection and your own peace of mind, encrypt your website.
Suzanne Bradley is a professional website designer, Google Partner, Certified SEO specialist, and certified as a HIPAA privacy Business Associate. She can be reached at "firstname.lastname@example.org" or by phone at 317.586.8708.