SSL: Why having a secure website is no longer optional for dental practices
Have you ever noticed that some website URLs start with "http://" while others start with "https://"? What does the 's' in https:// mean?
Simply put, the 's' represents a website with SSL (Secure Sockets Layer) technology. SSL technology secures and encrypts any data that your patients and web visitors share with your practice’s website.
There is no requirement that your dental website must have this technology. However, there are four reasons why practices should not consider it optional any longer.
What is an SSL certificate?
Secure Sockets Layer (SSL) certificates (also called digital certificates) are used to establish an encrypted connection between a patient’s or visitor’s web browser (such as Google’s Chrome or Apple’s Safari) and the server that hosts your practice’s website. SSLs use complex cryptography to ensure that sensitive data -- which is exchanged during each visit -- is not intercepted by unauthorized third parties.
Let’s use a virtual consultation form as an example.
Imagine a patient lands on your website and sees a form requesting their name, contact information, date of birth, some information about their dental health, and even a few photos.
The patient fills out their sensitive, personal information and submits it through the form. They have entrusted your business to keep their information confidential and use it only for the purposes of treating them.
If your site isn’t secure, the information that was submitted on the form is susceptible to what’s called a “man-in-the-middle attack.” As soon as the patient hits “submit”, the information can be intercepted, copied, and sent to hackers on its way to the servers without anyone knowing.
On the other hand, if your practice is secure, your webserver will form an instant, secure connection to the patient’s browser. The simplest way to understand SSL certificates is to think about it like a sealed envelope! When you mail a letter or bill, the envelope keeps your information safe and private during transit.
To encrypt the information, random characters are added to the submitted information so that it can be accessed only with an encryption key. Without the key to break the encryption, the information is useless to hackers and outside parties.
So, let's discuss four reasons why SSL certificates are no longer optional for dentists and orthodontic practices.
Reason #1: Accepting any patient information on an unsecure site could potentially be a HIPAA violation
Most of the time, yes. If you’re using your website only for listing your front desk phone number and directions to your office, you may not require SSL.
However, if sensitive patient data is being submitted through your site, an SSL certificate helps your website is HIPAA compliant. HIPAA documentation is purposefully vague when it comes to telling you how to secure your website.
“There is no HIPAA SSL rule, there’s no HIPAA encryption standard. Instead what HIPAA lays out are a set of responsibilities. How you accomplish them is honestly up to you. In reality, there’s only a select few options that will successfully perform those tasks. So while HIPAA doesn’t explicitly spell out that you must use SSL certificates and HTTPS, it makes clear what needs to be done.” - TheSSLStore
Reason #2: Patients and website visitors no longer trust websites (or businesses) that are unsecure
This one is simple and straightforward. According to Hubspot Research, 85% of consumers in the US “will not continue browsing if a site is not secure.”
Why do they “bounce” (leave your website without spending any time on it)? Because browsers warn them with these big warnings.
It’s hard enough to get website traffic. Imagine wasting 85% of it.
Dental practices cannot afford for 8-9 out of every 10 prospective patients to go to a competitor’s website instead.
Reason #3: Google and other search engines now include SSL in your ranking
If this feels like a double-whammy, it’s because it is. Not only could you 85% of your website visitors leave your site immediately, but the total number of visitors you received could be less too.
Google and other search engines have recently begun including site security in their rankings. As a local business, it’s important to rank near the top when prospective patients search terms like “dentist near me” or “braces in [city].”
Reason #4: You cannot conduct virtual consultations using SmileSnap without a SSL certificate
How do I know if my site is secure?
When you visit a website with SSL, you’ll notice a few distinct differences. First, you'll see a little padlock icon in the web address bar, where the website’s URL appears. That padlock will appear on either the left-hand or right-hand side, depending on the browser you’re using. You can click on the padlock to read more information about the website and the company that originally provided the SSL certificate.
Second, you’ll notice the URL says "https://" rather than "http://". It should look like this
Are SSL certificates expensive?
SSL certificates range in price based on the company that offers them and the number of website visitors you get. Cloudflare offers security for free to lower-traffic websites. For medium size businesses, the price is usually in the range of $150-250 for a full year.
Some web agencies may charge hourly to add security to your site. If you are hosting your own website with a hosting company like GoDaddy, you can usually secure it yourself in less than 10 minutes.
How do I get SSL if my website doesn’t have it already?
There are many ways to go about getting an SSL certificate. It would be best to speak with your company IT contact or designer who created your website. Generally SSL Certificates need to be issued from a trusted Certificate Authority (CA). Browsers, operating systems, and mobile devices maintain lists of trusted CA root certificates.
While SmileSnap does not recommend or endorse one Certificate Authority over another, we can disclose that we use Cloudflare.