Have you ever noticed that some website URLs start with “http://” while others start with “https://”? What does the ‘s’ in https:// mean?

Simply put, the ‘s’ represents a website with SSL (Secure Sockets Layer) technology. SSL technology secures and encrypts any data that your patients and web visitors share with your practice’s website.

There is no requirement that your dental website must have this technology. However, there are four reasons why practices should not consider it optional any longer.

What is an SSL certificate?

Secure Sockets Layer (SSL) certificates (also called digital certificates) are used to establish an encrypted connection between a patient’s or visitor’s web browser (such as Google’s Chrome or Apple’s Safari) and the server that hosts your practice’s website. SSLs use complex cryptography to ensure that sensitive data — which is exchanged during each visit — is not intercepted by unauthorized third parties.

Let’s use a virtual consultation form as an example.

Imagine a patient lands on your website and sees a form requesting their name, contact information, date of birth, some information about their dental health, and even a few photos.

The patient fills out their sensitive, personal information and submits it through the form. They have entrusted your business to keep their information confidential and use it only for the purposes of treating them.



If your site isn’t secure, the information that was submitted on the form is susceptible to what’s called a “man-in-the-middle attack.” As soon as the patient hits “submit”, the information can be intercepted, copied, and sent to hackers on its way to the servers without anyone knowing.

On the other hand, if your practice is secure, your webserver will form an instant, secure connection to the patient’s browser. The simplest way to understand SSL certificates is to think about it like a sealed envelope! When you mail a letter or bill, the envelope keeps your information safe and private during transit.

To encrypt the information, random characters are added to the submitted information so that it can be accessed only with an encryption key. Without the key to break the encryption, the information is useless to hackers and outside parties.

So, let’s discuss four reasons why SSL certificates are no longer optional for dentists and orthodontic practices.

Reason #1: Accepting any patient information on an unsecure site could potentially be a HIPAA violation

Most of the time, yes. If you’re using your website only for listing your front desk phone number and directions to your office, you may not require SSL.

However, if sensitive patient data is being submitted through your site, an SSL certificate helps your website is HIPAA compliant. HIPAA documentation is purposefully vague when it comes to telling you how to secure your website.

“There is no HIPAA SSL rule, there’s no HIPAA encryption standard. Instead what HIPAA lays out are a set of responsibilities. How you accomplish them is honestly up to you. In reality, there’s only a select few options that will successfully perform those tasks. So while HIPAA doesn’t explicitly spell out that you must use SSL certificates and HTTPS, it makes clear what needs to be done.” – TheSSLStore

Reason #2: Patients and website visitors no longer trust websites (or businesses) that are unsecure

This one is simple and straightforward. According to Hubspot Research, 85% of consumers in the US “will not continue browsing if a site is not secure.”



Why do they “bounce” (leave your website without spending any time on it)? Because browsers warn them with these big warnings.