HIPAA compliant web form

randomizer82

I have a project with a physician's office that involves converting all of their patient forms to an online php web form. What would be the best approach to ensuring that all of the data being submitted by patients is encrypted properly in order to comply with HIPAA standards? What does the physician's office need to do on their end to decrypt the data? Is it advisable to install TLS/SSL on their web server as well?

Does anyone know of a website anywhere that explains step-by-step how to do all of this the right way? The only websites I've been able to find are ones that talk about it a little bit, but then end up trying to sell you software as the quick-fix solution.

Thanks.

dagon

not something i would be jumping in to with out some serious experience with security

randomizer82

Thanks for the reply, but I really do need to come up with a solution for this project. I don't mind learning whatever I need to learn and taking whatever steps need to be done in order to complete this project the right way. Is there anyone on this forum that does have enough security experience to advise me properly? Would it be better to outsource this project? If so, does anyone have any recommendations as to who I can contact?