I was hoping someone with some experience with coding HIPPA-compliant offsite storage databases and/or e-commerce experience in a secure environment could help me with a couple of questions?
How can I secure a website against eavesdroppers? I assume I need an https connection for all pages transmitting or receiving unencrypted records / login information, do I also need a dedicated IP?
Bluehost.com is my provider and they are offering an ssl certificate and dedicated IP address along with some extra features for ~$240/month which seems out of reach at the moment.
I understand how to encrypt records to protect against unauthorized access/theft of data, and have even taken measures to protect against rainbow tables by salting the encryption and iterating through encryption 1000 times as I learned in this article.
I am just worried that about anybody could theoretically eavesdrop on a regular http connection (plain text, right?) so I have not transferred any patient records or anything else to the web quite yet.
Any general/specific advice would be greatly appreciated. I like to read if you have some links or resources you would like to point me towards, bring them on.