When it comes to improving local search performance, you may be focused on optimizing keywords, title tags, and other proved SEO tactics. These are all important, certainly, but one strategy that is frequently overlooked when it comes to improving local search rankings is website security.

Why is the security of your healthcare organization’s website so important to SEO?
First of all, nearly 33% of the pages that rank in the top three on any given search are HTTPS enabled, essentially because Google sees these sites as trustworthy.

In 2014, Google officially confirmed that they boost rankings for HTTPS sites. Since then, other major search engines have followed suit. In early 2017, Firefox and Chrome started describing some HTTP connections as insecure as they continue the industry-wide push to promote the use of encrypted HTTPS.

And soon, people using a Google Chrome browser in "Incognito" mode will get a security warning for every site they visit that isn't protected with an SSL Certificate. This means any site that collects user information, whether in incognito mode or not, will be labeled as "Not Secure."

These are just a few of the reasons why security is so important for SEO. Next, let’s talk about which website components your healthcare site should focus on first.

Appointment Scheduling and Contact Forms
Many healthcare organizations and medical practices use forms to allow new patients to sign up for services and schedule their appointments. Often, these forms will ask patients to provide a reason for scheduling the appointment, including listing any physical symptoms or health concerns they may be experiencing. Those practicing telemedicine may also use online forms to answer patient questions and make diagnoses and recommendations about medical situations.

According to HIPAA regulations, when a customer provides information about their symptoms or health concerns through your website, that text is also considered Protected Health Information (PHI). Because your organization is collecting and storing this personal information, you are required to uphold HIPAA’s strict privacy and data security standards.

If visitors to your website will be entering credit card information to pay for a service or class, they will absolutely look for signs that their private information is secure. If they don’t see a security verification seal or SSL security icon, potential customers may abandon your site in favor of a more secure competitor.

Blog Posts
“If you don’t have spam protection and frequently get comment spam under your website posts, keep in mind that Google will hand out a ranking penalty just for that,” warns Oliver Sild, founder of WebARX Security. Sild added that SEO spam is a popular way for hackers to make money through your website. Having a CMS structured for security will help to ensure that all site elements, including blog post comments remain secure.

Steps You Can Take to Boost Your Site’s Security
The first step to get your medical website closer to HIPAA compliance is to encrypt any submitted form data with SSL technology. An SSL Certificate will encrypt your visitor's sensitive data, and also display your site with "HTTPS" in the address bar, letting visitors know you've made their security a top priority, and will avoid a "Not Secure" label on Google Chrome.

Google has also hinted that SSL may become more important when it comes to SEO and that sites without it may drop in their rankings. So, it’s best to get up-to-date on your website security now, before facing SEO penalties later.

Why Automation Makes Sense
In this recent post, our resident security expert, Jeff Allegrezza, explains that security isn’t just about technical controls that create firewalls or block ports – it’s also about process.

“It’s well known that people are the riskiest part of the security equation,” Allegrezza explained. “To deal with people and process, it’s best to use a security framework.”

Any healthcare organization with a web presence needs to have a process in place for monitoring and responding to security issues. However, since most of the attacks against websites are automated, it only makes sense that you would automate your security, as well. Allegrezza says that he prefers NIST frameworks, which are freely available, create a common language for security issues, and are heavily used in the healthcare industry because of HIPAA.

Want more help understanding how to tackle security challenges how find solutions architected with security in mind? Check out our white paper, Choosing the Best CMS for Healthcare.