What is SSL?
SSL means Secure Sockets Layer and it’s a security technology for making sure that the connection between a web browser and the server is encrypted. It’s the reason we can do banking online or online therapy without our personal information being stolen or connection hijacked. Without SSL you couldn’t safely use much of the internet. It’s the single most important security technology for the internet!
Why SSL matters for behavioral health therapists
HIPAA likely comes to mind immediately when web security is mentioned in the same sentance as mental health treatment. For those outside of the United States, web security also envokes thoughts of the various data protection laws. However, HIPAA isn’t why SSL should be a priority for therapists. SSL for protecting personal health information is a given. Without it you have an ATM card without a pin. Or worse, being able to withdrawl money from an ATM without a pin or a card! But, there are other reasons SSL is important for the therapist.
SSL doesn’t just protect transactions, it ensures the authenticity of content.
Let’s pretend we’re a therapist with a website from a company such as Therapy Sites. As you might know, Therapy Sites does not use SSL for therapist public webpages. You can see this for yourself by looking at the address bar — you’ll see http instead of https. The “s” means secure. (Even the Therapy Sites homepage isn’t secure!) Let’s pretend for a minute that I was a “bad guy.” Without SSL on your website, I could, quite simply create something called a “Man in the middle attack.” This means that I can impersonate your website and intercept traffic to your website, making your visitors think they’re seeing your content when in fact they’re seeing my content. This can be very dangerous and potentially tragic.
What if a client visits what they think is your website and encounter a form asking them for their personal health information? What if some particularly nasty hacker decides they want to convince your clients that suicide is a good idea? What if someone wanted to steer your clients to an illegal, imposter therapy practice? Without SSL, all of this is possible! There’s a reason that Google runs entirely on SSL. With SSL, you also protect the privacy of users visiting the site since anyone monitoring their web traffic would not be able to know what content they viewed. If you don’t think your site is “big” enough to warrant a concern about these things happening, then perhaps post your social security number on your website and see how long your identity would remain safe. (Actually, don’t do that, but the point is that security matters for all websites, not just popular ones.)
With SSL, you’re telling your visitors that the content they’re seeing is the content they should be seeing.
There are quite a number of web engineers that still don’t feel that SSL everywhere is necessary. I happen to disagree, however, what we all agree on is that sites relating to health or other sensitive topics should be secured with SSL — even if you aren’t collecting any personal information. The idea is that SSL doesnt’ just protect private information — it protects the integrity of your web content as well as preventing phishing attacks against your visitors. The outdated concept that SSL is only for “personal” or “banking” information is the reason many sites still don’t embrace SSL. They’re wrong.
SEO benefits of SSL
Within the past two years, Google has increased the search engine optimization value of SSL websites. The means that if Therapist A and Therapist B have an identical website, the SSL secured one will rank higher in Google. The reason is that sites secured with SSL are deemed more trustworthy because one can be sure that the content they expect is the content they’ll get. Google also wants to have SSL everywhere and using their search rankings is a good way to incentivize this behavior.
What you should do?
You shouldn’t host any content on the web unless it’s secured with SSL. You’re in a sensitive business — the security of your web visitors is critical even if they’re just consuming static, informational content.