Experienced offliners only!

by abbot Banned
14 replies
I received possibly the largest lead so far. It's a hospital. I have some questions for some of you who have handled large accounts before. Though I do not wish to post them public. I would love the opportunity to have a quick conversation via skype. Please PM me for my skype name.

One question that I have that I'm willing to post public is;

Everything with this new website will have to be secure. I'm wondering what your suggestions would be for hosting. What provider would you use? I have always used Host Gator and loved them. What type of hosting would you recommend? This will be a pretty dynamic/large website.

This is huge to me and I have worked very hard to get this account. I would truly appreciate some advice from some seasoned offliners that have experience with large accounts.

Again, If you have a couple minutes PM me your skype and let's talk.

Thanks,
#experienced #offliners
  • Profile picture of the author ksetu
    What exactly you are offering to them? If you can let me know, I can help.
    Signature
    Are You Still Selling SEO Services to Local Businesses?You Are Mistaken. Learn What They Need in This New "Local Goldmine" Course. Use Coupon: 15PERCENT
    {{ DiscussionBoard.errors[7294787].message }}
  • Profile picture of the author iAmNameLess
    What needs to be secure? I'm kind of shocked the hospital doesn't have their own network and own server on location? That would obviously be the place to HOST the website since they have their own network and tech team to handle that. When you say big website, how big?
    {{ DiscussionBoard.errors[7294791].message }}
    • Profile picture of the author abbot
      Banned
      Originally Posted by iAmNameLess View Post

      What needs to be secure? I'm kind of shocked the hospital doesn't have their own network and own server on location? That would obviously be the place to HOST the website since they have their own network and tech team to handle that. When you say big website, how big?
      They are a "sister hospital" the main hospital does have their own website. It's horrid but they do have an on staff team for updates/maintenance.

      Problem is, their networking team is an absolute joke. For me to "middle-man" this project would be a nightmare. They have already spoke about a separate website on the same server and it was denied. See, the larger hospital conquers the market here since they are the only one. Thus, they lack the marketing attention. It's a fairly long story...

      Conclusion is, If I could find a self hosted solution, it would make this much easier. They really lack in the IT / networking department.

      I'm going to take an estimate that the mid/end result of the website will consist of 500-1k pages/posts of content. It will also use other applications like patient portals, EMR's etc...

      It's hard for me to give you an exact answer at this time. It was my first meeting with the board. It will be built over time and not all at once (obviously) I do know that they will be dedicating staff to this website for content purposes.

      EDIT: To answer your question about "what needs to be secure". I'm just concerned about the overall protection of the website. With HIPPA policies, and other confidentiality compliance laws, it's imperative that this thing is a tank..the last thing I want is to be held responsible for some type of breech. (a contract will be put into place for this)
      {{ DiscussionBoard.errors[7294855].message }}
      • Profile picture of the author iAmNameLess
        Originally Posted by abbot View Post

        To answer your question about "what needs to be secure". I'm just concerned about the overall protection of the website. With HIPPA policies, and other confidentiality compliance laws, it's imperative that this thing is a tank..the last thing I want is to be held responsible for some type of breech. (a contract will be put into place for this)
        Well... the problem is, you need a CMS, and every CMS is database driven and easily exploitable to a certain extent. If someone else is going to be maintaining the website, then the issue is not with you, it is going to be the maintenance team to keep updating the site, updating components and everything to avoid exploits over time. USUALLY, the biggest exploit you'll have is some sort of SQL injection. That's easy to fix.

        The pages itself, should be fine. Why would you have patient forms on the website? Are you going to have some kind of public logins and registrations to access the site?

        I'm still surprised that branch, sister hospital, whatever, doesn't have a server in house. My recommendation would be to get one, and host it there on location, but I understand not wanting to go through all that. Hostgator is good... but I guess it would be hard for me to help you without understanding the full scope of the project.

        If it is just content, and there are no records kept on the website of patients, then host it on hostgator..
        {{ DiscussionBoard.errors[7294913].message }}
        • Profile picture of the author abbot
          Banned
          Originally Posted by iAmNameLess View Post

          Well... the problem is, you need a CMS, and every CMS is database driven and easily exploitable to a certain extent. If someone else is going to be maintaining the website, then the issue is not with you, it is going to be the maintenance team to keep updating the site, updating components and everything to avoid exploits over time. USUALLY, the biggest exploit you'll have is some sort of SQL injection. That's easy to fix.

          The pages itself, should be fine. Why would you have patient forms on the website? Are you going to have some kind of public logins and registrations to access the site?

          I'm still surprised that branch, sister hospital, whatever, doesn't have a server in house. My recommendation would be to get one, and host it there on location, but I understand not wanting to go through all that. Hostgator is good... but I guess it would be hard for me to help you without understanding the full scope of the project.

          If it is just content, and there are no records kept on the website of patients, then host it on hostgator..

          There will be no patient information physically hosted on the server, I'll make sure of that. If the need comes to the table, I'll have them host that information.

          There will be a patient portal in which yes, patients will be given personal login information allowing them to log into the portal and request appointments, request prescription refills, etc..But it will be just that. No viewing of medical charts, medical history or any of that on my servers.

          I did recommend local hosting. However the same board that denied working with me would approving or denying the funding to setup, and train new employees. I would rather just do this myself. It would be a massive headache trying to be "drug runner" between the two.

          I do know that the main concern would be the database. I intend to make recommendations to help prevent any exploits.

          Would you recommend a reseller or vps?
          {{ DiscussionBoard.errors[7294958].message }}
          • Profile picture of the author iAmNameLess
            Originally Posted by abbot View Post

            There will be no patient information physically hosted on the server, I'll make sure of that. If the need comes to the table, I'll have them host that information.

            There will be a patient portal in which yes, patients will be given personal login information allowing them to log into the portal and request appointments, request prescription refills, etc..But it will be just that. No viewing of medical charts, medical history or any of that on my servers.

            I did recommend local hosting. However the same board that denied working with me would approving or denying the funding to setup, and train new employees. I would rather just do this myself. It would be a massive headache trying to be "drug runner" between the two.

            I do know that the main concern would be the database. I intend to make recommendations to help prevent any exploits.

            Would you recommend a reseller or vps?
            Recommendations for prevention won't really matter, you just need to have regular back ups in case something DOES happen.

            Patient portal... so maybe like a form? That would be the best way to handle things, probably a basic form, but there are many different options and directions you can go with that.

            I'd probably recommend a VPS... You don't want to go with regular shared, and you don't want reseller since it is shared too, and a VPS is kind of better, definitely better than a reseller but if it is going to be big I would use a dedicated. I'd buy a dedicated server for myself, put them on it, and maybe a few other sites on it. Charge them monthly for it or yearly if you want... if a dedicated is out of the question, definitely go with the VPS.
            {{ DiscussionBoard.errors[7295008].message }}
            • Profile picture of the author abbot
              Banned
              Originally Posted by iAmNameLess View Post

              Recommendations for prevention won't really matter, you just need to have regular back ups in case something DOES happen.

              Patient portal... so maybe like a form? That would be the best way to handle things, probably a basic form, but there are many different options and directions you can go with that.

              I'd probably recommend a VPS... You don't want to go with regular shared, and you don't want reseller since it is shared too, and a VPS is kind of better, definitely better than a reseller but if it is going to be big I would use a dedicated. I'd buy a dedicated server for myself, put them on it, and maybe a few other sites on it. Charge them monthly for it or yearly if you want... if a dedicated is out of the question, definitely go with the VPS.
              Thanks buddy, will do. I appreciate your feedback. I was hoping I would catch you as you were snooping around the forum
              {{ DiscussionBoard.errors[7295192].message }}
  • Profile picture of the author HAdrian1239
    check into a company called Tiger text. they primarily setup networks within hospitals and medical clinics for text messaging between providers that is HIPAA compliant...

    At this point they may do some basic web development as well... but if nothing else they would know how to direct you to work with this technologically speaking... I used to work at their facility in Santa Monica California... really cool people, but I left because they didn't realize the technology gold mine they were sitting on.. and didn't want me to help them in spite of my vast experience in the medical industry...


    Posted from Warriorforum.com App for Android
    {{ DiscussionBoard.errors[7296298].message }}
    • Profile picture of the author deu12000
      I had a company in the medical field (not a hospital but bigger in territory as well as multiple offices) also interested in something a little more complex than what you're stating. It involved a lot of personal records and information being stored online and of course a lot of other stuff. I didn't end up taking the client by the way because the project at the end was too complex in scope and too time consuming for me to take on.

      You have to do a lot of research on HIPAA compliance. You need to have servers in secured facilities running the site, SSL certificates for certain areas, etc... I did the research and the project I was going to do was just much bigger than what I wanted to deal with.

      A hospital as long as it's no recording keeping online or showing any personal information probably wouldn't be too hard, but it really depends on what they need.

      The business I turned down, I went as far as quoting a price, them agreeing and I backed out literally a couple of hours after a verbal agreement because I realized how much of a pain the job was going to be. I told them after further review and analysis I'm just not comfortable with the project and didn't want to do anything to jeopardize their business.

      The good news about this is I have a great relationship with that business because I did turn them down. They found a developer or company willing to take their project. They got outside financing to get this done since they didn't want to use their own cash. The deal was $50K+ to build the site plus hosting fees. It's been over a year and the site is not complete yet. They want to kill the developers and always tell me they wish I would have taken the project on.

      Moral of the story: Make sure you're comfortable with the work. You can outsource all of the work, but you have to make sure you outsource it to the right people and when it comes to compliance check with a lawyer and do a lot of research before quoting a price (there may be dedicated server and monthly fees involved).
      {{ DiscussionBoard.errors[7298667].message }}
      • Profile picture of the author abbot
        Banned
        Originally Posted by deu12000 View Post

        I had a company in the medical field (not a hospital but bigger in territory as well as multiple offices) also interested in something a little more complex than what you're stating. It involved a lot of personal records and information being stored online and of course a lot of other stuff. I didn't end up taking the client by the way because the project at the end was too complex in scope and too time consuming for me to take on.

        You have to do a lot of research on HIPAA compliance. You need to have servers in secured facilities running the site, SSL certificates for certain areas, etc... I did the research and the project I was going to do was just much bigger than what I wanted to deal with.

        A hospital as long as it's no recording keeping online or showing any personal information probably wouldn't be too hard, but it really depends on what they need.

        The business I turned down, I went as far as quoting a price, them agreeing and I backed out literally a couple of hours after a verbal agreement because I realized how much of a pain the job was going to be. I told them after further review and analysis I'm just not comfortable with the project and didn't want to do anything to jeopardize their business.

        The good news about this is I have a great relationship with that business because I did turn them down. They found a developer or company willing to take their project. They got outside financing to get this done since they didn't want to use their own cash. The deal was $50K+ to build the site plus hosting fees. It's been over a year and the site is not complete yet. They want to kill the developers and always tell me they wish I would have taken the project on.

        Moral of the story: Make sure you're comfortable with the work. You can outsource all of the work, but you have to make sure you outsource it to the right people and when it comes to compliance check with a lawyer and do a lot of research before quoting a price (there may be dedicated server and monthly fees involved).

        Hey buddy, thanks for the tips. Fortunately for me there will not be any med records stored on MY server.

        My largest concern was just that. As far as the actual construction of the website goes, my team can handle. Hosting was by far the biggest concern.
        {{ DiscussionBoard.errors[7299728].message }}
        • Profile picture of the author searchgal
          In a recent former life, I recruited for major hospital systems in the marketing communications area, including placing people in charge of their website and on those teams. I've networked with tons of people around the U.S. in these recruiting assignments, and I just can't see this type of project being totally outsourced.

          Pulling "rogue" sites into the corporate fold was always a top priority, whether the site was being set up by a physician practice affiliated with the hospital, or an internal department getting creative, or a stand alone hospital in the system deciding to take matters into their own hands.

          The regulatory environment alone has some serious ramifications for whoever is doing this work.

          All that being said, I would make sure that you get some of your money up front, and have a good professional liability policy in place to protect you and your business from a future law suit.

          I'm all for landing big accounts, but I'm having my doubts about the scope of the work on this one. Hope this goes well for you!

          Cindy
          Signature
          {{ DiscussionBoard.errors[7300287].message }}
  • Profile picture of the author GB Solutions
    I just signed on a medical facility myself for a few different websites they want to build and some social media stuff. My entire family is in the medical field (doctors and surgeons, what the hell happened to me right?) so I am very familiar with HIPPA compliance and procedures; however, I had never heard of compliance for websites before.

    After digging and asking around, I came to the conclusion that there are 7 main areas of "compliance" The article linked sums everything up pretty well: 7 Steps to a HIPAA Secure Web Site (non affiliate link)

    The only thing that seems to be the real issue is the compliance requirements for the servers the website will be hosted on. From reading, and asking around, I am told that unless you are hosting the website on servers in house, you will be hard pressed to find "HIPPA COMPLAINT" servers because its not something for the masses, so its not provided to the masses. I have always used Host Gator but I have an email in to several different web hosting company to see if there are any HIPPA compliant servers available.

    ** I am not an expert nor a lawyer. The thoughts, opinions, and expressions of this post are solely of my own experience, not what is legally required.. Consult a lawyer prior to implementing anything written here because you may incur legal repercussions**
    Signature
    GB Solutions | Small Business Website & Marketing Solutions

    "To Strive, To Seek, To Find, and Not To Yield" -Tennyson
    {{ DiscussionBoard.errors[8722831].message }}
    • Profile picture of the author abbot
      Banned
      Originally Posted by GB Solutions View Post

      I just signed on a medical facility myself for a few different websites they want to build and some social media stuff. My entire family is in the medical field (doctors and surgeons, what the hell happened to me right?) so I am very familiar with HIPPA compliance and procedures; however, I had never heard of compliance for websites before.

      After digging and asking around, I came to the conclusion that there are 7 main areas of "compliance" The article linked sums everything up pretty well: 7 Steps to a HIPAA Secure Web Site (non affiliate link)

      The only thing that seems to be the real issue is the compliance requirements for the servers the website will be hosted on. From reading, and asking around, I am told that unless you are hosting the website on servers in house, you will be hard pressed to find "HIPPA COMPLAINT" servers because its not something for the masses, so its not provided to the masses. I have always used Host Gator but I have an email in to several different web hosting company to see if there are any HIPPA compliant servers available.

      ** I am not an expert nor a lawyer. The thoughts, opinions, and expressions of this post are solely of my own experience, not what is legally required.. Consult a lawyer prior to implementing anything written here because you may incur legal repercussions**

      Yeah, though this thread is a year old...We ended up just referring them to a company that handles medical websites for hospitals, doctors, and treatment centers. After debate, my company was just not ready for that large of a project.

      We made a hefty chunk from the referral sale and continue to make out well by having them as a client for other avenues.

      We handle all other online advertising and have had some great success with them.

      Best of luck to you.
      {{ DiscussionBoard.errors[8722927].message }}
  • Profile picture of the author GB Solutions
    To be honest, I saw 11-06 and neglected to read the year, my bad! haha
    Signature
    GB Solutions | Small Business Website & Marketing Solutions

    "To Strive, To Seek, To Find, and Not To Yield" -Tennyson
    {{ DiscussionBoard.errors[8725298].message }}

Trending Topics