A large number of healthcare providers websites still do not use a secure HTTPS connection. A test done by Open State Foundation with the online dashboard Pulse (pulse.openstate.eu) shows that out of 22,393 unique domains of Dutch healthcare providers, only one third supports a connection that ensures communications between the website and a user’s browser are encrypted.
Only 39% of the healthcare providers surveyed websites support HTTPS. 1,786 of the healthcare websites with an HTTPS connection did not enforce HTTPS, leaving visitors without HTTPS at 69% of the surveyed healthcare websites. Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. It means all communications between your browser and the website are encrypted.
Mental health, obstetricians and physiotherapy
Of the investigated websites of obstetricians, mental health providers and home care providers, only 34% support HTTPS. In less than a third of these websites, HTTPS is enforced. Physiotherapists’ websites (30%) and paramedic care providers (24%) also score low.
Pharmacies, dental and oral care, disability care
Just under half of the websites of pharmacies investigated support HTTPS, with 45% enforcing this. For websites of dentists, dental hygienists and providers of disability care, this is almost 40% but only 33% of these sites enforce HTTPS.
Websites of hospitals and GPs are better protected than other healthcare providers
Websites of hospitals and general practitioners are relatively most secure. Over 75% of the 108 unique domains of hospitals support an HTTPS connection. Of 3,475 unique websites of GPs, 66% support an HTTPS connection. Of these tested sites, 68% of hospital sites and 61% of websites of GPs enforce HTTPS. Of the 161 tested youth care providers’ websites, 56% support an HTTPS connection, but less than 37% of the domains enforce HTTPS.
Unsecured forms of personal information and medical information
A sample of the websites surveyed also reveals that various healthcare providers offer online forms on unsecured websites. For example, registration forms can be found on unsecured websites of GPs, pharmacies, midwives and mental health providers. These online forms will ask for personal information (for example, personal identification numbers) and medical information (for example, conditions, last menstruation). Also on websites that do not support HTTPS, online forms to request drugs prescriptions and forms for asking various questions.
In December 2016, Open State Foundation launched the Dutch version of Pulse (pulse.openstate.eu) where users can check whether a Dutch government website supports a secure HTTPS connection. Since then, the number of Dutch government websites that support HTTPS has grown from 44% to 66%. At the beginning of 2017, the Dutch government announced that it would like to require HTTPS for all government websites by law.