Modern Aesthetics | Safety Dance: HTTPS Update
Aesthetics Wire
SENTÉ Illuminé Eye Cream Launches
Article Category

Safety Dance: HTTPS Update

Is HTTPS really worth jumping through hoops for an aesthetic practice?
By: David Evans, PhD, MBA


Google announced during the third quarter of 2017 that it would heavily favor websites hosted on a secure server; that is, when the website address begins with “HTTPS.” Google also declared that for non-https websites, a major “Warning” would appear when website visitors using the Chrome browser began typing a message into the website contact form. (Chrome is one of the most popular browsers.)

HTTPS was designed to protect (through encryption) the private personal and financial data that is stored on or drawn from website databases where the data is used for transactions. HTTPS is typically used for websites where consumers log in, such as large e-commerce and financial institution sites, as well as for other companies that regularly store secure information in their website databases.

Aesthetic plastic surgery website databases rarely store practice or patient financial or personal information. Practice websites typically only store and present/display files intended to be viewed by the public, such as text, graphics, pictures and video files. In general, HTTPS encryption is not needed for most practice websites.

HTTPS vs HIPAA

A common question is, “Is it true that moving my website to an HTTPS server will make my email completely secure?” The answer is an unequivocal NO! A completely secure email chain only occurs if both the sender’s and receiver’s email is secure, i.e. if both the practice and the patient log in to a secure system to send and read the email (think banking or insurance). While having your website contact forms, and data captured from them, hosted on a secure server is a good idea, HTTPS is not required to achieve this level of security, nor does it guarantee HIPAA compliance.

Does This Affect SEO?

The buzz surrounding HTTPS and Google’s ranking algorithm became louder throughout the year. Although Google has stated that use of HTTPS is among its ranking factors, there has been no evidence to demonstrate that HTTPS sites outperform non-HTTPS sites in the search results. Google considers more than 200 different factors, both on and off the practice website, to determine rankings. HTTPS is clearly one of the more minor of these factors. The key ranking variables continue to include robust content, links, coding, consistent citations, social media engagement and reviews.

As time marches on, HTTPS will become more important, but don’t be scared into embracing it based strictly on Google’s latest whim. Base your decision to switch (or not switch) to HTTPS on your practice’s goals or budget. The conversion is very straightforward and costs anywhere from $700 to $1,200 for the first year. Since the conversion and update must occur each time HTTPS expires, many practices opt for multi-year packages so that HTTPS expires over a longer time period, which lowers the average price per year.

Story of the Year

This was definitely the biggest Internet marketing story of 2017, and if I were a betting man, I would say net neutrality will be the story of 2018. Last week, the Federal Communications Commission announced plans to dismantle net neutrality. Curious what this may mean for your website? We’ll address that in an upcoming Upper Hand.

David Evans, PhD, MBA is CEO of Ceatus Media Group, based in San Diego. He can be reached at devans@ceatus.com.