When it comes to building a website, the first choice is always WordPress as a CMS. Uploading new content or making it SEO optimized for ranking it better in Google SERP is one of the many reasons behind choosing WordPress.
But can we make WordPress HIPAA compliant?
Let’s assess –
Do you really need HIPAA compliant WordPress website?
The answer for this question is with you. There could be only two possible reason for thinking to make HIPAA compliant WordPress website –
In the first case where you are not storing any e-PHI data on your end then there is no need for going or thinking about HIPAA compliance. You can start working on your website just like a normal blog.
On the other hand, if you are making a website in the healthcare niche and thinking to store e-PHI data then it is recommended that you make it HIPAA compliant from the very beginning. The whole focus while building a HIPAA compliant WordPress website, should be on how you can secure that e-PHI data and keep it private.
Below are the e-PHI data that you need to keep safe after acquiring it.
How to make WordPress HIPAA compliant website?
There are multiple steps for making your WordPress HIPAA complaint. Starting from secure servers, encryption service for storing and transmission of e-PHI data and access controls, you need to pay special attention to all these and many compliance conditions. Let’s cover and see what are the requirements
There are three main safeguards that need to implemented before making WordPress HIPAA compliant for storing and safely transmission of e-PHI data from the website to storage.
Functions of these safeguards are following –
Here is the complete guide for your reference Privacy and security HIPAA
Will WordPress sign the BAA with us ?
Unfortunately, there is no mention of BAA anywhere on Automattic website. That means if you were planning to use WordPress.com for your website then, unfortunately, there is no BAA agreement that you can sign with them for HIPAA compliance. 🙁
However, if you are planning to use wordpress.org where you can download WordPress as open-source software. There are two scenarios that you need to keep in mind
In the first case when you self hosts the WordPress website, to make it HIPAA compliant you need to follow HIPAA compliance standards.
However, if you are planning to use third-party hosting service then they need to be HIPAA compliant hosting which will sign the BAA with you.
Things to keep in mind for making WordPress HIPAA compliant
Moreover, WordPress is not an out of box ideal software to make a HIPAA compliant website. However, there are steps that you can follow which will be not easy to implement.
In the end, making WordPress HIPAA compliant is not the ideal solution for anyone as it requires a lot of security checks and audits to make it compliant with HIPAA guidelines. But if you are up for the challenge then there is always a way for achieving the same.
You can also check out HIPAA compliant email service provider. And, a super amazing guide for learning on how to generate leads for healthcare sector