1. Home
  2. Security
  3. Achieving HIPAA Compliance for WordPress

Achieving HIPAA Compliance for WordPress

When it comes to meeting the Health Insurance Portability and Accountability Act’s (HIPAA) standards, the WordPress CMS itself is inherently incompatible by default, meaning the software itself has issues.

The purpose of HIPAA is to ensure sensitive personal patient data is privately and securely stored. So, if you’re intending to retain protected health information (PHI) in a WordPress instance you’re likely going to run afoul of HIPAA regulations.


How Pagely Addresses HIPAA


Our platform is based completely on the Amazon Cloud. AWS offers a HIPAA risk management program associating itself with high security standard compliance regulations like FedRAMP and NIST 800-53 that route to the HIPAA Security Rule.

With the proper safeguards in place, organizations that require HIPAA compliance are therefore able to create a HIPAA-approved environment using certain AWS products. By virtue of being an exclusive partner of AWS, we adopt these compliance capabilities that we’re able to pass along to our customers. Head over to the AWS website to review the complete AWS HIPAA Compliance WhitePaper.


Storing PHI Data the Right Way


All technical, physical and administrative security controls are offered and applied by both Pagely and AWS as a standard practice, therefore the essential ingredient boils down to how you’re storing any PHI relative data.

Customers will need to ensure this data is stored outside the WordPress repository, like a separate Amazon S3 bucket. Our team can help verify the proper access rules are in place once an S3 bucket has been created. Other critical items such as strong passwords, use of secure plugins kept updated, and security scanning are all continually enforced by the Pagely InfoSec squad.

Learn how to incorporate our Press3 service with your personal s3 account by clicking the embeded support article link.


Finding the Right Capture Forms


If you need a direction on finding the right capture forms, there are 3rd-party services like Formidable and Cognito Forms that fit within these said guidelines if you’re collecting sensitive PII data from users. These are SaaS providers that have WordPress plugins to make a seamless solution. All data subject to HIPAA regulations gets stored on their secure servers outside of the WordPress database.

Our sales team is happy to chat more about reaching HIPAA and other regulatory compliance needs for your websites should you have questions.

Was this article helpful?