WordPress offers a variety of website security features, but it is unclear whether the controls are sufficient to meet HIPAA regulations.
It is possible to meet specific HIPAA standards in WordPress, but this process is complicated. Controls must be in place to prevent unauthorized access to the administration control panel and PHI. Additionally, transmission security controls are necessary to encrypt data in transit and secure information at rest.
If covered entities choose WordPress for website design and content management, they should be careful before considering uploading PHI to the site.
WordPress is a content management system that offers open-source services for website design and more. Available features include templates and plug-in architecture to provide easy-to-use, customizable solutions for each site.
This web page was updated on September 28, 2022.
Readers should perform their own research before making the final decision. The information on the Jotform HIPAA Compliance Checker does not constitute official healthcare or legal advice. Jotform is not liable for any damage or liabilities arising out of or connected in any manner with this platform.