Accessibility Statement Skip Navigation
  • Why PRWeb
  • How It Works
  • Who Uses It
  • Pricing
  • Login
  • GDPR
  • Create a Free Account
Return to PRWeb homepage
  • News
  • Resources
  • Contact
When typing in this field, a list of search results will appear and be automatically updated as you type.

Searching for your content...

No results found. Please change your search terms and try again.
  • News in Focus
      • Browse News Releases

      • All News Releases
      • Multimedia Gallery

      • All Multimedia
      • All Photos
      • All Videos
  • Business & Money
      • Auto & Transportation

      • Aerospace, Defense
      • Air Freight
      • Airlines & Aviation
      • Automotive
      • Maritime & Shipbuilding
      • Railroads and Intermodal Transportation
      • Supply Chain/Logistics
      • Transportation, Trucking & Railroad
      • Travel
      • Trucking and Road Transportation
      • View All Auto & Transportation

      • Business Technology

      • Blockchain
      • Broadcast Tech
      • Computer & Electronics
      • Computer Hardware
      • Computer Software
      • Data Analytics
      • Electronic Commerce
      • Electronic Components
      • Electronic Design Automation
      • Financial Technology
      • High Tech Security
      • Internet Technology
      • Nanotechnology
      • Networks
      • Peripherals
      • Semiconductors
      • View All Business Technology

      • Entertain­ment & Media

      • Advertising
      • Art
      • Books
      • Entertainment
      • Film and Motion Picture
      • Magazines
      • Music
      • Publishing & Information Services
      • Radio & Podcast
      • Television
      • View All Entertain­ment & Media

      • Financial Services & Investing

      • Accounting News & Issues
      • Acquisitions, Mergers and Takeovers
      • Banking & Financial Services
      • Bankruptcy
      • Bond & Stock Ratings
      • Conference Call Announcements
      • Contracts
      • Cryptocurrency
      • Dividends
      • Earnings
      • Earnings Forecasts & Projections
      • Financing Agreements
      • Insurance
      • Investments Opinions
      • Joint Ventures
      • Mutual Funds
      • Private Placement
      • Real Estate
      • Restructuring & Recapitalization
      • Sales Reports
      • Shareholder Activism
      • Shareholder Meetings
      • Stock Offering
      • Stock Split
      • Venture Capital
      • View All Financial Services & Investing

      • General Business

      • Awards
      • Commercial Real Estate
      • Corporate Expansion
      • Earnings
      • Environmental, Social and Governance (ESG)
      • Human Resource & Workforce Management
      • Licensing
      • New Products & Services
      • Obituaries
      • Outsourcing Businesses
      • Overseas Real Estate (non-US)
      • Personnel Announcements
      • Real Estate Transactions
      • Residential Real Estate
      • Small Business Services
      • Socially Responsible Investing
      • Surveys, Polls and Research
      • Trade Show News
      • View All General Business

  • Science & Tech
      • Consumer Technology

      • Artificial Intelligence
      • Blockchain
      • Cloud Computing/Internet of Things
      • Computer Electronics
      • Computer Hardware
      • Computer Software
      • Consumer Electronics
      • Cryptocurrency
      • Data Analytics
      • Electronic Commerce
      • Electronic Gaming
      • Financial Technology
      • Mobile Entertainment
      • Multimedia & Internet
      • Peripherals
      • Social Media
      • STEM (Science, Tech, Engineering, Math)
      • Supply Chain/Logistics
      • Wireless Communications
      • View All Consumer Technology

      • Energy & Natural Resources

      • Alternative Energies
      • Chemical
      • Electrical Utilities
      • Gas
      • General Manufacturing
      • Mining
      • Mining & Metals
      • Oil & Energy
      • Oil and Gas Discoveries
      • Utilities
      • Water Utilities
      • View All Energy & Natural Resources

      • Environ­ment

      • Conservation & Recycling
      • Environmental Issues
      • Environmental Policy
      • Environmental Products & Services
      • Green Technology
      • Natural Disasters
      • View All Environ­ment

      • Heavy Industry & Manufacturing

      • Aerospace & Defense
      • Agriculture
      • Chemical
      • Construction & Building
      • General Manufacturing
      • HVAC (Heating, Ventilation and Air-Conditioning)
      • Machinery
      • Machine Tools, Metalworking and Metallurgy
      • Mining
      • Mining & Metals
      • Paper, Forest Products & Containers
      • Precious Metals
      • Textiles
      • Tobacco
      • View All Heavy Industry & Manufacturing

      • Telecomm­unications

      • Carriers and Services
      • Mobile Entertainment
      • Networks
      • Peripherals
      • Telecommunications Equipment
      • Telecommunications Industry
      • VoIP (Voice over Internet Protocol)
      • Wireless Communications
      • View All Telecomm­unications

  • Lifestyle & Health
      • Consumer Products & Retail

      • Animals & Pets
      • Beers, Wines and Spirits
      • Beverages
      • Bridal Services
      • Cannabis
      • Cosmetics and Personal Care
      • Fashion
      • Food & Beverages
      • Furniture and Furnishings
      • Home Improvement
      • Household, Consumer & Cosmetics
      • Household Products
      • Jewelry
      • Non-Alcoholic Beverages
      • Office Products
      • Organic Food
      • Product Recalls
      • Restaurants
      • Retail
      • Supermarkets
      • Toys
      • View All Consumer Products & Retail

      • Entertain­ment & Media

      • Advertising
      • Art
      • Books
      • Entertainment
      • Film and Motion Picture
      • Magazines
      • Music
      • Publishing & Information Services
      • Radio & Podcast
      • Television
      • View All Entertain­ment & Media

      • Health

      • Biometrics
      • Biotechnology
      • Clinical Trials & Medical Discoveries
      • Dentistry
      • FDA Approval
      • Fitness/Wellness
      • Health Care & Hospitals
      • Health Insurance
      • Infection Control
      • International Medical Approval
      • Medical Equipment
      • Medical Pharmaceuticals
      • Mental Health
      • Pharmaceuticals
      • Supplementary Medicine
      • View All Health

      • Sports

      • General Sports
      • Outdoors, Camping & Hiking
      • Sporting Events
      • Sports Equipment & Accessories
      • View All Sports

      • Travel

      • Amusement Parks and Tourist Attractions
      • Gambling & Casinos
      • Hotels and Resorts
      • Leisure & Tourism
      • Outdoors, Camping & Hiking
      • Passenger Aviation
      • Travel Industry
      • View All Travel

  • Policy & Public Interest
      • Policy & Public Interest

      • Advocacy Group Opinion
      • Animal Welfare
      • Congressional & Presidential Campaigns
      • Corporate Social Responsibility
      • Domestic Policy
      • Economic News, Trends, Analysis
      • Education
      • Environmental
      • European Government
      • FDA Approval
      • Federal and State Legislation
      • Federal Executive Branch & Agency
      • Foreign Policy & International Affairs
      • Homeland Security
      • Labor & Union
      • Legal Issues
      • Natural Disasters
      • Not For Profit
      • Patent Law
      • Public Safety
      • Trade Policy
      • U.S. State Policy
      • View All Policy & Public Interest

  • People & Culture
      • People & Culture

      • Aboriginal, First Nations & Native American
      • African American
      • Asian American
      • Children
      • Diversity, Equity & Inclusion
      • Hispanic
      • Lesbian, Gay & Bisexual
      • Men's Interest
      • People with Disabilities
      • Religion
      • Senior Citizens
      • Veterans
      • Women
      • View All People & Culture

  • Hamburger menu
  • Cision PRWeb provides efficient communication tools to continuously engage with target audiences across multiple online channels
  • Create a Free Account
    • ALL CONTACT INFO
    • Contact Us


      11AM ET Sunday – 8PM ET Friday

  • Send a Release
  • Sign up
  • Log in
  • Resources
  • RSS
  • GDPR
  • News in Focus
    • Browse All News
    • Multimedia Gallery
  • Business & Money
    • Auto & Transportation
    • Business Technology
    • Entertain­ment & Media
    • Financial Services & Investing
    • General Business
  • Science & Tech
    • Consumer Technology
    • Energy & Natural Resources
    • Environ­ment
    • Heavy Industry & Manufacturing
    • Telecomm­unications
  • Lifestyle & Health
    • Consumer Products & Retail
    • Entertain­ment & Media
    • Health
    • Sports
    • Travel
  • Policy & Public Interest
  • People & Culture
    • People & Culture
  • Send a Release
  • Sign up
  • Log in
  • Resources
  • RSS
  • GDPR
  • Send a Release
  • Sign up
  • Log in
  • Resources
  • RSS
  • GDPR
  • Send a Release
  • Sign up
  • Log in
  • Resources
  • RSS
  • GDPR

HIPAA Vault's top tips for WordPress and HIPAA Compliance
  • USA - English

Protect your sensitive data in a secured and managed HIPAA Compliant infrastructure


News provided by

HIPAA Vault

Nov 03, 2020, 12:00 ET

Share this article

Share toX

Share this article

Share toX

SAN MARCOS, Calif., Nov. 3, 2020 /PRNewswire-PRWeb/ -- WordPress leads the global content management market, with over 450 million sites worldwide. As such, it has become a highly visible target for malicious attacks.

WordPress healthcare sites are especially prized, as hackers seek to gain access to server resources and protected health information (PHI) for illicit gain. Outdated versions of WordPress and insecure plugins invite infiltration; spam emails, rogue advertisements, and botnet attacks can also lead to devastating data breaches. Costly fines, lawsuits, loss of business, and damaged reputations can all result.

Configuring WordPress for HIPAA compliance is therefore indispensable for protecting healthcare organizations and their patients.

It's Bigger than Your Site

It's essential to understand that HIPAA security controls include administrative, physical, and technical aspects which extend to organizations as a whole. In other words, a secure website first depends upon these important security controls being ingrained in your organization's policies and procedures.

Since HIPAA compliance is best understood as a process and not a one-time event, a regular (monthly) gap remediation process that includes identification of security flaws, as well as remediation (corrective actions) with reporting is invaluable. This is an important extension of a regular risk assessment, which seeks to identify all risks to PHI:

Securing Your Wordpress Site

With this foundation, securing your WordPress website can broadly be covered under 3 headings:

1) A secure infrastructure
2) Assigning appropriate permissions/maintaining logs, and
3) Providing in-depth layers of defense.

1) A Secure Infrastructure

Keeping PHI secure depends upon a HIPAA-compliant infrastructure, one which will secure your data in-transit and at-rest with data-loss preventions built-in. Since such infrastructure is complex to build and maintain, it is best to leverage the expertise of a proven HIPAA host who will sign a Business Associates Agreement with you.

Note: A BAA is a HIPAA-mandated, legal contract that confirms a patient's data will be kept confidential, both in transit and in storage on all servers. The BAA will not be with WordPress; however, you will need a BAA with your HIPAA hosting company or any business associate that handles PHI on your behalf. If your site is dedicated to blogging or providing general health information unrelated to specific patients, a BAA is not required.

In accordance with the HIPAA Security Standard, a HIPAA-compliant host will help set administrator controls to authenticate user-access to the environment. These will include:

Unique User Ids for Wordpress users (Required)
Encryption and decryption for end-to-end protections (Addressable)
Automatic logoff controls (Addressable)
Emergency access (Required)

Unique User Ids
A system of unique user IDs and complex passwords for all users helps to authenticate and control user-access to the environment. Once the appropriate access and permissions are set for your team (see below), the admins can help set these unique user IDs. Secure procedures for login and logout should also be in play.

Encryption and Decryption
Sensitive medical data needs strong, end-to-end privacy protections. Numerous breaches have occurred because devices containing unencrypted PHI - including mobile phones and laptops - have either been lost or stolen. Encryption protects your data by replacing it with ciphertext, making it unreadable until decrypted. Note: A WordPress database that will be used to store sensitive PHI – including text, images, and videos – must also be encrypted.

Automatic Logoff Controls
Logoffs - either manual or automatic - should always be performed when a workstation is unattended. Using a screensaver that locks your desktop after a period of time will help also prevent unauthorized access to PHI.

Emergency Access
To maintain high data availability - a requirement of HIPAA - a HIPAA Compliant host should have a secondary data center to which they can sync the backups of your site (and site's databases). It is "HIPAA best practice" to specify who will have emergency access to your data in the event of a disaster.

2) Assigning Appropriate Permissions and Maintaining logs

Assigning appropriate permissions to your WordPress site(s) should involve the principle of least privilege - an application of the HIPAA Privacy Rule. Basically, this helps to limit access, by assigning permissions based on which individuals and associated covered entities truly require access to PHI, and which do not.

Once permissions are established, ensuring strong password policies is also vital. Password complexity helps prevent brute-force attacks, as username/password combinations are still the most common target for attack. A password manager tool can be of great help here.

A HIPAA hosting provider that offers server log management for auditing of access is also critical; these records should identify who has attempted to access PHI on your server(s) and what they've accessed – both failed and successful log-in attempts - as well as any security event or malicious software. Security Event and Information Management (SEIM) tools are typically employed for this, and the logs must be kept for a minimum of six years.

3) Providing in-depth (or layers) of defense

Ensuring in-depth defense of your WordPress site requires multiple layers of security. For example, the HIPAA Security Rule prescribes the use of physical safeguards which would protect a web server with PHI on it from unauthorized intrusion, as well as natural and environmental hazards. Locked doors, restricted area warning signs, cameras, alarms, etc. are all used to protect equipment that handles PHI.

An ideal host for HIPAA compliant WordPress is a Managed Security Service Provider (MSSP). An MSSP will provide additional layers of advanced security protections for your site, like standard and application firewalls, Anti-DDoS Management, Custom IP Reputation, Host-based Intrusion Detection, Advanced Security Rules, Real-time OS security patches and upgrades, and Log Analysis. All of these work together to thwart potential threats and keep your WordPress application safe.

Protected Database
A general rule is the less sensitive data you have on your site the better; this decreases the opportunity for data to be compromised in an attack. An ideal solution for this is to utilize a host encrypted database with a dedicated IP Address, separate from where the content resides. Since your data is stored offsite, it remains secure even if your personal computer fails.

Plugins
Finally, WordPress security can be significantly expanded by the use of trusted plugins. A plugin is essentially a piece of PHP software that is meant to integrate with your site and add new features. Since not all plugins come from trustworthy sources (there are thousands of free plugins, and thousands more sold by various companies) review of all plugins should be part of your ongoing risk assessments, and care must be taken to ensure the latest version and compatibility.

One plugin we'd especially recommend is the Two-Factor Authentication (2FA) plugin. 2FA helps to avoid a single-point-of-failure in the sign-on process by requiring the addition of a one-time passcode (OTP) to be entered.

Conclusion
Most healthcare providers - especially those without IT departments - lack the technical expertise and time to manage all of the above while caring for patients. Since out-of-the-box WordPress is not meant to be HIPAA compliant, finding a proven HIPAA compliant host to handle the configurations and maintenance for you is highly recommended.

A fully-managed hosted SaaS solution for WordPress that allows developers to do additional customizations of themes and features may also be ideal. Whatever solution you decide on, your goal of safely handling PHI and strengthening patient engagement with your WordPress site will be furthered by a secure, HIPAA compliant foundation. For more information on HIPAA Compliant WordPress from HIPAA Vault, visit us at http://www.hipaavault.com.

SOURCE HIPAA Vault

Related Links

http://www.hipaavault.com

Modal title

Contact PRWeb

  • 11AM ET Sunday – 8PM ET Friday
  • Contact Us

About PRWeb

  • About PRWeb
  • Partners
  • Partnership Programs
  • Editorial Guidelines
  • Resources

Why PRWeb

  • Why PRWeb
  • How It Works
  • Who Uses It
  • Pricing

Accounts

  • Create a Free Account
  • Log in
  • Contact Us

Do not sell or share my personal information:

  • Submit via [email protected] 
  • Call Privacy toll-free: 877-297-8921

Contact Cision

Products

About

My Services
  • All News Releases
  • Online Member Center
  • ProfNet
Cision Distribution Helpline
888-776-0942
  • Legal
  • Site Map
  • RSS
  • Cookie Settings
Copyright © 2025 Cision US Inc.