Key Features Of WordPress
Custom domain and any email service
Bring your own domain name and email service of choice.
WordPress can be built very secure if your web developer knows what they are doing. However, due to the popularity of the platform it does suffer more hacking attempts. There are also 3rd party sites selling plugins and themes that are compromised. There have been plugins that were available to download that were really malware. The convenience of installing a plugin or a new theme can lead to data breach if they are not properly vetted.
Ease Of Use
WordPress site owners can set up a good-looking site without much HTML or CSS knowledge. With the Gutenberg update pages can be built with some more design options, there are also page builders, and pre-made themes.
While WordPress is not a light as other content management systems it can make a site that performs great if it is built right. Unfortunately, it can easily be bogged down by needless plugins, poorly developed themes to name a few issues. Typically, new site owners installing a plugin to do something that is easier and faster to do with a few lines of code.
WordPress can be hosted on nearly any HIPAA compliant host or self-hosted. This means WordPress can connect or create any database or web application API without limitation. In layman’s terms you have more flexibility.
WordPress can be very un-secure and slow if built improperly.
You can’t set it and forget it. WordPress, themes, and 3rd party plugins have regular updates that are recommended because new vulnerabilities or bugs are discovered.
However, these updates can also have unexpected interactions on the site and can break sites if they are not tested. A regular backup schedule is recommended (it is good to backup your site no matter the platform you are on).
Performance can be degraded if you have a high-volume site.
High amounts of content can become difficult to work with in WordPress.
Are WordPress forms HIPAA compliant?
That depends on how the site is built. WordPress is an open source content managment platform that you host and build your website on. That means if you do not have a HIPAA compliant hosting, a server set up correctly, and your forms are not built compliantly then it is not. However, HIPAA compliant hosting can be slightly cost prohibitive for smaller practices.
You can embed a HIPAA compliant form into WordPress for a less than optimal solution. Using a HIPAA compliant 3rd party service such as Hushmail, Jotform, or Formstack. Most electronic health record systems also have options to embed into or connect to your site.
How much does a WordPress site cost?
A WordPress site can range in price. Sites can range from $1,000– $15,000+ depending on what you need. A good rule of thumb, sites under a $1,000 are going to be more of a template theme set up with little to no customization, or fully outsourced out of the country. Both have concerns with potential HIPAA violations and future ePHI. We have seen sites where they had a backdoor placed in the site by the outsourced web developer or all form data was logged and copies sent to the web “guy”. You get what you pay for but also understand that with HIPAA the “get what you pay for” might also be a fine much much higher than the cost of a fully customized site. (Since HIPAA fine caps per year range from $50k- $1.5 million)
In general, a WordPress site typically costs less than a Drupal site however, costs can become comparable if complex requirements are added.
The Verdict On WordPress
A custom or premade WordPress site has more flexibility and lower cost in the long run for solo practitioners, small to larger organizations in terms of performance and security. Because all or a majority of the code is custom, the potential for hacking is much lower. WordPress is the largest platform for creating websites and this makes it a common a target for hackers of all skill levels. Drupal has a much smaller user base and typically requires more advanced hackers to exploit. Both WordPress and Drupal can be very secure with the right web developers.
WordPress can be built in a way that is HIPAA compliant. Some of the highest traffic sites online are built on WordPress. It is a great choice for a HIPAA compliant website.
Making a complaint site on WordPress can be affordable as well.
There are many tools to assist you in building your own site even if you have limited coding skills.
If you build your own site it is important that you carefully vet what you install on your site. It is advised that you utilize a HIPAA consultant or a web designer that understands the risks and can recommend compliant options.
Drupal has an edge over WordPress when your clinic is much larger and handles more ePHI.
We highly recommend Drupal if you can afford development costs.