![jotforms hipaa compliance forms jotforms hipaa compliance forms](https://pernillahelmersson.b-cdn.net/wp-content/uploads/2020/02/hipaa-forms-online-and-hipaa-compliant-patient-forms.jpg)
WordPress and Business Associate Agreements All risks to the confidentiality, integrity, and availability of ePHI must be identified and those risks and addressed via risk management processes that reduce those risks to a reasonable and acceptable level. Once all the necessary controls have been implemented that satisfy the requirements of the HIPAA Security Rule, the website (and plugins) and all associated systems that interact with the site must be subjected to a risk analysis. If a third-party hosting company is used, a business associate agreement is required.The website must be hosted with a HIPAA-compliant hosting provider (or internally).Administrators and any internal users should be trained on use of the website and made aware of HIPAA Privacy and Security Rules.Physical security controls must be implemented to prevent unauthorized access to the web server.Transmission security controls must be implemented to ensure any ePHI uploaded to the site is secured (and encrypted in transit) and data must be appropriately secured at rest (encrypted on a third-party server or encrypted/otherwise secured on a covered entity’s web server).There must be integrity controls in place that prevent ePHI from being altered or destroyed.Audit controls must be in place that log access to the site and any activity on the site that involves ePHI.HIPAA-covered entities must ensure there are access controls in place to prevent unauthorized individuals from gaining access to PHI or to the administration control panel.Websites must incorporate administrative, physical, and technical controls to ensure the confidentiality of any protected health information uploaded to the website or made available through the site. Those requirements apply to all websites, including those developed from scratch or created using an off-the-shelf platform such as WordPress. HIPAA does not specifically cover compliance with respect to websites, HIPAA requirements for websites are therefore a little vague.Īs with any other forms of electronic capture or transmission of ePHI, safeguards must be implemented in line with the HIPAA Security Rule to ensure the confidentiality, integrity, and availability of ePHI. The platform is popular with businesses, but is it suitable for use in healthcare? Can you make WordPress HIPAA compliant?īefore assessing whether it is possible to make WordPress HIPAA compliant, it is worthwhile covering how HIPAA applies to websites. WordPress is a convenient content management system that allows websites to be quickly and easily constructed.