How to Host Your WordPress Site on a HIPAA-Compliant Hosting Platform

The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 to protect patient privacy and to make sure that personal health information is secure. Since its inception, HIPAA has been amended multiple times to keep up with changing technologies and the industry’s need for health information exchange. The most recent amendment, the Genetic Information Nondiscrimination Act, goes into effect in April 2019.

While the legislation was primarily designed to keep PHI secure, it also placed some limitations on what types of health information providers can share online. Specifically, because PHI is individually identifiable, HIPAA prohibits healthcare providers from using person-specific data in a way that could be traced back to a specific individual. For example, providers are not allowed to share a patient’s name, address, or phone number online without written consent. They also cannot use genetic information (like SNP’s or genealogy records) in a manner that could identify an individual. Finally, under HIPAA, entities whose business models revolve around the sale of highly sensitive medical information (like patient records or genomic data) need to implement data security and privacy controls that meet the highest standards.

The consequences of violating HIPAA can be severe, including hefty fines and the risk of having your practice struck from the Health Insurance Marketplace.

Why Choose a HIPAA-Compliant Web Hosting Platform

If you’re reading this, I assume that you’re already aware of some of the risks and pitfalls that come with non-HIPAA-compliant web hosting providers. You’ve likely already heard horror stories about big data-hungry businesses collecting and selling your personal health information, or how hackers can infect your computer with viruses that steal your personal information. But what you may not know is that even seemingly innocent-seeming shared hosting providers are not covered under HIPAA and therefore are not legally obligated to protect your data. In fact, they might even be incentivized to sell your information to the highest bidder.

This being said, choosing a HIPAA-compliant web host is still a favorable move. To begin with, you’re ensuring that your personal data stays secure and private. Beyond that, using a HIPAA-compliant web host also means that you can take advantage of all the hosting-related features that are offered. These include advanced security controls, proactive malware protection, and a 99.9 percent uptime guarantee. Most importantly, though, shared hosting on a HIPAA-compliant platform is less expensive than utilizing other types of web hosts. You can sign up for a free trial to test out their service before committing to a purchase.

How to Host Your WordPress Site on a HIPAA-Compliant Web Hosting Platform

Now that you’re armed with the necessary information, it’s time to take advantage of all the benefits that come with a HIPAA-compliant web host. To do so, you will need to take into consideration a number of factors, including your site’s requirements and the type of content that you want to publish.

Here are the steps to successfully migrating your WordPress site to a HIPAA-compliant host:

Create A Plan

Before you start making any changes, it’s important to put into place a plan. This involves defining the tasks that you want to accomplish, identifying the resources that you will need to make it happen, and creating a time line. To create the ultimate patient privacy and security policy, consult with an expert legal professional and/or an industry expert in data security.

Update Your Domain Name & Website

Since you’ll be changing domains, you’ll want to make sure that your new site is live before you make any changes to your configuration files. In most cases, this means having a working site before you make any significant changes to your hosting environment. While there are exceptions to this rule, they are generally limited to niche markets like real estate agents or mortgage brokers, who need to have their active domain name in place before they make key decisions relating to their business.

Get Your Content Ready

The good news is that once you have a working site, the content is largely ready to go live. The bad news is that you have to decide what this content is going to be before you can start moving it to your new environment. This requires some thinking and a bit of preparation. To start with, you’ll want to examine the content that you have already published and decide which portions of it you want to keep and which you want to remove. Once you have selected the content that you want to keep, you can use this as the basis for your new posting schedule. Remember, though, that you don’t have to keep everything. You can remove articles that are exceptionally outdated or that don’t fit into your niche.

Update Your Database

Since your content is largely ready to be published, the next step is to prepare your database for publication. This entails changing a number of settings in your WP database, like the name of your publication, the email that is used to contact the publication, and the description of your publication. Additionally, you’ll want to ensure that all your social media accounts are linked to your database. This ensures that all your publications are promoted on the appropriate social media accounts.

Configure Your Web Site

Once your database is updated, you can configure your web site. To do this, simply visit your website’s admin area and make the changes that you need to make. Depending on your needs, you might want to create different folders or install different WordPress themes and/or plugins.

Choose A Suitable Host For Your Site

Now that you have a working website, the question becomes: which host should you pick? For the ultimate patient privacy and security, you will want to go with a reputable company that is also HIPAA-compliant. The most common shared hosting providers that are fully compliant with HIPAA are:

  • Amazon Web Services
  • Dreamhost
  • GoDaddy
  • Hoster
  • InMotion Hosting
  • Linode
  • Media Temple
  • OVH
  • Pantheon
  • Rackspace
  • SugarCrm
  • Wistia

When picking a host, also consider their customer support, security protocols, and pricing. Typically, you will want to look for providers that are U.S.-based as well. This ensures that you are protected by the same legal standards that protect the U.S. healthcare system. Additionally, make sure to look at their privacy and security policies to see how they intend to handle your personal data.

Migration Tool

If you’ve already deployed WordPress on a hosting platform that is not HIPAA-compliant, then you already have a starting point for the migration process. To make the move as smooth as possible, most providers offer a tool that makes it simple to migrate existing sites to a HIPAA-compliant host. Simply login to your account and use the tool to export your entire WordPress installation to a ZIP file. From there, you can deploy the contents of the file to a HIPAA-compliant host without having to worry about a thing.

Final Takeaway

Choosing a HIPAA-compliant web host is a good move, as it ensures that your personal data is secure and that you aren’t exposed to risks that are posed by other vendors. Beyond that, using a HIPAA-compliant host also means that you can take advantage of all the features that are offered on the platform. In most cases, this includes advanced security controls, malware prevention, and a 99.9 percent uptime guarantee. Not to mention the lower cost of shared hosting on a HIPAA-compliant host.