WordPress itself is just software, neither compliant nor non-compliant on its own. Compliance depends on how the site is built and hosted: whether your host signs a business associate agreement, whether forms collecting patient data are secured, whether access and audit controls exist, and whether plugins or tracking expose data they should not. Built correctly, a WordPress site can be HIPAA-conscious.


Leave A Comment