" wordpress Archives - LuxSci

Posts Tagged ‘wordpress’

WordPress & HIPAA – can these coexist?

Monday, October 23rd, 2017
For a deep dive, see our white paper: Securing WordPress

As we discussed in an earlier post, WordPress, despite its vulnerabilities, is the world’s most popular content management system for both blogging and creating web sites.  It is popular because it is quick to set up, easy to administer, with a very large choice of plugins for add-on functionality, and themes for making the sites look good.  As a result, many LuxSci customers use WordPress in one fashion or another for their web sites hosted at LuxSci.

As LuxSci caters to a large segment of customers who have specific compliance needs, specifically HIPAA compliance, we are frequently asked about using WordPress in a medical provider setting. Given the information about WordPress vulnerabilities, the question usually asked is whether a site created using WordPress can secure access to electronic protected health information (ePHI) in a way that meets the requirements of the HIPAA-HITECH regulations.

WordPress for HIPAA-compliant sites?

Such questions are reasonable because although WordPress has many great features that make it quick and easy to get a web site running, it is still a third-party tool which is not specifically designed to conform to HIPAA standards. When using any third-party software, you should be aware of the associated risks that are out of your control. Vulnerabilities in WordPress can disrupt your site’s availability, perhaps even lead to a breach of protected and private information. Even if it is the WordPress software that’s at fault, the responsibility for any security lapses still falls on the site owner.

However, it is not all doom and gloom. The short answer to the question posed in the title of this post is “yes”. It is possible with care to build a site with WordPress (including plugins and themes) that is secured in a way that meets the requirements of the HIPAA security rules. The remainder of this post will discuss how this might be achieved.

Read the rest of this post »

Securing WordPress sites

Tuesday, October 17th, 2017
For a deep dive, see our white paper: Securing WordPress

We have written posts describing WordPress vulnerabilities and the methods hackers use to exploit these. In this post, we describe steps by which a web site owner can mitigate the risks of using WordPress as a content management system. After all, it cannot be denied that WordPress remains the most user-friendly tool for creating and managing both large and small websites, as shown by its enormous adoption rate.

There is a very rich literature describing WordPress vulnerabilities and ways to harden a system against exploits. Here we distill some of these learnings into a practical guide for WordPress-based web site owners. We specifically have in mind small to medium-sized medical practices that wish to use WordPress to create (or maintain) their online portal for patients. In a future post, we’ll describe how such steps can meet HIPAA-HITECH guidelines for safeguarding electronic protected health information (ePHI).

We describe these steps in a layered way – starting at the bottom with the hosting server infrastructure, before moving to the WordPress platform itself and other applications.

Read the rest of this post »

Embedding SecureForms into WordPress using an iframe

Monday, March 14th, 2016

WordPress is an incredibly popular Web site management and blogging platform.  Customers inquire of LuxSci frequently about the best way to add forms to their WordPress pages and posts.  Not just any forms — complex forms that can be HIPAA-compliant and which can submit data securely through SecureForm.

There are numerous options here.  The two most popular are GravityForms and embedding forms with an iframe.  GravityForms is popular and very cool, but not free.  Also as GravityForms is complex and really wants to manage all of your form data itself (insecurely), integration with SecureForm is limited:

  • Multiple forms on the same page can be tricky
  • Ink Signatures can not be captured
  • File uploads can not be captured

Another alternative, which is free as it is included with your SecureForm service, is to:

  1. Build your form with SecureForm FormBuilder
  2. Embed this form into your WordPress page or post using an iframe

What is an “iframe?”  it is a tool that allows you embed one Web page within another Web page.  When you build a form with FormBuilder — that form is automatically saved and hosted securely for you and you are provided with the Web site address (URL) for that form.  All you need to do is to “insert” that hosted form into your WordPress page/post and you are all set.  All FormBuilder features are then also supported: Ink Signatures, file uploads, geolocation, etc.

Read the rest of this post »

WordPress for HIPAA and ePHI? Is that a good idea?

Tuesday, February 12th, 2013
For a deep dive, see our white paper: Securing WordPress

WordPress is an extremely popular content management system for both blogging and creating web sites.  It’s popular because it is quick to set up, easy to administer, has a very large supported base of add-ons, and looks good.  As a result, many LuxSci customers use WordPress in one fashion or another for their web sites hosted at LuxSci.

As we cater to a large segment of customers who have specific compliance needs, e.g. HIPAA compliance, we frequently are asked about using WordPress with ePHI … e.g. using WordPress to provide access to protected health information for members of the WordPress site.

Can this be compliant?  Is it a good idea?

Read the rest of this post »

LUXSCI