HIPAA Compliant WordPress Hosting - Requirements for HIPAA WordPress hosting

HIPAA Compliant WordPress Hosting

If your WordPress website interacts with anyone’s electronic protected health information (ePHI), ensuring that your WordPress website is HIPAA-compliant will be critical to your long-term success. By choosing to host your website on Atlantic.Net’s servers, you can rest assured that your data and interactions between devices are shielded by a tough security layer. Furthermore, our installation process is fast and easy, and the entire infrastructure is HIPAA-compliant.

HIPAA WordPress Hosting Features

To help you meet and even exceed the parameters of the HIPAA Security Rule for your WordPress site, Atlantic.Net guarantees you the following protections:

Fully managed firewall

Our full spectrum firewall guards your network’s periphery against malicious intruders from implementation to a round-the-clock log monitoring. In addition, Atlantic.Net will maintain close oversight of your network gateway points, a robust security response in the event of a breach, and regularly scheduled device health checks.

Intrusion detection system

Different from a firewall, IDS monitor network traffic for abnormal activity, such as late-night logins or access to files by unauthorized agents. This security layer compliments the firewall by scanning for attacks that come from within the network. Our IDS meet certification requirements and is in compliance with the American Institute of CPA’s SOC 1, SOC 2, or SOC 3 (SSAE 18).

Encrypted VPN

This service protects your data transmission by sending it via an encrypted VPN tunnel. Additional services include SSL web certificates to validate ownership for sites that house access points to sensitive data and client connections.

Encrypted backup

Our encrypted backup service takes your HIPAA compliance to the next level, automatically encrypting your data before it is written to a disk using Advanced Encryption Standard 256-bit. Here, each encryption key used to conceal data is encrypted with master keys. AES-256 is the only publicly accessible encryption cipher that’s been approved by the National Security Agency (NSA) to protect top secret information.

Log management system

Critical to meeting HIPAA compliance requirements, our log management service oversees the full administration of transmission, analysis, storage, archiving and disposal of your log data.

WordPress Installation in Seconds

Using Atlantic.Net’s One-Click Install, you can install your WordPress website in seconds. All you have to do is choose name, size and location of your server, select the WordPress application, and you’re done! Once your installation is complete, you’ll receive a link to begin setting up your website.

The WordPress application is housed on a LAMP stack using Ubuntu 14.04 LTS. As an option, you can add your SSH key and select backups.

Other requirements for HIPAA Compliant WordPress hosting

Making sure your WordPress instance is hosted on an secure and stable infrastructure is the first step to ensuring that your WordPress website is HIPAA-compliant. Here are other steps you should take:

Risk Analysis

Risk Analysis is still a requirement of the HIPAA Security Rule, so by gathering the necessary knowledge, you are attending to this critical compliance step and taking proactive steps to minimize liability.

To assess the current risks that may be present to your system, you should first clarify the purpose of your WordPress site. Will it be publicly accessible, or was it created for internal purposes? Will you be processing, storing, or transferring any type of ePHI? What security controls and policies are in place to safeguard your data? And finally, what does the threat landscape look like and what are the potential impacts of those threats on your organization?

Tools and Plugins

To round off the security process, make your WordPress site meet the following five key control requirements:

Access control

WordPress offers a combination of security configurations to help you prevent unauthorized parties from accessing your data. You can modify user roles, or use a plugin module to disable access to certain users.

Audit controls

Audit controls allow you to deploy equipment, programs and processes to monitor access points and behavior within IT portals that contain highly sensitive ePHI.

Integrity controls

To make sure that the integrity of your data is maintained at all times, install a tool that verifies and reports that no alteration or destruction of data is taking place.

Person or entity authentication

Include an authentication method to verify the identity of the person or entity that is accessing your data. At the minimum, confirm that the privileges are valid and transmission devices sound.

Transmission security

Add a layer of transmission security to protect against the possible compromise of the electronic protected health information flowing through the system.