Just so you know
WordPress offers a variety of website security features, but it’s unclear whether the controls are sufficient to meet HIPAA regulations.
It is possible to meet specific HIPAA standards in WordPress, but this process is complicated. Controls must be in place to prevent unauthorized access to the administration control panel and PHI. Additionally, transmission security controls are necessary to encrypt data in transit and secure information at rest.
If covered entities choose WordPress for website design and content management, they should be careful before considering uploading PHI to the site.