5 Reasons WordPress Won’t Support Your Hospital Website Long-term

Hunting for a digital platform

Exploring different digital CMSs is expected when you want to elevate your brand, site security and user experience. When comparing your options, it’s vital to consider your unique needs now and in the future for:

  • Content structure
  • Distinctive design
  • Administration ease of use
  • Evolving functionality features
  • HIPPA compliance
  • Navigation
  • Search engine optimization
  • Security
  • Technical support

The fact is, no two platforms perform the same on all these criteria. One of the most popular platforms in the globally is WordPress, with 37% of all existing websites on it. That’s because WordPress is a good fit for smaller agencies, bloggers and freelancers. What draws the majority to WordPress are the same reasons it can result in a downfall, especially when meeting healthcare system and consumer needs. Let’s take a look at five risks that come with using WordPress and how to avoid them.

#1: Plug-ins cause security vulnerabilities

Healthcare organizations are held to a higher standard than other industries when protecting web and user data. Even the most prolific web CMS out there, WordPress, is the number one target for hackers and virus developers because of outdated plugins.

There are over 54,000 WordPress plugins that allow you to customize and supplement your site. Plugins offer convenient enhancements to your site’s functionality but can be overwhelming and come with risks of technical problems and data breaches, especially if they’re not up-to-date.

With all of the plugin and theme providers compatible with WordPress, it’s becoming harder to be confident of where your organization’s and visitor’s data is going. That’s because many of the plugins don’t have compliance on their radar since they aren’t industry-specific. Because of the Health Insurance Portability and Accountability Act (HIPAA), it’s worth investing in a platform with established processes and audits around changes and upgrades.

Get healthcare-level security for your website CMS that:

  • Meets HIPPA compliance standards
  • Automatically encrypts sensitive information
  • Has security that controls access to content
  • Has a role-based security permission
  • Receives routine scans for vulnerabilities
  • Can easily create, manage and deploy inclusive, accessible online forms that meet the AAA standards for Web Content Accessibility Guidelines (WCAG)
  • Enable workflows that follow HIPAA-compliant form submissions best practices

#2: Common design themes

While WordPress offers thousands of themes to choose from that are easy to use when you want a modern, responsive site fast. The downfall is these convenient themes may make your site look like everyone else’s and not effectively tell your brand’s story.

Don’t limit your design capabilities because of a quick start-up option. Web design is a way to effectively bring your brand to life and connect with your community. Some organizations can take an off-the-shelf WordPress theme and still customize it to their unique needs or find a healthcare-specific CMS that offers fast-to-launch design options built on healthcare user best practices.

If your team doesn’t have a deep bench of designers, you want to partner with industry-leading designers and developers that have experience:

  • Building designs that respond to new technologies and mobile devices
  • Helping visitors complete their top tasks with a responsive design
  • Improving their bottom line by acquiring new patients
  • Keeping user experience top of mind while still executing award-winning and eye-catching designs
  • Reflecting organization’s brand online by showing what makes them unique in the market

#3: Poor content & SEO management

When it comes to small-scale content needs such as a blog or a retail shop with a few pages, WordPress is a well-suited fit because there is no real need for content structure. However, organizations that use WordPress and have a high volume of pages often over tag categories for their content. Google flags these pages as duplicate content, which significantly affects a site’s ranking in search.

Don’t let your CMS hold you back. If you’re like most hospitals, your website has hundreds of pages, and you’d benefit from a CMS that supports real content strategy. That’s because your content strategy serves as your playbook on how content will be developed, created and maintained to make sure your site visitors can quickly find the information they need. It will also dictate how your site connects with your other digital efforts like microsites, portals and blogs.

Look for a CMS that offers an intuitive content structure, so you and your team can easily manage the hundreds of pages of content your website has without any complex issues. Your team’s investment for content management should include:

  • Comprehensive site search and findability
  • Content versioning and rollback
  • Dynamic content and taxonomy
  • Flexible page layouts
  • Intuitive page authoring
  • Governance tools
  • Media library and the file management
  • Multi-site and microsites capabilities
  • Publishing approval workflow
  • Redirect management
  • Reusable content panels
  • Scheduled content publishing and removal
  • Separate development, staging and live environments with role-based permissions
  • Site navigation

#4: Page builders result in poor UX

Organizations on WordPress enjoy the freedom to build interior designs with page builder tools that are flexible and easy to use. Unfortunately, the downside of page builders is that they make it all too easy to create busy, inconsistent experiences for your users. Page Builders have a larger learning curve than you’d expect and often still require some coding knowledge to execute properly. Plus, they don’t always play well with the selected themes. Unless you have a team of web designers and web developers, WordPress page builders can easily negatively affect design and content, two essential elements that make a good website.

Another area organizations struggle with when using page builders is that web administrators often don’t set up their content types in advance. Content types are a critical consideration when you’re developing multiple pages of similar content. As your team expands and technologies change, consistent page templates become an efficient tool for building compelling, expected experiences for your users. Content strategy and user experience (UX) design can help your team determine the best-case scenario for each type of interior page and build recommendations for use cases, layouts and optimal user journeys.

For example, developing content types in WordPress to create individual page templates for different categories — such as blogs, service lines, and locations — ensures each content type has its own look and feel while staying consistent in the experience.

In summary, the cost of a page builder’s simplicity comes with the risk of:

  • Complicated, dense code
  • Limited content, design and functionality
  • No control of usability nor accessibility
  • Not fitting your long-term needs
  • Poor search engine optimization
  • Slow site speed

#5: Code chaos

If you only have one member on your team who understands how your website’s code works, you may have trouble keeping up—and potentially fall behind if that person leaves. When you don’t know how to access your website’s code or understand code, you lose control over design, source and database files, security and functionality. Not knowing code will result in you being inefficient when using page builders. That’s because updates you could do all at once will have to do one by one, like redirects or editing an element that exists on several pages throughout your website.

Any time saved at the beginning from WordPress likely results in more time in the future. If you’re using a WordPress theme, you have to be sure and avoid making changes to the code through the theme editor. Changes to code in the theme editor can introduce problems and risks into ongoing maintenance down the road.

When you use a production or staging environment, you can manipulate code or functionality before pushing it to your live site. It’s essential to have people on your team who know code or partner with a digital agency that does. Then you can be sure there’s a code review process in place to pick apart things that might go wrong while testing your production site in as many browsers and devices as possible.

There’s a better way

The good news is, there is a better CMS option designed specifically for hospital websites. Our popular VitalSite web CMS can help your healthcare brand thrive with a distinguished website that supports your current and long-term digital strategy.

When you build a site for where you’re going, you’ll stay on track and on-trend. Start by knowing your budget, strategy, resources and team’s skillset. Then ask yourself:

  • What are your organization’s goals for the coming year?
  • What are your most important marketing initiatives?
  • How can the website support patient experience initiatives?

Asking and answering these questions with stakeholders and your C-suite will help your team know what your site should be – and what platform you need to get there.

See how healthcare organizations of all sizes have built result-driven healthcare websites on VitalSite, some even coming from WordPress:

Grow with Geonetric

Want to learn more about VitalSite and how to pick the right digital platform for your organization? Contact us – or ask for a VitalSite demo. We can help you create the right-size website to house your content and how to select the tools to keep your website current, flourishing and secure.

Discover CMS Platform That Boosts Your Outreach Team’s ROI

Let Philanthropy Thrive Around the Clock

Your community never sleeps, nor should your website. When you choose a robust digital platform like VitalSite, you can continue to raise funds, reach donors, and generate generosity while you focus your efforts elsewhere.

Savvy teams support their foundation’s initiatives with the right CMS because they can:

  • Build a user-friendly gift shop with eCommerce integration
  • Funnel donations 24/7 using secure, online forms
  • Use sophisticated taxonomy to display patient and donor stories in relevant areas throughout the website
  • Promote fundraising events that encourage the community to get involved

Lead the way with eCommerce

In most nonprofit hospitals, you’re likely to find a gift shop. That’s because these high-volume operations bring in significant annual gross sales. Especially since this thriving retail business is run by volunteers, reducing the overhead cost of operations. Not only do on-site gift shops attract patients and visitors, but employees also bring a steady flow of business, especially if you offer payroll deduction. Hospital employees value having a convenient place to shop or even to grab a snack while on break.

Get your gift shop online so that you can market your merchandise beyond the hospital foot traffic and invest the revenue back into your organization. Many industry leaders like Holzer Health System, turn to Geonetric to build an online gift shop to broaden their reach.

The Holzer Medical Center – Gallipolis location, a community-oriented hospital in Ohio with 266 beds, boosts sales by offering convenient, same-day delivery to on-site patients and staff.

Holzer's Online Gift Shop
With a vivid velocity in online retail, trends show that shoppers aren’t slowing down their spending. Tap into the market share by offering your products online.

Manage your inventory and sales with strategic categories such as:

  • Branded apparel for employees and volunteers
  • Floral arrangements like a seasonal bouquet in different sizes to fit every budget
  • Gift baskets for every occasion
  • Items without a shelf life such as stuffed animals, stationery, balloons and blankets
  • Home medical equipment without insurance coverage like brand name breastfeeding supplies, bathtub seats, and incontinence pads
  • Seasonal items to keep shoppers coming back for more

Protect donors with secure, online forms

We understand that community contributions are vital to support your health system’s overall growth and development. Our digital experts can help your foundation team optimize its online efforts to make essential projects, programs and services possible.

Make it easy for your web users to donate online with a secure online form build in Formulate. This form builder was developed explicitly for healthcare websites and follows the AAA standards for Web Content Accessibility Guidelines (WCAG) and can be used stand-alone or as part of VitalSite.

Forms that connect with your users help drive donations and engagement. Ozarks Healthcare’s form captures the crucial information needed for online donations and nothing more. This approach keeps users focused on the task at hand.

Your online donation form should offer a variety of giving options like:

  • Ability to give a gift anonymously
  • Dedicating a donation in honor of or memory of someone
  • Designation for donation
  • Estate giving

By understanding donor trends and the needs of your organizations, a platform like Formulate will help you access more donors online throughout your community.

Evoke emotion and build brand awareness with taxonomy

Keep your site visitors engaged with strategic taxonomy that uses cross-promotion throughout the site to show related foundation news, events and patient and donor stories.

Ridgeview has three Minnesota hospitals that serve the southwest metro region of the Twin Cities. Ridgeview’s award-winning medical website is built on VitalSite to allow for a high-quality digital experience that’s consumer-focused and user-friendly for all audiences across the Ridgeview system.

“We know that getting support from donors is more important now than ever before. That’s why we’re thankful to better engage our users with an improved design, navigation, and functionality,” Kelly Mulleady, Director, Ridgeview Foundation.

That’s why Ridgeview expands the reach of its foundation’s content with intuitive navigation and custom design, then keeps potential donors’ interest with content that evokes emotion.

Ridgeview News Article

Highlight what sets your foundation apart from others with:

  • Foundation news hub
  • E-Newsletter
  • Patient stories and videos
  • Donor stories and videos

Embrace events now and post-pandemic

Bringing your community of donors together during events helps strengthen relationships and support. Events help you raise awareness about your cause, provide donor recognition, build your donor base and pave the way for future events.

Major health systems’ foundations know the need for funds never stops. That’s why they choose VitalSite’s calendar module as the tool to organize and promote upcoming events. This calendar tool helps healthcare share their cause with their community and beyond to work towards one specific fundraising goal.

PIH Health in Whittier, California, takes advantage of VitalSite’s calendar module ability for users to search for a specific category that pique’s their interest. By integrating fundraising events into your calendar search your homepage’s prominent upcoming event scroll works as free advertising to your target audiences. Not only does PIH Health increase the reach of their events with calendar module, they capture emotion with slideshows and videos of past events.

PIH Health Events Page

You can continue to grow funds for programs, patients and your organization with in-person and virtual events such as:

  • Cash raffles
  • Golf tournaments
  • Health awareness
  • Seasonal celebrations
  • Silent auctions

Encourage people to participate in events by letting them know they can help by:

  • Becoming a sponsor
  • Attending the event
  • Giving monetary or in-kind donations
  • Becoming a volunteer

Build momentum

Get results like the leading organizations above with the right content management system (CMS), VitalSite. You’ll benefit from healthcare-specific functionality like event registration, eCommerce, content marketing and online donations that make it easy to reach the donors in your community. Contact us today – or request a VitalSite demo. The team at Geonetric is ready to help you with your digital needs.

Healthcare Website Security: 7 Best Practices to Follow

According to IBM, data breaches in healthcare were the most expensive of any industry at $9.23 million on average. And HIPAA Journal reports 2020 saw more healthcare data breaches than in any other year since reporting started. Breaches are happening more often and cost millions — not to mention that the average time to identify and contain a breach is 287 days. Non-compliance is simply not an option. So, how do you ensure your website is prepared?

Seven best practices to follow

Decreasing risks while protecting your patients’ data and your hospital brand must be a top priority. Evaluate your site on these seven areas to ensure your security and hosting environments are meeting required standards.

  1. Protect user data.
  2. Healthcare organizations must follow HIPAA guidelines, meaning you must comply with requirements to protect the privacy and security of health information. Your website should use secure sockets layer (SSL) technology to securely encrypt necessary page, form, transactional data, and protected health information (PHI) from the web browser to the server. PHI should be encrypted in transit and at rest. That means when it’s being transmitted between systems, such as data sent when a user submits a form, as well as when that data is stored for future use, often in a database. Online forms that accept user data should be managed using specific protocols to comply with HIPAA. Protecting the submitted data in forms is critical. Compliant content management systems (CMS) like VitalSite through form builders like Formulate capture and store specific information when your users view a form submission and creates an audit trail. It logs the user ID, date and time stamp, IP address, and location and state of the data at the time it was accessed.

    If you accept online bill payment or online donations, you must also be payment card industry (PCI) compliant and ensure debit and credit card information remains secure throughout the transaction process. Once submitted, payment data should be transmitted immediately to the payment processor and never stored.

  3. Protect administrative accounts.
  4. As part of staying in compliance with HIPAA, and to prevent unauthorized changes on your website, administrative accounts in the CMS must be monitored and protected. With VitalSite, passwords are encrypted and stored using SQL Server encryption. All of this ensures that it’s difficult for an attacker to access and use someone’s password. In addition, other safeguards, such as requiring strong passwords and periodic passwords changes, as well as locking inactive accounts, are also considered industry best practices for account protection.

  5. Stay up to date.
  6. One of the primary ways hospital websites fall out of compliance is by falling behind with CMS upgrades, updates, and security patches to the software administrators don’t see, including web servers, databases, programming languages and framework. Falling behind on updates and upgrades are common ways organizations that run on a platform like WordPress find themselves vulnerable with multiple plug-ins requiring their own updates and patches. Ensure you’re on the latest version of your CMS and look to partner with an agency that provides upgrades as part of the licensing, as Geonetric does with VitalSite.

  7. Review your network architecture.
  8. Whether you manage web hosting yourself or use an agency or third party, ensuring there are tools and processes in place to minimize the risk of a breach is essential. Especially today, where cyber-attacks are all too common. Areas to look for include redundant web application firewalls, intrusion detection systems, and systems to protect from common web attacks like distributed denial of service (D/DoS) and SQL injection.

  9. Ensure 24/7 uptime monitoring and support.
  10. Your web partner should know before you do that your site is down and respond around the clock with a team who can fix the problem regardless of whether it’s a server, network, software, or content issue.

  11. Protect from downtime with scalability.
  12. Reliable networks are more important than ever, which means having scalability in your network is essential – especially when you consider you never know when a surge in traffic will arise. Case in point: healthcare websites saw huge traffic surges as critical COVID-19 communications, testing, and vaccine announcements were released. These traffic spikes need to be considered before they happen. Without auto-scaling in place, availability can be disrupted from unexpected traffic surges or a failure in one part of the system, bringing down the entire site. With proper auto-scaling cloud infrastructure, your site will remain available without missing a beat.

  13. Require backups.
  14. If the worst happens, how much would you lose and how quickly can you be up and running again? These are the questions you should ask. At Geonetric, we perform a full backup of your entire site and database each day. Every 15 minutes we perform transaction log backups and save these for two days. In addition, daily backups are saved for a week; weekly backups are saved for four weeks; and monthly backups are saved for a year. We also perform database consistency checks nightly. It’s also important to ensure there is proper redundancy for quick recovery purposes.

Take security seriously

For many healthcare organizations, especially community hospitals and medical clinics, it’s hard for marketing and I.T. departments to get the privacy and security resources they need to comply with healthcare’s stringent regulations, making it harder for you to prevent and detect security incidents. And cyber-criminals know this – a 2018 report by The American Journal of Managed Care®, found that 37%of small and 36 percent of medium-sized hospitals had suffered at least one data breach from 2009 to 2016. While many executives at smaller organizations feel they are less likely to be targeted because of their size the opposite may very well be true – security gaps amongst this group make them more likely to be a target.

Some smaller healthcare organizations try to solve potential PHI vulnerabilities by removing functionality, but in the end, this hurts user experience and your ability to connect with patients at key moments. With the right partner you can have all the functionality you want plus the security you need.

Don’t take chances with your patients’ data or your brand – partner with an agency like Geonetric that takes security seriously. We’ll take that extra monitoring off your I.T. team’s plate and help ensure compliance with regulations. Contact us today to learn more about our security protocols and to see a demo of our VitalSite CMS or Formulate form builder.

Bonus: Security Questions

Now that you understand more about security best practices, here is a helpful list of questions you can download or reference to help you have more valuable conversations with potential partners.

Click to enlarge