In this episode of the HIPAA Vault Show, we dive deep into the real costs of using WooCommerce for HIPAA-compliant healthcare ecommerce. Whether you’re considering WooCommerce or evaluating your current setup, this episode provides crucial information for healthcare businesses looking to make informed decisions about their ecommerce platform.
For more information on HIPAA Vault, visit our website!
Do you have any remaining questions, requests, or just want to chat with us? Email us at podcast@hipaavault.com!
Transcript:
Adam
Hello and welcome to the HIPAA Vault show, where we discuss all things HIPAA compliance and cloud technology. My name is Adam Zeineddine, your host. And joining me as always, is my co host and founder of HIPAA Vault, Gil Vidals. Gil, I’m looking forward to talking about woocommerce websites with you today.
Gil
Yep, I’m happy to be here today and excited to talk about the insights on the costs of using woocommerce for online medical and healthcare stores, and especially when it comes to HIPAA compliance.
Adam
Yeah, that’s a great place to start. A lot of healthcare businesses are drawn to woocommerce because it’s a free plugin, but there’s a lot more to consider, especially regarding HIPAA compliance. So can you walk us through the costs?
Gil
Sure, sure. So woocommerce is a plugin to WordPress and it does have a free tier that’s that you can get. So that gives the illusion, okay, I don’t have to pay for this and all this great shopping experience for free, you know, no cost. Well, to secure the environment around that plugin, it does cost to do that to be for the environment is HIPAA compliant. And we can start with the infrastructure that is the HIPAA compliant hosting, which I think is a crucial part for protecting the website.
Adam
How much should businesses expect to pay for HIPAA compliant hosting?
Gil
Let me start off by saying that when it comes to compliance, that’s going to cost you more, significantly more than if you went one of these places like Wix or Godaddy where you can get for $20 a month, some hosting, where there’s no compliance. So I would say the cost would start at around $500 a month. And keep in mind that it hasn’t always been 500. It was a lot less before COVID And it’s been dramatically going up as inflation has been rising. We all know the sad story, inflation. So that 500 price, I say, is pretty relevant today’s pricing.
Adam
Yeah, and that’s a substantial cost right from the start. So what other expenses should businesses in healthcare be aware of?
Gil
Well, beyond the hosting, you know, there’s a security measures that are included with the hosting provider, the infrastructure provider. Besides that, you’ve got the domain name. So let’s say you have a brand new healthcare application. You have to go out and buy a domain name. Now that’s not very expensive. That would be about fifteen to twenty dollars a year. And then you would need to get a theme for your woocommerce plugins. You want a compatible theme when I say theme, I mean the WordPress theme. That’s the color schema, the layout. You want that to be compatible with your woocommerce plugin. And those are going to cost roughly $50 per year. And that’s important to pay for those themes. You know, your goal shouldn’t be to get everything for free, because as I say, you get what you pay for.
Gil
You want to be able to pay so you can get support. And I think that’s important.
Adam
Yeah. And then there’s extensions and plugins that also come with associated costs. Right? What, what would those extensions be? And give us some examples of the costs associated.
Gil
Okay. If your healthcare operation, your shopping cart, involves shipping, then you need to get a shipping calculator plug in. Those could be about $79 a month. That’s the one that tells you, or tells the prospect that’s on your shopping cart how much it could cost to ship, you know, ups to wherever they’re located. So that’s about $79 annually. The other one is a subscription management one where, let’s say you’re selling something where they’re subscribing to a health, some kind of health related subscription that could cost about $200 a year. And so that manages the subscriptions that your clientele needs in order to renew whatever you’re selling them, assuming that it’s subscription based healthcare app. So that’s 199 for that. And then the shopping or the shipping calculator, about $80.
Adam
Yeah, those functionality related costs add up quite quickly. Are there any other HIPAA related expenses to consider that may or may not be included in the hosting?
Gil
Yeah, so besides the domain name that we mentioned, the domain name, when people hear that, they think, oh yeah, I want my domain to be what they desire, and that’s going to allow you to get on the web and go to that website. But that doesn’t include the secure security certificate. So that’s what gives the security behind the s and HTTPs. So that secure socket layer certificate, that certificate which does the encryption of the information flowing between your customer and your website, that’s going to cost you know, anywhere from $50 to $150. There is a less encrypt which can, which is a good free solution. So if the provider can give you a lesson crip certificate, that potentially could be a free option. So I think those are some of the costs involved.
Gil
And as you can see, you’re going to spend several hundreds of dollars per year on this.
Adam
Sounds like the costs are significant. How would you advise healthcare businesses to approach the budgeting aspects for HIPAA compliant e commerce woocommerce stores.
Gil
Yeah, one thing that we haven’t talked about so far, Adam, is the traffic. And so if you’re brand new and you know you’re going to be doing this with the grassroots type of scenario, you know, where you’re picking yourself up by the bootstrap and it’s going to be very slow at the beginning, you know, get your first customer, then your site requirements will be minimal in terms of how much traffic and how robust the hosting needs to be. But if you are going to be spending lots and lots of money of investors and they’re going to be putting ads everywhere, even a new site might garner a lot of traffic and you need that site to be running 24/7 you can’t afford any downtime, so you need to factor that in.
Gil
So just very rough ballpark figure if you’re doing a basic site, you know, like a HIPAA vault, we have a WordPress hosting for protecting Phi data that could cost you as little as $99 a month. But clients that need and have a need for lots of traffic and uptime that’s continual, you know, they’ll be paying anywhere from $1000 to $2,000 more a month depending on the architecture. But if you just wanted a round number, you could say, well, you should be budgeting about $500 per month for HIPAA compliant hosting, plus an additional one to 2000 for the necessary extensions. The theme security measures and then more complex stores could easily cost an extra 6000.
Adam
Yeah, so it is a significant investment, obviously, as you said, for businesses growing organically. What’s the main takeaway for listeners regarding? Well, first, do you agree with that? And then what’s the main takeaway for our listeners regarding Woocommerce and HIPAA compliant ecommerce stores?
Gil
I think the main takeaway is that even though it’s attractive to the eye to say, oh, I get a free widget, a free plugin, that’s really not the total cost of ownership. So you want to think about the TCO, what’s my total cost of ownership, including all the things we mentioned in this podcast? And so you really need to consider that. So you have a comprehensive plan and you’re not surprised by the cost for that. But having said all that, Woocommerce setup can still be cost effective, especially if you have some in house technical expertise or you hired a consultant. That’s a woocommerce could be a good option. And for others, maybe a more all inclusive HIPAA compliant e commerce platform.
Gil
You know, there are platforms that focus on just e commerce and then you just move into there and they would have a subscription price where everything’s included and that’s, that could be another way to handle that as well.
Adam
Great insights, Gil. Let’s do a quick recap, if I may, for our listeners. The key points we covered today, woocommerce is free, but HIPAA compliant hosting adds additional cost. Additional costs for themes, plugins and HIPAA specific tools can easily exceed an extra thousand per year. Ongoing expenses for security updates and staff training needs to be factored in and the TCO total cost of ownership, including all HIPAA compliance measured, should be the focus when considering an e commerce platform for healthcare. Does that cover the main points there?
Gil
Gil? Yeah, that was a great summary, Adam. I would like to add just another one more point is that once a year it’s pretty common security practice to scan the website looking for vulnerabilities. So that’s something that can be done by either the provider, the hosting provider, they probably would do that. You can ask for that report or if it’s an extra charge or something, that you do want to have that and you do want to have that report on file, you want to take a look at it and see what it says. I would add that to the list as well.
Adam
Excellent. Thanks Gil, and thank you so much for tuning in to the HIPAA vault show. If you want to learn more about HIPAA compliant solutions, be sure to subscribe to the channel. Until next time, stay secure and HIPAA compliant.