WordPress or Webflow? Yes! HIPAA Hosting? Maybe.
Tip #2 For Managing a Pharmaceutical or Biotech Website Redesign
TL:DR: Use WordPress or Webflow. Hosting: HIPAA-compliant or not? Depends.
The situation: Your pharmaceutical or biotechnology company is small but growing. And something noteworthy happened: it got funding, is about to announce results, launch a product or go public. It’s time for the next level of website.
You’re going to need a content management system (CMS) for your new website. WordPress and Webflow are fine.
You’ve heard of WordPress and maybe even used it. It remains the content management system of choice for most pharma and biotech company websites for a few reasons. First, a lot of agencies like Workbox know how to build sites on WordPress, so it’s easy to find developers to create and support your site. Also, a lot of people know how to use the content management system, so less training is required.
Drupal is another good CMS to consider. But, it’s a bit more complex and requires deeper developer skills, so the sites tend to require more resources (i.e., $). However, once your company gets to the size where it has a lower IT risk tolerance, you might eventually move to Drupal. But for smaller companies, it’s not worth it yet. Workbox builds sites on Drupal, too.
Another option is the website builder platforms like Webflow, Framer, Wix and Squarespace. From our perspective, Webflow is the most appropriate platform for pharma and biotech companies for three reasons: (1) It’s customizable enough, (2) a lot of agencies and developers know how to build on it, (3) it’s pretty darn easy for regular folks to use to make edits to the site. Workbox also builds sites on Webflow.
You should consider that websites built on Webflow, Framer, etc., are hosted on the service’s servers and that none of them are HIPAA-compliant, at least at the time of writing this article. That’s a dealbreaker for many pharma sites. However, you can get around this by using HIPAA-compliant services to handle data gathered through your website.
Speaking of HIPAA-compliance, you might need HIPAA-compliant hosting for your website. Some IT departments require it for all sites, regardless of whether PII or PHI is stored on the server or not. We don’t think it’s necessary for smaller pharma and biotech companies – unless you have a custom form on your website.
For most sites, the decision to require HIPAA-compliant hosting comes down to forms. We believe that if you exclusively use 3rd party forms that are embedded in your site, it doesn’t need HIPAA hosting on your end. The data goes directly to the 3rd party and is never stored on your web server.
However, if you have a custom form on the site that collects data or sends email, although the data is stored on the site for microseconds, we recommend HIPAA-compliant web hosting. We know the hosting is a lot more expensive, but this is definitely a case of “better safe than sorry.”
There are lots and lots of solid WordPress hosting providers, but we like:
Non-HIPAA hosting: WPEngine
HIPAA-hosting: Liquid Web
Also, Webflow has service providers that manage HIPAA type content.
If you have a service you love, we’d very much like to hear about them!
We’ll cover WordPress plugins and details about email HIPAA in upcoming articles.
> Back to the Pharmaceutical and Biotech Website Redesign: 10 Tips For New Sites article.
> Back to the Who Manages Your Domain? article.