the answer for all question about Oxygen Builder plugin and WordPress

Hello, I am making a site for medical records, and I need administrators to be a

Hello, I am making a site for medical records, and I need administrators to be able to add users and that these are not publicly visible (for privacy reasons obviously) but they can be seen by both administrators and the owner of the profile.
I had thought about ACF and CPTUI and blocking the posts with a password, but this option also asks the administrators for a password, so it would be discarded, then I thought about putting the ACFs in the users’ profile, but this option allows the users modify the data in their file, and that should only be done by the doctor.
I came across the “WP User Manager” plugin that apparently does these things, but it’s already out of budget, and its free version doesn’t allow me to add ACF.
Anyone who knows of a solution to this, or a plugin that is free, or failing that is cheap?


  1. Aaron Gregg says

    Nothing dealing with medical records at all should ever be skimping on money. Ever.

  2. James LePage says

    Hi Eddy,

    My professional suggestion is to stay very far away from WordPress and medical records. If in the states, you must be compliant with HIPPA, and put yourself in a very bad position if the website ever gets hacked and these records leak.

    in terms of HIPPA, WordPress, nor any of the plug-ins are compliant with it. Virtually every single word press host also isn’t compliant, simply because they don’t want that liability on their hands.

    If you really want to use WordPress, I would suggest building a brochure site with the CMS and Oxygen, and then linking directly to a tool like (i’ve done this a few times – the benefit here is the the clients are high paying and the work on your end is minimal).

    I speak from experience, unless you have a large team underneath you, a project with a mid five figure budget, and direct access to a lawyer that you trust, medical Websites open you up to a ton of liability.

    Just speaking from what I’ve learned over the years, feel free to disregard if you already have a handle on this 🙂

  3. Artur Burkalo says

    You are better of doing a custom work with it, as you know how secure it will. It means writing own PHP code with security in mind, as a lot of developers skip that part.

    WordPress is secure but you’ll need ensure you do constant updates as it’s open source CMS, and everyone has access to the code to WordPress CMS.

    And would not install any additional plug-ins, unless the ones that guarantee that their code is protected as it can be.

    On top of that you’ll need to ensure SSL is always active, you need server side scanning for any malware, and a premium plug-in like Sucuru to keep you protected.

    And if course follow a lot of other practices to minimise the risk of ever being hacked or information being leaked.

  4. Bryan López says

    If you’re in the USA, look into what entails HIPAA Compliance from your site, hosting, and the medical office/practice. We turned away a major project once we looked into what everything would entail (we could deliver on everything feature wise, not the HIPPA Compliant side) and with such a sensitive topic, we simply compiled and recommended a list of ready made subscriptions. Client was okay, and we continue to work on other things.

  5. Eddy Cerpa says

    You guys are scaring me hahaha, and sorry for my english, I speak spanish, it’s a dentist site and the data is not very sensitive. 2 or 3 pics of the mouth interior, name, adress and a few comments, but with your comments I will be more careful, thanks for the advice

  6. Erwan Manchec says

    I’m working on a similar kind of website. I just to the front part with WordPress, all sensitives data and med access are managed by a certified saas

  7. Carlos Rosario says

    Well, you’re touching e-procurement for maybe medical data.

    I tell you, do it only with the experts!

    You might land in an unwanted situation, that could cost you all you have.

    I say that because my friends and business partners developed that stuff for banks, civil services, and a whole country.

    Go for individual solutions, with secure servers, and professional procurement requirement process.

    That mean you must make an evaluation if your client want or not.

  8. Bradlee Alen says

    I don’t know what the laws in your country are, but if you were in the u.s. I would say that you’re clearly not qualified to be doing this and you should drop the client.

  9. Dino Latoga says

    to answer the question, i would just make a page with an ACF form for the administrators to submit entries. you don’t have to add the form on their individual profile.

Leave A Reply

Your email address will not be published.

Oxyrealm Docs