We've been reaching out to dental practices in our backyard of San Francisco recently and we've run across some of them using Just Host for their email service. Just Host caters to those who are looking for affordable web hosting made easy. If a HIPAA entity is using Just Host for their web hosting and Just Host also includes email hosting, the question naturally arises: Is JustHost a HIPAA Compliant Email provider?
We’ve covered in previous posts that a Business Associate Agreement is a written contract between a covered entity and a Business Associate. It is required by law for HIPAA compliant email. We searched the Just Host website and we immediately found an answer about their support for HIPAA entities. If you look at Section 18 of their Acceptable Use Policy, you'll immediately see Just Host is not HIPAA compliant:
Just Host Acceptable Use Policy - Section 18
We also found a Help Center article on their website that makes another mention of their lack of support for HIPAA entities: "Is Just Host HIPAA Compliant" "You may NOT use our Services for hosting “protected health information” under the federal HIPAA law and related regulations. Other hosting providers may specifically price and offer “HIPAA compliant” hosting services, which typically are more expensive, and involve the hosting company signing a “Business Associate Agreement.” We do not offer such a product at this time. We do not sign Business Associate Agreements. Storing “protected health information” on our servers constitutes a breach of our User Agreement and is an unauthorized use of our Services. Our Services are not represented to be HIPAA compliant, and you may not use them for such purposes."
Thanks to their helpful documentation, this is an easy one: Just Host is not in the business of providing HIPAA compliant email.