Squarespace is a popular website building and hosting platform that enables users to create professional-looking websites without requiring advanced technical skills. It offers a range of customizable templates, drag-and-drop tools, and features for designing and managing websites for various purposes, including portfolios, blogs, online stores, and business websites.
Squarespace also provides domain registration services, e-commerce functionality, analytics tools, and customer support to help users build and maintain their online presence.
Is Squarespace HIPAA compliant? Yes, Squarespace can be HIPAA compliant, but there are limitations.
Yes, Squarespace will sign a business associate agreement, which can be reviewed here.
The Squarespace BAA covers the use and disclosure of protected health information (PHI), stating, "Acuity is the only Squarespace feature currently designed to offer services consistent with HIPAA obligations. A qualified third-party information security consultant reviewed Acuity. The consultant validated that Acuity can meet the requirements of the HIPAA Security Rule.”
After careful examination of Squarespace's official website, it is evident that their BAA specifically extends to the Acuity Scheduling feature and excludes coverage for any other Squarespace features.
Their terms say,” Acuity is the only Squarespace feature currently designed to offer services consistent with HIPAA obligations. Your Business Associate Addendum (BAA) doesn't cover other Squarespace features. You shouldn't maintain or transmit Protected Health Information through Squarespace outside of Acuity.”
Squarespace may be HIPAA compliant under the following conditions: when used within a "Powerhouse Player" plan, exclusively employing the Squarespace Acuity Scheduling feature, and refraining from using any third-party integrations that could jeopardize HIPAA compliance.
Learn more: HIPAA Compliant Email: The Definitive Guide
A business associate agreement (BAA) is a legally binding contract establishing a relationship between a covered entity under the Health Insurance Portability and Accountability Act (HIPAA) and its business associates. The purpose of this agreement is to ensure the proper protection of personal health information (PHI) as required by HIPAA regulations.
The Health Insurance Portability and Accountability Act (HIPAA) sets national standards for protecting the privacy and security of certain health information, known as protected health information (PHI).
HIPAA is designed to protect the privacy and security of individuals’ health information and to ensure that healthcare providers and insurers can securely exchange electronic health information. Violations of HIPAA can result in significant fines and penalties for covered entities.
HIPAA applies to covered entities, which include healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates of these covered entities. These are entities that perform certain functions or activities on behalf of the covered entity.