For small businesses, including medical offices and clinics, Wix is a compelling option to help set up a simple, affordable website. But is it HIPAA compliant?
What is Wix?
Founded in Israel in 2006, Wix hosts websites and offers a freemium model, where a basic site can be built and launched for free. Various upgrades can then be purchased, from removing ads to using a custom domain name to adding other features. You don't need to know how to code to use Wix, as its site builder allows anyone to create and adjust designs via a drag-and-drop, type as you go WYSIWYG interface. For operations that qualify as covered entities under HIPAA, however, it's important to determine which of the products and services you use need to be HIPAA compliant.
What does Wix say about HIPAA compliance?
The extensive Wix Help Center does not appear to mention HIPAA at all. While you can find articles on PCI compliance (for secure payments) and GDPR and CCPA regulations (privacy laws in the European Union and California), the company doesn't offer specific guidance on things like handling protected health information (PHI) or signing business associate agreements. A review of the Wix privacy policy, Data Processing Agreement, and general Terms of Use shows that they also do not reference HIPAA.
Is Wix HIPAA compliant?
It doesn't appear as if Wix offers any means by which its web hosting services, paid or not, can be deemed HIPAA compliant. One notable exception is the fact that Wix also offers email service along with its websites, powered by Google Workspace. Google Workspace email can be made HIPAA compliant when partnered with a HIPAA compliant email solution such as Paubox Email Suite. In addition, as the free level of Wix website service includes third-party advertising, it's impossible to know whether visitors to your Wix-powered site may be prompted to disclose personal information, or even identify which advertisers your visitors may be exposed to. Wix offers an Enterprise level of service, promising "Enterprise Grade Security" and "Privacy Regulation Compliance," although getting more details requires a sales call. It may not be possible to configure a fully-provisioned Wix website to avoid HIPAA violations.
Conclusion
While a popular and affordable option for hosting a website, Wix does not support HIPAA compliance. Because its email service is powered by Google Workspace, however, that component can be configured to be HIPAA compliant. If your website will be an important part of your business, attracting new customers and supporting existing ones, you may need to find another provider.
Subscribe to Paubox Weekly
Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.