We’ve been asked to figure out whether SiteGround services can be used in a HIPAA compliant manner.
We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud-based services in this sector.
Today, we will determine if SiteGround can provide HIPAA compliant email service or not.
SiteGround is a web and email hosting provider. It’s comprised of several companies registered in the USA, UK, Bulgaria, Cyprus, and Spain. The company manages three offices and offers hosting services in several data center locations around the world.
SiteGround and the business associate agreement
There’s a primary item to consider when it comes to SiteGround and its ability to provide a HIPAA compliant service.
First, let’s start with a quick recap of terms. The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that protects the privacy of individuals’ personal health information, otherwise known as protected health information (PHI).
As we’ve previously discussed, HIPAA applies to covered entities, which includes healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates of these covered entities. These are entities that perform certain functions or activities on behalf of the covered entity.
A business associate agreement (BAA) is a written contract between a covered entity and a business associate. It is required by law for HIPAA compliance. In the case of email hosted by SiteGround, they would certainly fall into the category of business associate if they are providing email hosting services to customers that would store, process, or transmit PHI on their platform.
We checked the SiteGround site for mention of their ability to sign a BAA.
We found the answer to our question on the following pages:
Here’s a snippet from their ToS page:
“The Services provided by SiteGround will not comply with the federal Health Insurance Portability and Accountability Act (“HIPAA”), hence SiteGround is not HIPAA compliant.”
Does SiteGround offer HIPAA compliant service?
The Business Associate Agreement (BAA) is a key component to HIPAA compliance between a covered entity and a business associate.
We were able to learn the following about SiteGround about their ability to be considered a HIPAA compliant solution:
- SiteGround clearly states it does not comply with HIPAA regulations
Conclusion: SiteGround is not HIPAA compliant. This includes both their email and web hosting solutions.