Are You HIPAA Compliant?
No, we are not HIPAA-compliant.
You may NOT use our Services for hosting "protected health information" under the federal HIPAA law and related regulations. Other hosting providers may specifically price and offer "HIPAA compliant" hosting services, which typically are more expensive and involve the hosting company signing a "Business Associate Agreement." We do not offer such a product at this time.
We do not sign Business Associate Agreements. Storing "protected health information" on our servers constitutes a breach of our User Agreement and is an unauthorized use of our services. Our services are not represented to be HIPAA compliant, and you may not use them for such purposes. Our User Agreement expressly states:
We are not "HIPAA compliant." Users are solely responsible for any applicable compliance with federal or state laws governing the privacy and security of personal data, including medical or other sensitive data. Users acknowledge that the Services may not be appropriate for the storage or control of access to sensitive data, such as information about children or medical or health information. Bluehost does not control or monitor the information or data you store on, or transmit through, our Services. We specifically disclaim any representation or warranty that the Services, as offered, comply with the federal Health Insurance Portability and Accountability Act ("HIPAA"). Customers requiring secure storage of "protected health information" under HIPAA are expressly prohibited from using this Service for such purposes. Storing and permitting access to "protected health information," as defined under HIPAA is a material violation of this User Agreement, and grounds for immediate account termination. We do not sign "Business Associate Agreements" and you agree that Bluehost is not a Business Associate or subcontractor or agent of yours pursuant to HIPAA. If you have questions about the security of your data, please contact our Technical Support team.