by Sara Nguyen
Article filed in

Does Cloudways offer HIPAA compliant web hosting?

by Sara Nguyen

Does Cloudways offer HIPAA compliant web hosting? - Paubox

Cloudways is a popular cloud hosting provider. It offers fully-managed Amazon Web Services (AWS) hosting for building and scaling web applications. While AWS itself can be HIPAA compliant, does Cloudways offer the same compliance with HIPAA?

Cloudways and the business associate agreement

Covered entities often work with third-party providers like Amazon. But the business relationship changes when third-party providers store, transmit, or have access to protected health information (PHI). These third-party providers are known as business associates, and they have obligations to follow the HIPAA Security Rule and keep PHI secure.

It’s necessary for covered entities to sign a business associate agreement (BAA) with business associates. The BAA is a legal document that covers the duties and responsibilities of business associates to protect PHI from unauthorized parties.

If there is no BAA in place, then a vendor isn’t HIPAA compliant. 

Cloudways doesn’t mention on its website that it has a BAA or is willing to sign one. This may mean that Cloudways isn’t HIPAA compliant.

Cloudways and data security

Cloudways does have security protocols in place, including:

However, it doesn’t seem that personal data is protected according to HIPAA standards. In Cloudways’ Terms of Services, it says, “By providing us with or allowing us to access personal data relating to individuals other than yourself, you are letting us know that you have the authority to send us that personal data or the authority to permit us to access those data in the manner described in this privacy policy.”

Covered entities can’t send PHI to business associates without the proper safeguards in place, so it may be a HIPAA violation to use Cloudways.

Read more: The complete guide of HIPAA violations

Is Cloudways HIPAA compliant?

No, Cloudways may not be HIPAA compliant. The cloud hosting provider doesn’t seem willing to participate in a BAA, which automatically makes it non-compliant.

Choose HIPAA compliant vendors

Covered entities need to ensure they are working with business associates that follow HIPAA rules. Sending HIPAA compliant email may be a problem for you, but it can be easily remedied with Paubox. 

Paubox Email Suite lets you send automatically encrypted emails directly to a patient’s inbox. You can say good-bye to patient portals and third-party apps for secure communication.

Paubox is easy for your employees to use since it seamlessly integrates with popular email providers like Google Workspace or Microsoft 365. With a BAA included in every plan, Paubox is dedicated to keeping your email security in top shape.

Try Paubox Email Suite for FREE today.