This week we got asked about EarthLink email and an organization’s ability to use in a HIPAA compliant manner.
We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud services in this sector.
In previous posts, we’ve covered the following cloud solutions and their capabilities for HIPAA compliance:
- Adobe Campaign
- Amazon Alexa
- Amazon CloudFront
- Apple iCloud
- Apple iMessage
- Citrix ShareFile
- Constant Contact
- Google Analytics
- Google Calendar
- Google Docs
- Google Drive
- Google Forms
- Google Hangouts
- Google Hangouts Chat
- Google Slides
- Google Voice
- Microsoft Exchange
- Microsoft Teams
- Office 365
- Return Path
- Uber Health
Today, we will determine if EarthLink offers HIPAA compliant email service or not.
SEE ALSO: HIPAA Breaches and Cloud Providers
Along with internet access, EarthLink provides email and web hosting to customers throughout the United States.
EarthLink and the Business Associate Agreement
We’ve previously talked about how a Business Associate Agreement is a written contract between a Covered Entity and a Business Associate. It is required by law for HIPAA compliance.
We checked EarthLink’s site and found the answer we were looking for on the EarthLink Policies and Agreements page.
On that page, when the Web Hosting and Domain Name Registration Service Agreement link is clicked, they state:
3. Services Not Intended for Use by Covered Entities
Unless expressly set forth in the description of the Services on http://www.earthlink.net/web-hosting/ or www.earthlinkweb.net or all subpages thereto , the Services are not intended for use by covered entities or business associates to create, access, transmit, or maintain protected health information that is subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). You agree that you have reviewed the descriptions of the Services on http://www.earthlink.net/web-hosting/ or www.earthlinkweb.net and their subpages and understand the intended use of the Services that you are purchasing. You also agree that unless a Service description expressly states that the Service is “HIPAA Compliant,” you will not use such Service to create, access, transmit or maintain any protected health information. Any violation of this Section 3 is your sole responsibility. EarthLink and its affiliates, subsidiaries and licensors will have no liability with respect to your violation of this Section 3.
Does EarthLink Offer HIPAA Compliant Email Service?
The Business Associate Agreement is a key component to HIPAA compliance between a covered entity and a business associate.
We quickly discovered that EarthLink is not in the business of providing HIPAA compliant email or web hosting.
EarthLink email is not HIPAA compliant.