Covered entities have a responsibility to ensure that patient data is protected. This also includes any data that your website may acquire. That's why it's so important to choose a HIPAA compliant web hosting provider since many of them don't implement the proper safeguards. One of these options includes Acquia, so let's take a look at the platform and determine if it's HIPAA compliant.
What is Acquia?
Acquia is a digital experience platform with a suite of products that help you build, host, and manage Drupal-based websites. Drupal is an open-source project, which means security isn't always the best quality. However, Drupal can be HIPAA compliant if a web hosting company covers the HIPAA security requirements.
Is Acquia HIPPA compliant?
The platform has several security features, including:
- Multi-factor authentication
- Vulnerability management
- Disaster recovery and site backups
- Constant security monitoring
- Restricted file permissions
- Layered firewalls
Covered entities must also be sure to obtain a business associate agreement (BAA) from all business associates. The BAA covers the responsibilities of the business associate when handling ePHI. If a business associate is not willing to participate in a BAA, it is automatically not in compliance with HIPAA. Acquia makes no mention of BAAs on its website, including in its " Subscription and Services Agreement" and " Terms of Services " pages.
Acquia may have the security features to be considered HIPAA compliant, but we could find no mention of signing a BAA. Acquia is not HIPAA compliant without BAA documentation. We recommend that healthcare providers confirm with Acquia whether or not the company will indeed sign one.
READ MORE: HIPAA Compliant Email: the Definitive Guide