Talk to sales
Start for free

Covered entities have a responsibility to ensure that patient data is protected. This also includes any data that your website may acquire. That's why it's so important to choose a HIPAA compliant web hosting provider since many of them don't implement the proper safeguards. One of these options includes Acquia, so let's take a look at the platform and determine if it's HIPAA compliant.


What is Acquia?


Acquia is a digital experience platform with a suite of products that help you build, host, and manage Drupal-based websites. Drupal is an open-source project, which means security isn't always the best quality. However, Drupal can be HIPAA compliant if a web hosting company covers the HIPAA security requirements. 

READ MORE: How to Make Sure You Have a HIPAA Compliant Website


Is Acquia HIPPA compliant?


Acquia claims on its website that "The Acquia Cloud Platform meets the requirements of the HIPAA Security Rule and HITECH for electronic Protected Health Information (ePHI) ."

The platform has several security features, including:


Covered entities must also be sure to obtain a business associate agreement (BAA) from all business associates.  The BAA  covers the responsibilities of the business associate when handling ePHI. If a business associate is not willing to participate in a BAA, it is automatically not in compliance with HIPAA. Acquia makes no mention of BAAs on its website, including in its " Subscription and Services Agreement" and " Terms of Services " pages.




Acquia may have the security features to be considered HIPAA compliant, but we could find no mention of signing a BAA. Acquia is not HIPAA compliant without BAA documentation.  We recommend that healthcare providers confirm with Acquia whether or not the company will indeed sign one.

READ MORE: HIPAA Compliant Email: the Definitive Guide


Try Paubox Email Suite for FREE today.

Start a 14-day free trial of Paubox Email Suite today