Covered entities have a responsibility to ensure that patient data is protected. This also includes any data that your website may acquire. That's why it's so important to choose a HIPAA compliant web hosting provider since many of them don't implement the proper safeguards. One of these options includes Acquia, so let's take a look at the platform and determine if it's HIPAA compliant.
What is Acquia?
Acquia is a digital experience platform with a suite of products that help you build, host, and manage Drupal-based websites. Drupal is an open-source project, which means security isn't always the best quality. However, Drupal can be HIPAA compliant if a web hosting company covers the HIPAA security requirements.
READ MORE: How to Make Sure You Have a HIPAA Compliant Website
Is Acquia HIPPA compliant?
Acquia claims on its website that "The Acquia Cloud Platform meets the requirements of the HIPAA Security Rule and HITECH for electronic Protected Health Information (ePHI) ."
The platform has several security features, including:
- Multi-factor authentication
- Vulnerability management
- Disaster recovery and site backups
- Constant security monitoring
- Restricted file permissions
- Layered firewalls
Covered entities must also be sure to obtain a business associate agreement (BAA) from all business associates. The BAA covers the responsibilities of the business associate when handling ePHI. If a business associate is not willing to participate in a BAA, it is automatically not in compliance with HIPAA. Acquia makes no mention of BAAs on its website, including in its " Subscription and Services Agreement" and " Terms of Services " pages.
Conclusion
Acquia may have the security features to be considered HIPAA compliant, but we could find no mention of signing a BAA. Acquia is not HIPAA compliant without BAA documentation. We recommend that healthcare providers confirm with Acquia whether or not the company will indeed sign one.
READ MORE: HIPAA Compliant Email: the Definitive Guide