Host Gator is a large provider of shared, reseller, VPS, and dedicated web hosting. It was founded in a dorm room at Florida Atlantic University by Brent Oxley in 2002. HostGator is headquartered in Houston and Austin, Texas, with several international offices throughout the globe.
We recently spoke with a covered entity who uses Host Gator for hosted email but would like to become HIPAA compliant with their email. They wanted to know if Paubox Encrypted Email would work with their service. The purpose of this post then, is to determine if Host Gator meets HIPAA compliant email requirements.
Is HostGator HIPAA Compliant?
The answer to this is very straight-forward: HostGator is not HIPAA compliant.
The HostGator Support Portal clearly states that:
No; unfortunately HostGator is not HIPAA compliant. You may NOT use our services for hosting “protected health information” under the federal HIPAA law and related regulations. Our services are not represented to be HIPAA compliant, and you may not use them for such purposes.
Furthermore, their Terms of Service page also has a section on HIPAA compliance:
HIPAA Disclaimer. We are not “HIPAA compliant.”
You are solely responsible for any applicable compliance with federal or state laws governing the privacy and security of personal data, including medical or other sensitive data. You acknowledge that the Services may not be appropriate for the storage or control of access to sensitive data, such as information about children or medical or health information. HostGator does not control or monitor the information or data you store on, or transmit through, the Services. We specifically disclaim any representation or warranty that the Services, as offered, comply with the federal Health Insurance Portability and Accountability Act (“HIPAA”). Customers requiring secure storage of “protected health information” as defined under HIPAA are expressly prohibited from using the Services for such purposes. Storing and permitting access to “protected health information” is a material violation of this Agreement, and grounds for immediate account termination. We do not sign “Business Associate Agreements” and you agree that HostGator is not a Business Associate or subcontractor or agent of yours pursuant to HIPAA. If you have questions about the security of your data, you should contact firstname.lastname@example.org.
Host Gator clearly states they are not a HIPAA compliant service provider. They should not be considered a Business Associate for HIPAA entities seeking HIPAA compliance.
HIPPA Compliant Email?
Confusion certainly exists between HIPAA email and HIPPA email. HIPAA is often misspelled as HIPPA and it’s easy to mistakenly google for “HIPPA compliant email” or “HIPPA email.” Google however, is smart enough to know the correct spelling and will point you to the right pages by default. In a nutshell, “HIPPA compliant email” or “HIPPA email” are not correct. “HIPAA compliant email” or “HIPAA email” are the correct search terms.