Lately, we’ve been discussing in the office whether certain cloud-based solutions are HIPAA compliant or not. Optimizely is a leading customer experience optimization platform.
We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud-based services in this sector.
In previous posts, we’ve covered the following cloud solutions and their capabilities for HIPAA compliance:
- Amazon CloudFront
- Apple iCloud
- Apple iMessage
- Citrix ShareFile
- Google Calendar
- Google Docs
- Google Drive
- Google Forms
- Google Hangouts
- Google Slides
- Google Voice
- Office 365
Today, we will determine if Optimizely offers HIPAA compliance or not.
SEE ALSO: HIPAA Breaches and Cloud Providers
According to their site, Optimizely is the world’s leading experimentation platform, enabling businesses to deliver continuous experimentation and personalization across websites, mobile apps and connected devices.
Optimizely and the Business Associate Agreement
We’ve previously talked about how a Business Associate Agreement (BAA) is a written contract between a Covered Entity and a Business Associate. It is required by law for HIPAA compliance.
We checked Optimizely’s site and found the answer we’re looking for in their Terms of Service Agreement.
In it, they clearly state:
HIPAA non-compliance. Customer acknowledges that Optimizely is not a Business Associate or subcontractor (as those terms are defined in HIPAA) and that the Optimizely Service is not HIPAA compliant. “HIPAA” means the Health Insurance Portability and Accountability Act and related amendments and regulations as updated or replaced. “Regulated Data” includes HIPAA-regulated data and data covered under the Gramm-Leach-Bliley Act (or related rules or regulations) as updated or replaced.
Does Optimizely Offer HIPAA Compliant Service?
The Business Associate Agreement is a key component to HIPAA compliance between a Covered Entity and a Business Associate.
Optimizely’s Terms of Service page quickly yielded the information we were looking for.
Optimizely explicitly states they are not a Business Associate and their service is not HIPAA compliant.
Optimizely is not HIPAA compliant.