Is Optimizely HIPAA Compliant?

Lately, we’ve been discussing in the office whether certain cloud-based solutions are HIPAA compliant or not. Optimizely is a leading customer experience optimization platform.

We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud-based services in this sector.

In previous posts, we’ve covered the following cloud solutions and their capabilities for HIPAA compliance:

• Amazon CloudFront
• Apple iCloud
• Apple iMessage
• Box
• Citrix ShareFile
• Dropbox
• FaceTime
• Google Calendar
• Google Docs
• Google Drive
• Google Forms
• Google Hangouts
• Google Slides
• Google Voice
• GoToMeeting
• Heroku
• Intercom
• Office 365
• OneDrive
• SharePoint
• Slack
• Sonic
• WhatsApp
• Wix
• WordPress
• Yammer
• Zoho
• Zoom

Today, we will determine if Optimizely offers HIPAA compliance or not.

SEE ALSO: HIPAA Breaches and Cloud Providers

About Optimizely

According to their site, Optimizely is the world’s leading experimentation platform, enabling businesses to deliver continuous experimentation and personalization across websites, mobile apps and connected devices.

Optimizely and the Business Associate Agreement

We’ve previously talked about how a Business Associate Agreement (BAA) is a written contract between a Covered Entity and a Business Associate. It is required by law for HIPAA compliance.

We checked Optimizely’s site and found the answer we’re looking for in their Terms of Service Agreement.

In it, they clearly state:

Does Optimizely Offer HIPAA Compliant Service?

The Business Associate Agreement is a key component to HIPAA compliance between a Covered Entity and a Business Associate.

Optimizely’s Terms of Service page quickly yielded the information we were looking for.

Optimizely explicitly states they are not a Business Associate and their service is not HIPAA compliant.

Conclusion

Optimizely is not HIPAA compliant.