With a free plan, and upgrades that cost as little as $6 a month, Weebly is a very popular platform for businesses to launch their first website. Many budget conscious clinics may be considering using Weebly to promote their services online. But is Weebly HIPAA compliant?
What is Weebly?
Graduates of Pennsylvania State University founded Weebly in 2006, and the company was part of the 2007 cohort of the Y Combinator startup accelerator. By 2018, it had over 625,000 customers and was acquired by the financial services firm Square. Based on a WYSIWYG interface that runs in a web browser, Weebly allows customers to design a website without knowing how to code. For $6 a month, you can use Weebly with your own domain name, and additional upgrades include site statistics, e-commerce, embeddable code, and ad removal. There's a lot to love. But if your business is a covered entity under HIPAA, you must always ask if your website host is HIPAA compliant.
What does Weebly say about HIPAA compliance?
A review of the Weebly privacy policy, Terms of Service, and Data Processing Terms finds no mention of HIPAA, protected health information (PHI), or anything related to medical records. On the Weebly community support site, a handful of people have asked about HIPAA, but none of the answers are definitive nor come from the company itself. In January 2020, blogger Jason Eland took a look at several web hosting companies and their compliance with HIPAA. He declares Weebly "not recommended." He notes that Weebly's offerings have lagged behind its competitors overall, but that its acquisition by Square may help improve things.
Is Weebly HIPAA compliant?
Given Weebly's clear silence on HIPAA and the required business associate agreement (BAA), its website hosting services must be assumed to be not HIPAA compliant. This would include its popular Weebly Form Builder, designed to make it easy to collect information from website visitors. Note that Weebly does make it possible for its customers to use the Google Workspace email service, and Google Workspace email can be made HIPAA compliant when partnered with a HIPAA compliant email solution like Paubox Email Suite.
Conclusion
Like its competitors Wix and GoDaddy, free and low-cost services like Weebly are very popular. But Weebly websites cannot be HIPAA compliant overall, and can only support some HIPAA compliant modules like Google Workspace email and external form providers. Conclusion Weebly is not HIPAA compliant.
Try Paubox Email Suite for FREE today.