2 min read

Does Wild Apricot offer HIPAA compliant web hosting?

Ryan Ozawa October 7, 2020

HIPAA compliance
Wild Apricot by Personify logo
Wild Apricot logo One of the more popular technology tools in the healthcare field is Wild Apricot. In addition to providing websites for medical associations, its software is designed to specifically help with membership management. From enrollment applications to payments, Wild Apricot provides support and automation for many of the main activities of an association. Having a product aimed directly at medical organizations, however, still requires due diligence to ensure it complies with HIPAA.

What is Wild Apricot?

Like Squarespace, Weebly, and Wix, Wild Apricot offers a proprietary website builder to help businesses quickly design and launch websites. The company provides mobile-friendly website templates that can be customized with an organization's color scheme, logo, text, and images. It lets customers use their own domain names, and offers embeddable widgets for those that already have WordPress websites. Wild Apricot promotes itself as a provider of Association Management Software, which typically automates management functions including fundraising, membership, event management, and other operations. It has over 30,000 customers. Wild Apricot aims to be an all-in-one tool for medical associations, providing customer relationship management (CRM) features like a member database, email newsletters, and event management. It also handles payments for member registration and renewals, and even offers a portal for members to log in to access member-only resources.

 

Is Wild Apricot secure?

Since Wild Apricot handles many types of information, security is of paramount importance. For example, handling payment information requires compliance with the Payment Card Industry Data Security Standard ( PCI DSS). Wild Apricot provides a detailed page describing its security and data protection measures. The company says that it secures online payments with PCI DSS version 3.2, and it reassures customers that they own their data and can easily export it at any time. Wild Apricot also says it's using globally-recognized testing methodologies, from those recommended by the Open Web Application Security Project ( OWASP) to perform penetration tests. It even says it's developing Security Operation Center software to detect attacks across various systems, including Windows, Linux, the network, and social media. But if Wild Apricot is going to handle medical information, it also needs to comply with HIPAA.

 

Is Wild Apricot HIPAA compliant?

Wild Apricot uses Amazon Web Services (AWS) to host its customers' websites and membership applications. Because AWS can be configured to be HIPAA compliant, Wild Apricot asserts that its technology complies with HIPAA as well. (AWS is also how Wild Apricot achieves compliance with PCI DSS.) The company also notes that its payment systems are hosted by Armor, which provides 24/7 threat detection and response to over 1,000 customers across 42 countries, including secure hosting and log and data management. However, we are unable to find any mention of whether Wild Apricot will sign a business associate agreement (BAA), which is required for full HIPAA compliance.

 

Conclusion

Wild Apricot leverages AWS to provide secure and reliable service to customers.  Similarly, Paubox uses AWS for our HIPAA compliant email solutions. However, unlike Paubox, although Wild Apricot says it is HIPAA compliant, it does not appear to offer a BAA. We recommend covered entities confirm this before becoming a customer.
 
Try Paubox Email Suite for FREE today.
Start for free
Secure every email you send and receive HIPAA compliant. Threat-proof. Hassle-free.
Medical professionals in surgical attire in a hospital operating room

Ensuring HIPAA compliance when using health information exchanges

Picture of Liyanda Tembani Liyanda Tembani : September 21, 2023

Health Information Exchanges (HIEs) enable the seamless sharing of patient data among authorized healthcare entities. However, as healthcare...

HIPAA compliance
Read More
Image of New York skyline with statue of liberty.

What healthcare providers need to know about the CDPAP transition

Gugu Ntsele : April 23, 2025

New York State's Consumer Directed Personal Assistance Program (CDPAP) is undergoing a transformation that has implications for healthcare providers...

HIPAA compliance
Read More
employee leading a meeting in a conference room

Employers and HIPAA: What you need to know

Picture of Farah Amod Farah Amod : February 21, 2024

HIPAA sets national standards for safeguarding patients' health information, primarily targeting healthcare organizations. However, employers often...

HIPAA compliance
Read More

Subscribe to Paubox Weekly

Every Friday we bring you the most important news from Paubox. Our aim is to make you smarter, faster.