Last week we received a useful inbound inquiry from a Behavioral Health System in South Carolina.
In a nutshell, they asked that since their website was already hosted by Wix, they could also use Wix email for HIPAA compliant email.
We thought the answer to this would be great content for a blog post.
We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud-based services in this sector.
In previous posts, we’ve covered the following cloud solutions and their capabilities for HIPAA compliance:
- Amazon CloudFront
- Apple iCloud
- Apple iMessage
- Citrix ShareFile
- Google Calendar
- Google Docs
- Google Drive
- Google Forms
- Google Hangouts
- Google Slides
- Google Voice
- Office 365
Today, we will determine if Wix offers HIPAA compliant email or not.
SEE ALSO: HIPAA Breaches and Cloud Providers
Wix is a cloud-based web development platform that was first developed and popularized by the Israeli company also called Wix.
The company allows users to create HTML5 web sites through the use of easy to use drag and drop tools.
Wix and the Business Associate Agreement
We’ve previously talked about how a Business Associate Agreement (BAA) is a written contract between a Covered Entity and a Business Associate. It is required by law for HIPAA compliance.
We therefore conclude that Wix itself is not a HIPAA compliant vendor.
Wix and Google Workspace
During our research, we also found a page called Personalized Email Address and Mailbox.
On it, Wix says:
Wix offers Mailboxes with Google Workspace.
From what we could gather, it appears Wix solely resells Google Workspace as their hosted email provider.
To learn more about their partner relationship with Google, we next found a Wix page called Google Mailing Application – Customer Agreement.
The Agreement clearly states:
The Service is provided, maintained and operated by Google and not by Wix.
You acknowledge that Google is responsible for the provision of the Service to you. Wix shall have no responsibility or liability in relation to the provision of the Service by Google, the quality or functionality of the Service, its availability, the support services provided by Google and/or any other aspect of the Service or its provision to you other than Wix’s responsibility in relation to the technical billing actions conducted by Wix on behalf of Google.
From these statements, we can see Wix outsources their email hosting to Google and that Google assumes responsibility for it.
From a HIPAA compliant email standpoint, we’ve previously covered how to make Google Workspace HIPAA compliant. Since Wix partners with Google to provide email hosting, we recommend following that guide.
Does Wix Offer HIPAA Compliant Email?
The Business Associate Agreement is a key component to HIPAA compliance between a Covered Entity and a Business Associate.
We it comes to Wix and their email platform, we discovered:
- Wix does not offer to sign a BAA with its customers.
- Wix partners with Google Workspace for email hosting.
- Google assumes full responsibility for its email platform.
- While Google is willing to sign a BAA for Google Workspace, it does not actually cover email sent and received in transit.
If you are purchasing Wix email via their Google Workspace partnership, you can follow our guide on how to make it HIPAA compliant.