A website is a critical part of doing business today, whether it simply serves as an online business card to provide your basic contact information (such as your HIPAA compliant email address), or serves as a robust portal to access all of your products and services.
Businesses choose website hosting companies for a variety of reasons, from price to features to reputation. Unlike most businesses, however, healthcare providers must also take HIPAA into account when selecting a web hosting company.
What is Hostinger?
When Hostinger was launched in 2004, it was known for providing free websites without ads nor limits on resources. In other words, it offered “complete freedom to express yourself online.”
Hostinger was born in Lithuania, relocated to Cyprus, and hit its one-millionth customer in 2010. It has since expanded to Indonesia, Brazil, and Singapore. While it no longer offers a free level of service, Hostinger’s entry-level costs as little as $0.99 per month, which is among the lowest prices you’ll find anywhere.
The low-cost strategy has worked, with Hostinger now boasting 29 million customers in 178 countries. The company says 15,000 people sign up every day.
Should healthcare professionals be among them?
Is Hostinger HIPAA compliant?
The Hostinger Hosting Agreement, last updated November 29, 2019, mentions HIPAA in this restrictive clause:
The Services are not intended to provide a PCI (Payment Card Industry) or HIPAA (Health Insurance Portability and Accountability Act) compliant environment and therefore should not be used or considered as one.
The agreement goes on to say:
You will not provide us any personal information with respect to Your clients, visitors, end-users. You acknowledge that Hostinger may in certain limited cases have access to information and communications systems for the purposes set forth in this Agreement. […] You shall be solely responsible for installation of organizational and technical security measures sufficiently protecting personal data stored or processed on your website or server. Consequently, you will be solely responsible for all and any data breaches, incidents and similar violations pertaining to such data…
Hostinger clearly states that it does not provide a HIPAA compliant environment, says you are “solely responsible” for data breaches, and indicates that it may have access to information on your clients, visitors and end-users. For these very clear reasons, we do not recommend Hostinger as a web host for covered entities.