Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

2 min read

Can I use Squarespace and be HIPAA compliant? (Update 2024)

Can I use Squarespace and be HIPAA compliant? (Update 2024)

Squarespace provides software as a service for website building and hosting and allows users to use pre-built website templates and drag-and-drop elements to create and modify web pages. However, when it comes to handling sensitive patient information, such as protected health information (PHI), it is necessary to ensure the security and compliance of these platforms. So, is Squarespace HIPAA compliant? Our initial research suggests it can be HIPAA compliant.

 

What is Squarespace? 

Squarespace is a popular website building and hosting platform that enables users to create professional-looking websites without requiring advanced technical skills. It offers a range of customizable templates, drag-and-drop tools, and features for designing and managing websites for various purposes, including portfolios, blogs, online stores, and business websites. Squarespace also provides domain registration services, e-commerce functionality, analytics tools, and customer support to help users build and maintain their online presence.

 

Squarespace and business associate agreements (BAAs)

Under HIPAA, a business associate agreement (BAA) is a written contract between a covered entity and a business associate. It is required by law for HIPAA compliance to ensure security and privacy. A BAA outlines the responsibilities and obligations of both parties regarding the protection and use of PHI. It establishes that the business associate will handle any PHI in accordance with HIPAA regulations.

Given Squarespace’s functionalities, such as website building, it's probable that it would be considered a business associate when used in healthcare environments.

After careful examination of Squarespace's official website, it is evident that their BAA specifically extends to the Acuity Scheduling feature and excludes coverage for any other Squarespace features.

 

Squarespace and data security 

One of the primary concerns when evaluating the HIPAA compliance of any software or service is the level of data security it provides. Squarespace prioritizes data protection through a multi-layered security infrastructure. It implements various security measures to ensure the confidentiality, integrity, and availability of user data.

Some notable security features offered by Squarespace include:

  • Account provisioning/decommissioning
  • Encryption 
  • Authentication
  • Privileged account management
  • User identification
  • Access logging and monitoring

 

Is Squarespace HIPAA compliant?

Squarespace states, "Acuity is the only Squarespace feature currently designed to offer services consistent with HIPAA obligations. Your Business Associate Addendum (BAA) doesn't cover other Squarespace features. You shouldn't maintain or transmit Protected Health Information through Squarespace outside of Acuity."

Based on our analysis, Squarespace can only be considered HIPAA compliant under the following conditions: when used within a "Powerhouse Player" plan, exclusively employing the Squarespace Scheduling feature, and refraining from utilizing any third-party integrations that could jeopardize HIPAA compliance.

 

Understanding HIPAA compliance

HIPAA compliance extends beyond just technical safeguards and software solutions. When evaluating a tool's or service's compliance, consider the following:

  • Technical Safeguards: While tools like Squarespace play a crucial role, other technical measures, such as HIPAA compliant email, are equally vital.
  • Employee Training: Ensuring all staff members are well-versed in HIPAA regulations and best practices is paramount. Regular training sessions can help prevent unintentional breaches.
  • Regular Audits: Periodic assessments of all systems and processes ensure that they remain compliant and adapt to any changes in regulations or technology.
  • Data Access Controls: Implementing stringent controls on who can access protected health information and under what circumstances is a cornerstone of HIPAA compliance.

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.