Mastering HIPAA Website Compliance
hipaadigital.com
Alexander Bentley-Sutherland
Understanding the Limitations of Squarespace in HIPAA Compliance
Alexander Bentley-Sutherland
HIPAA Digital™ - HIPAA Compliant IT Systems, Websites & Cyber Security
Squarespace is an awesome platform for website building and hosting However, its standard features and design do not meet the requirements of HIPAA compliance.
If you are a Healthcare business owner in any health-related sector and have used SquareSpace core functionality as your website builder and hosting there's a high chance your website is not HIPAA Compliant
Squarespace and Business Associate Agreements (BAAs)
Under HIPAA, a Business Associate Agreement (BAA) is a legal document binding a covered entity and a business associate such as a website developer or hosting company This BAA outlines their responsibilities in managing Protected Health Information (PHI) and all the other elements required for a HIPAA Compliant website including:
Privacy Rule Compliance Security Rule Compliance
Breach Notification Rule Compliance
Mastering HIPAA Website Compliance
hipaadigital.com
Alexander Bentley-Sutherland
Understanding the Limitations of Squarespace in HIPAA Compliance
Alexander Bentley-Sutherland
HIPAA Digital™ - HIPAA Compliant IT
Systems, Websites & Cyber Security
Risk Analysis and Management
Training and Awareness
Transmission Security
Data Integrity and Storage Physical Security
The Business Associate Agreement is fundamental for HIPAA compliance.
While Squarespace offers Business Associate Agreements, it severely limits this arrangement to its Acuity Scheduling feature, excluding other functionalities from its HIPAA-compliant scope
What this means in real life is that only one very small element of the Squarespace core platform is HIPAA compliant. The rest is not.
Acuity Scheduling
Only Acuity Scheduling is designed with the necessary safeguards to be HIPAA compliant. It includes secure data handling and privacy measures that align with HIPAA standards
The rest of Squarespace’s features, including its website building and hosting services do not fall under this umbrella of compliance.
Mastering HIPAA Website Compliance
hipaadigital.com
Alexander Bentley-Sutherland
Understanding the Limitations of Squarespace in HIPAA Compliance
Alexander Bentley-Sutherland
Why Squarespace is not HIPAA Compliant
Insufficient Data Protection Measures
HIPAA compliance demands safeguards to protect PHI and ePHI against unauthorized access, disclosure, alteration or destruction. This includes technical measures (such as encryption and audit trails) and physical admin safeguards
Squarespace’s general features do not guarantee the required level of security controls for PHI, apart for their Acuity Scheduling product.
Limited Control over PHI
HIPAA requires covered entities to have strict control over how PHI is used and disclosed. Squarespace’s core platform does not provide the necessary features to control PHI disclosure and access
Risk Management and Compliance
HIPAA compliance requires ongoing risk assessment and compliance documentation Squarespace does not offer built-in features to support compliance activities for healthcare websites
HIPAA Digital™ - HIPAA Compliant IT Systems, Websites & Cyber Security HIPAA
Mastering HIPAA Website Compliance
hipaadigital.com
Alexander Bentley-Sutherland
Understanding the Limitations of Squarespace in HIPAA Compliance
Alexander Bentley-Sutherland
Inadequate Incident Response and Reporting
Risks and Consequences
Squarespace’s platform does not support these key HIPAA requirements
Healthcare business owners often unknowingly use other parts of Squarespace’s platform thinking they are in compliance with HIPAA This misconception could lead to breaches of patient data, risking significant legal and financial penalties.
The assumption that a BAA with Squarespace covers the entire platform’s use is a critical oversight
Beware website builder and marketing companies’ advice about how to create a website. In our experience, nine out of ten covered entity websites we’ve reviewed do not comply, including ones built by well known health care marketing advisers. Many websites are artfully designed and provide lots of good information But they’re missing key ingredients of HIPAA
HIPAA Digital™ - HIPAA Compliant IT Systems, Websites & Cyber Security HIPAA DIGITAL
Mastering HIPAA Website Compliance
hipaadigital.com
Alexander Bentley-Sutherland
Understanding the Limitations of Squarespace in HIPAA Compliance
Alexander Bentley-Sutherland
HIPAA Digital™ - HIPAA Compliant IT Systems, Websites & Cyber Security
The Solution
HIPAA compliance for websites involves a serious and technical approach that integrates technical, physical and administrative safeguards into your non HIPAA compliant website
HIPAA Digital are a complete 3-in-one done for you solution, so that you never need worry again about your Squarespace website, hosting or Business Associate Agreements.
As well as singing a BAA we also make sure all of your BAAs relating to your website and marketing activities are signed by the relevant providers, and available in your dashboard for as and when they are needed
Our friendly account managers talk your language, we all have significant experience in digital healthcare and won't bamboozle you with technical jargon.
During your free consultation we'll work out what's wrong, fix it, and make sure you are fully compliant going forwards
HIPAA DIGITAL
Healthcare Website Compliance
HIPAA Website
HIPAA Emails
HIPAA WordPress
HIPAA Marketing
HIPAA Hosting
HIPAA Analytics
Business Associate Agreement
HIPAA SEO