Is Wix HIPAA Compliant

Wix is one of the most popular web-based services for building, maintaining, and hosting websites. The reasons for having a website are virtually limitless, but if your business must follow HIPAA’s rules and regulations, you must know if Wix is HIPAA compliant.

What Makes a Software Tool HIPAA Compliant?

Regarding software, there are specific indications of the tool’s HIPAA compliance. Software HIPAA compliance really boils down to two things. Does the software have safeguards to keep patient data private and secure? Does the software provider sign business associate agreements?

When the answer to both of these questions is “yes,” the product or service is likely HIPAA compliant. If the answer to either is “no,” the tool is not HIPAA compliant.

What Are HIPAA Safeguards?

HIPAA safeguards are measures that a healthcare organization puts into place to protect the confidentiality, integrity, and availability of protected health information (PHI). HIPAA categorizes safeguards into three groups – administrative, physical, and technical. 

Administrative safeguards are written policies and procedures that dictate proper uses and disclosures of PHI.

Physical safeguards like locks and alarm systems protect an organization’s physical location.

Technical safeguards are measures that protect electronic PHI (ePHI).

While administrative and physical safeguards are essential, technical safeguards are generally the determining factor of a software provider’s HIPAA compliance. You should expect technical safeguards to include encryption, user authentication, access controls, and audit controls.

Let’s Simplify Compliance

Are the tools you use to run your business HIPAA compliant?

Find Out!
HIPAA Seal of Compliance

Why is a Business Associate Agreement Important?

Business associate agreements are a vital determinant of HIPAA compliance. Even the most secure software platform is NOT HIPAA compliant if they will not sign a business associate agreement (BAA). 

Why? 

A BAA is a legal agreement that requires each signing party to be HIPAA compliant and be responsible for maintaining compliance. A BAA limits the liability for both signing parties in case of a breach or OCR audit, as only the negligent party would be held culpable. 

Is Wix HIPAA Compliant?

Wix clearly states on their website that their services “…are not specifically designed to comply with HIPAA. As such, we are unable to operate as a Business Associate, subcontractor, or agent of a Covered Entity, as these terms are defined in HIPAA.” 

The site further cautions users with the following statement:

“Wix does not actively filter or monitor the information or data you store, transmit, or maintain in our services before you upload it to our platform. If your business requires you to be compliant with HIPAA, you are responsible for compliance with all applicable laws governing the privacy and security of ePHI.

Likewise, if you are subject to HIPAA as a Covered Entity or Business Associate, you should not use Wix services in a manner that causes Wix to create, receive, maintain, or transmit ePHI on your behalf.”

Based upon that information, Wix is not HIPAA compliant. While you could use their services to promote your practice or business, you must be sure that patient PHI cannot be transmitted or stored by Wix. 

Wix does tease that if enough customers request HIPAA compliance, they may add it in the future. Unless and until that happens, keep your patient PHI away from Wix.