A new client just asked me if WIX websites are HIPAA compliant
Hi Lucy, here’s an informative response from a Partner in our Facebook group . It contains important details that may help you.
Wix as a platform is not HIPPA compliant, meaning it does not sign BAA with you as a vendor. But that should not stop you from using Wix as a front facing website for medical business. See, HIPPA has specific requirements that an outside party (or internally Compliance Officers) can review and tell you about. You can do a Wix site for medical that is compliant based on advice of such people or you can totally screw it up without advice. Point is you are a marketer and your job should not be to determine compliance. Your client will have to shell out some cold hard cash and have other people audit them for this. Chances are per my experience they are not even internally compliant and if you really dig into it and give them a bullet list of what you have found out about HIPPA you give them enough reasons to do their own thing first.
G Suite/Gmail CAN be compliant, and you still need an audit and plan that keeps you there. For example the officer/audit may state use of online contact form is ok or is not ok, storage of data in this database ok or in that db not ok. Just know Wix does not sign BAA, so you are literally all on your own and taking big fancy expensive government fine risks if things go south. Like 6 figure fines. This should not be your responsibility, way above your pay grade tbh. Provide disclosures to client and protect yourself.
I recently dealt with this and I provided ample warnings and disclosures that I cannot be held responsible for it despite all security, they need outside parties to do the compliance work and I can help along the way to implement what they suggest, and they still have to do an audit when everything is finished to ensure things are “compliant.”
Thanks Steven! This was very helpful.
@sefiaconsult you’re welcome! 