Monday, 8 January 2018

Can I use Wix Email and be HIPAA Compliant?

Can I use Wix Email and be HIPAA Compliant? - Paubox

Last week we received a useful inbound inquiry from a Behavioral Health System in South Carolina.

In a nutshell, they asked that since their website was already hosted by Wix, they could also use Wix email for HIPAA compliant email.

We thought the answer to this would be great content for a blog post.

We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud-based services in this sector.

In previous posts, we’ve covered the following cloud solutions and their capabilities for HIPAA compliance:

Today, we will determine if Wix offers HIPAA compliant email or not.

SEE ALSO: HIPAA Breaches and Cloud Providers

About Wix

Wix is a cloud-based web development platform that was first developed and popularized by the Israeli company also called Wix.

The company allows users to create HTML5 web sites through the use of easy to use drag and drop tools.

Wix and the Business Associate Agreement

We’ve previously talked about how a Business Associate Agreement (BAA) is a written contract between a Covered Entity and a Business Associate. It is required by law for HIPAA compliance.

We checked Wix’s site and found their Terms of Use, Privacy Policy, and Help Center pages.

We were unable however, to find any mention of HIPAA, Protected Health Information, or Business Associate Agreement on those pages.

We therefore conclude that Wix itself is not a HIPAA compliant vendor.

Wix and G Suite

During our research, we also found a page called Personalized Email Address and Mailbox.

On it, Wix says:

Wix offers Mailboxes with G Suite by Google Cloud.

From what we could gather, it appears Wix solely resells G Suite as their hosted email provider.

To learn more about their partner relationship with Google, we next found a Wix page called Google Mailing Application – Customer Agreement.

The Agreement clearly states:

The Service is provided, maintained and operated by Google and not by Wix.

And also:

The use of the App is subject to the standard Terms of Service of Google and the G Suite Acceptable Use Policy (together the “Google TOS”).

And lastly:

You acknowledge that Google is responsible for the provision of the Service to you. Wix shall have no responsibility or liability in relation to the provision of the Service by Google, the quality or functionality of the Service, its availability, the support services provided by Google and/or any other aspect of the Service or its provision to you other than Wix’s responsibility in relation to the technical billing actions conducted by Wix on behalf of Google.

From these statements, we can see Wix outsources their email hosting to Google and that Google assumes responsibility for it.

From a HIPAA compliant email standpoint, we’ve previously covered how to make G Suite HIPAA compliant. Since Wix partners with Google to provide email hosting, we recommend following that guide.

Does Wix Offer HIPAA Compliant Email?

The Business Associate Agreement is a key component to HIPAA compliance between a Covered Entity and a Business Associate.

We it comes to Wix and their email platform, we discovered:

  • Wix does not offer to sign a BAA with its customers.
  • Wix partners with Google G Suite for email hosting.
  • Google assumes full responsibility for its email platform.
  • While Google is willing to sign a BAA for G Suite, it does not actually cover email sent and received in transit.

Conclusion

If you are purchasing Wix email via their G Suite partnership, you can follow our guide on how to make it HIPAA compliant.

No comments:

Post a Comment