Is Liquid Web HIPAA Compliant?

Healthcare organizations searching for a hosting solution may identify Liquid Web as a potential vendor, but is Liquid Web HIPAA compliant? Can its cloud services be used by HIPAA-covered entities for hosting applications and projects that include electronic protected health information?

Any healthcare organization that wants to use the cloud to host applications that use the protected health information (PHI) of patients must select a vendor whose service includes safeguards to ensure the confidentiality, integrity, and availability of ePHI that meet the requirements of the HIPAA Security Rule.

Cloud service providers, including hosting companies, are classed as business associates since they potentially have access to their clients’ data. While many cloud service providers claim they do not access customers’ data, they are still classed as business associates. HIPAA-covered entities and their business associates must therefore enter into a business associate agreement with the service provider before any ePHI is uploaded to the cloud.

Liquid Web Business Associate Agreements

Liquid Web has been providing hosting solutions to SMBs for 20 years. Last year, the company underwent an independent audit of its hosting services to assess compliance with HIPAA/HITECH regulations. While there is no official HIPAA compliance certification, the accounting firm UHY LLP did certify that the company has implemented appropriate administrative, physical, and technical safeguards to satisfy HIPAA Rules. Liquid Web has also passed EU- US and Swiss-US Privacy Shield audits, SOC 1, 2, 3 attestations, and PCI Service Provider recertification.

Liquid Web is prepared to enter into business associate agreements with HIPAA covered entities that require hosting services for web content and applications that include PHI. The BAA covers its single server and multiple server hosting services.

Is Liquid Web HIPAA Compliant?

The privacy and security controls implemented by Liquid Web allow HIPAA covered entities to ensure their data is secure and always available. Liquid Web can be a HIPAA compliant hosting service, provided access, security, and audit controls are set appropriately and a signed business associate agreement is obtained prior to use of the hosting services in connection with any ePHI.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.