Is Bluehost HIPAA compliant?

No, Bluehost has announced that it is not HIPAA-compliant. Its website states that customers shouldn’t use its services to store protected health information (PHI).

Bluehost doesn’t offer the privacy and security features required to comply with federal HIPAA regulations. While some web hosts provide higher-priced plans to support covered entities with HIPAA compliance, Bluehost doesn’t offer any plans that meet HIPAA standards.

Bluehost provides customers with a variety of security features, including SSL certification and HTTPS protocol. While these security features are necessary steps for HIPAA compliance, they aren’t enough. HIPAA compliance requires access control and audit control for digital security. Additionally, facility controls must include physical safeguarding of server equipment.

It’s a breach of the user agreement to store PHI on Bluehost servers. The company is transparent that its services aren’t authorized for patient health data and identifiable medical information. No Bluehost tools, including shared hosting, dedicated hosting, and email, should be used for PHI.

Since Bluehost doesn’t provide HIPAA-compliant services, the company won’t sign a business associate agreement (BAA). Covered entities that need web hosting services for PHI should choose a different service that meets HIPAA requirements.

Product details

Company Logo

Business Associate Agreement


HIPAA Compliant



Domain Registration

Product description

Bluehost is a web hosting provider that provides services for millions of websites, including private or shared hosting packages, as well as domain name purchases, email services, and marketing solutions.


Readers should perform their own research before making the final decision. The information on the Jotform HIPAA Compliance Checker does not constitute official healthcare or legal advice. Jotform is not liable for any damage or liabilities arising out of or connected in any manner with this platform.

If you see any incorrect, incomplete or inaccurate information, please request correction by filling the form below.

Request Correction