Does Bluehost enable HIPAA compliance?

Bluehost has stated that it does not enable HIPAA compliance and that customers shouldn’t use its services to store protected health information (PHI).

Bluehost provides customers with a variety of security features, including SSL certification and HTTPS protocol. While these security features are necessary steps for HIPAA compliance, they aren’t enough. HIPAA compliance requires access control and audit control for digital security. Additionally, facility controls must include physical safeguarding of server equipment.

The company is transparent that its services aren’t authorized for patient health data and identifiable medical information.

Covered entities that need web hosting services for PHI should choose a service that meets HIPAA requirements.

Product details

Company Logo


Domain Registration

Product description

Bluehost is a web hosting provider that provides services for millions of websites, including private or shared hosting packages, as well as domain name purchases, email services, and marketing solutions.

This web page was updated on September 28, 2022.


Readers should perform their own research before making the final decision. The information on the Jotform HIPAA Compliance Checker does not constitute official healthcare or legal advice. Jotform is not liable for any damage or liabilities arising out of or connected in any manner with this platform.

If you see any incorrect, incomplete or inaccurate information, please request correction by filling the form below.

Request Correction

Get professional solutions with Jotform Enterprise

Discover how Jotform Enterprise can benefit your organization. Automate, collaborate, and scale with ease.