Yes, Microsoft 365 email services sold and supported by GoDaddy are HIPAA compliant, and the company will sign a BAA. The company’s website hosting services aren’t HIPAA compliant.
GoDaddy provides a variety of services including website hosting, email management, and domain names. Covered entities can use email services for protected health information, but website hosting services don’t meet HIPAA requirements.
Basic website hosting plans aren’t HIPAA compliant because they are on shared servers. Other technical and physical safeguards aren’t in place for these plans. Covered entities shouldn’t use GoDaddy shared hosting for websites containing patient information.
GoDaddy also offers email services through Microsoft Office 365. Two plans, Business Premium and Premium Security, offer HIPAA-compliant features. Covered entities must purchase HIPAA-compliant email as an add-on to the service. All email accounts on the same plan are HIPAA compliant. These email solutions offer the option of full integration with Microsoft Office.
GoDaddy and Microsoft will sign a business associate agreement (BAA) to support HIPAA compliance. Also, covered entities must activate their email accounts before using these tools for PHI.
GoDaddy provides cloud-based services such as website hosting, internet domain registration, and email services.
Readers should perform their own research before making the final decision. The information on the JotForm HIPAA Compliance Checker does not constitute official healthcare or legal advice. JotForm is not liable for any damage or liabilities arising out of or connected in any manner with this platform.