No, SiteGround isn’t HIPAA compliant. SiteGround’s website disclaimer states that its services don’t comply with federal HIPAA requirements.
SiteGround doesn’t comply with HIPAA regulations, so its services are not recommended for protected health information (PHI). In its terms of service, SiteGround includes a HIPAA disclaimer section that states customers are prohibited from using its services to store PHI.
Covered entities that need web hosting services should choose a provider that offers digital and physical HIPAA-compliant safeguards. While most hosting providers provide HTTPS protocol and SSL certification for security, these features aren’t sufficient to meet HIPAA requirements. For a hosting account to be HIPAA compliant, it must include physical safeguards to protect equipment and servers. Audit controls and access controls are other digital security features that help with HIPAA compliance.
Because SiteGround doesn’t provide HIPAA-compliant services, the company is unwilling to sign a business associate agreement (BAA).