Yes, Squarespace offers HIPAA compliance but only for Scheduling. Other services through the Squarespace platform, such as certain contact form features, aren’t HIPAA compliant.
While Squarespace offers a variety of software services, Squarespace Scheduling is the only HIPAA-compliant feature available. This scheduling tool meets all requirements for the HIPAA security rule.
Protections for HIPAA-enabled accounts include email notification privacy, a shortened browser session timeout, and limited access for uploading intake forms. Also, customers can disable third-party integrations that don’t support HIPAA.
Covered entities shouldn’t use other Squarespace services, including Form Block for contact form creation. If an organization needs to collect protected health information (PHI) outside of Scheduling, then it’s best to use a different service that’s HIPAA compliant to do so.
You need a Squarespace Powerhouse Player or Enterprise plan to access HIPAA-compliant features for your Scheduling account. Each Scheduling account must be HIPAA enabled before using the service for PHI.
All covered entities need to obtain a signed business associate agreement (BAA) from Squarespace. Customers with a Powerhouse Player plan must use Squarespace’s BAA. Custom BAAs are available for customers with an Enterprise plan. This BAA applies only to Squarespace Scheduling, not other Squarespace features.