Yes, Squarespace states that it offers HIPAA compliance but only for Scheduling. Squarespace have not stated that their other services, such as certain contact form features, aren’t HIPAA compliant.
Protections for HIPAA-enabled accounts include email notification privacy, a shortened browser session timeout, and limited access for uploading intake forms. Also, customers can disable third-party integrations that don’t support HIPAA.
Covered entities shouldn’t use other Squarespace services, including Form Block for contact form creation. If an organization needs to collect protected health information (PHI) outside of Scheduling, then it’s best to use a different service that’s HIPAA compliant to do so.
You need a Squarespace Powerhouse Player or Enterprise plan to access HIPAA-compliant features for your Scheduling account. Each Scheduling account must be HIPAA enabled before using the service for PHI.
All covered entities need to obtain a signed business associate agreement (BAA) from Squarespace. Customers with a Powerhouse Player plan must use Squarespace’s BAA. Custom BAAs are available for customers with an Enterprise plan. This BAA applies only to Squarespace Scheduling, not other Squarespace features.
