The Health Insurance Portability and Accountability Act of 1996, commonly known as HIPAA, is a series of regulatory standards that outline the lawful use and disclosure of protected health information (PHI). HIPAA compliance is regulated by the Department of Health and Human Services (HHS) and enforced by the Office for Civil Rights (OCR).
When it comes to Memberium, we don’t host your site or enforce any workflows/handling of data. Due to this, we can’t address HIPAA directly. However, we can provide you some information that may be helpful.
- We do not handle any of your customer’s Personally Identifiable Information (PII) or Protected Health Information (PHI).
- We do not have any logins or access to your sites or CRM.
- We do not control which data elements you sync down from your CRM system.
- We do not control which data you collect from your customers, or how you handle that data.
- We do encrypt all data moving to and from the CRM system, and none of the data passes through our central systems.
- All data stays on your server or in the CRM, and you’re responsible to maintain/verify that security.
It’s complex for us to be able to say your site would be HIPAA compliant based on so many factors involved and things outside of Memberium’s control. Based on that we cannot say that Memberium is 100% HIPAA compliant as a major portion of being compliant is factored around your data handling practices.
Instead of asking if Memberium or WordPress is HIPAA compliant, you should be looking at two main areas when it comes to the technical side:
- Is the CRM HIPAA compliant? (Infusionsoft and ActiveCampaign both claim to offer HIPAA compliance)
- Is my webserver HIPAA compliant?
Understanding if your web host is compliant has a lot of factors that we’re not equipped to help you unravel. We’d strongly suggest you speak with a legal or compliance professional to get definitive answers.
The information provided is not to be used as legal advice rather we’re providing it to help you get a start on researching how a site running Memberium can be HIPAA compliant.