Is GoDaddy HIPPA Compliant

GoDaddy is not HIPAA Compliant

HIPAA compliance involves adhering to a set of standards designed to protect sensitive patient health information. For web hosting services, this means ensuring that all electronic protected health information (ePHI) is secure from unauthorized access, use, or disclosure. Key aspects of HIPAA compliance include:

  • Encryption: ePHI must be encrypted both in transit and at rest.
  • Access Control: Only authorized personnel should have access to ePHI.
  • Audit Trails: Systems must track and log access to and activity with ePHI.
  • Data Integrity and Availability: Measures must be in place to ensure that ePHI is not improperly altered or destroyed and is accessible as needed.


HIPAA-covered entities must sign a Business Associate Agreement (BAA) with their service providers, ensuring that these associates will protect the ePHI to the same standards as the covered entity.

GoDaddy and HIPAA Compliance

While GoDaddy is a prominent player in the web hosting market, it does not inherently offer HIPAA-compliant hosting solutions. Here’s why:

Lack of a Standard BAA

GoDaddy typically does not sign BAAs with its customers, a non-negotiable requirement for HIPAA compliance. Without a BAA, the accountability for maintaining the confidentiality, integrity, and availability of ePHI remains ambiguous.

Encryption and Data Protection

While GoDaddy provides some level of security and data encryption, it does not automatically meet the high standards required for HIPAA compliance, especially concerning encryption of data at rest and detailed audit logs.

Access Control and Audit Trails

Access control measures and audit capabilities in GoDaddy’s standard hosting packages may not sufficiently meet HIPAA’s rigorous standards. HIPAA requires detailed auditing functionalities to track access to ePHI, which may go beyond what GoDaddy offers out of the box.

Customizing GoDaddy Services for HIPAA Compliance

Despite these challenges, it’s possible to configure a GoDaddy hosting environment to be HIPAA compliant with significant customization:

  • Enhanced Security Measures: Implement additional security layers, such as firewalls, intrusion detection systems, and data encryption, both in transit and at rest.
  • Third-Party Compliance Tools: Use third-party services and tools that can integrate with GoDaddy hosting to ensure full compliance, such as advanced encryption and auditing software.
  • Expert Consultation: Work with HIPAA compliance experts to tailor the hosting environment to meet the necessary standards, including developing policies and procedures for managing ePHI.


While GoDaddy offers robust web hosting services, its standard packages are not inherently HIPAA compliant. Healthcare organizations can potentially configure GoDaddy’s services to meet HIPAA standards, but this requires extensive customization and ongoing management. Considering the risks and responsibilities associated with protecting ePHI, healthcare entities often find it more feasible to partner with hosting providers that specialize in HIPAA-compliant services, ensuring that patient data is protected in line with federal regulations.

Alexander Bentley-Sutherland is the founder of HIPAA Digital LLC and Subject Matter Expert in all aspects of HIPAA Compliance in Healthcare both in the United States and Globally. Alexander is routinely called upon at Corporate and Federal Level to advise and implement HIPAA Compliant process and systems Architecture. With decades of experience at the helm of substantial data driven industries in the most sensitive of industries Alexander Bentley-Sutherland has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Alex and his team now specialize in helping all sizes of organizations to navigate the intricacies of HIPAA compliance.

Share it :
Get free tips and resources right in your inbox, along with 10,000+ others