HIPAA Compliant Website Solutions

This Terms of Service (ToS) offered by HIPAA Digital provides the Customer certain rights and remedies regarding service offerings for the dedicated hosting environment (as defined below).


Administrative or “root” access, known as Super User Privileges, to the server is limited to employees of HIPAA Digital and/or their authorized agents. Customer who require Super User Privileges are required to sign a security document before Super User Privileges are granted. For managed servers, HIPAA Digital reserves the right to require, at their discretion, software and/or hardware upgrades for the purposes of maintaining security and stability of the services provided. The cost of such upgrades shall be set by HIPAA Digital and paid by the Customer.


All managed servers must use hardware and software configurations that conform to HIPAA Digital requirements. Use of any particular hardware or software configuration may be declined at the sole discretion of HIPAA Digital.


The Customer agrees to use the services and servers furnished by HIPAA Digital as allowed by applicable Local, State, Federal, and International laws. Transmission of any material in violation of any International, Federal, State or Local regulation is strictly prohibited. This includes, but is not limited to, materials covered in HIPAA Digital Acceptable Use Policy (AUP).


HIPAA Digital reserves the right to monitor any and all communications through or with our facilities. Customer agrees that HIPAA Digital is not considered a “secure communications medium” for the purposes of the ECPA (Electronic Communications Privacy Act of 1986) and no expectation of privacy is afforded.


Customer agrees not to maliciously or intentionally interfere with the proper operation of the server and network, including but not limited to defeating identification procedures, obtaining access beyond that which Customer is authorized for, and impairing the availability, reliability, or quality of service for other Customers. Customer further agrees not to interfere with the proper operation of other systems reachable through the Internet, including any attempt at unauthorized access. Customer agrees to follow the Acceptable Use Policy of any network or service to which Customer connects.

Customer agrees to adhere to system policies as published online or otherwise made available by HIPAA Digital, including restrictions on services available, restrictions on certain features, and all other policies designed to protect and enhance the quality and reliability of service at HIPAA Digital. Customer agrees to abide by any and all future policy decisions by HIPAA Digital.


HIPAA Digital warrants that in providing services to Customer, HIPAA Digital complies fully with all local, state and federal requirements regarding the security and protection of Customer’s data and information, and consistently uses its best efforts to maintain the security of its servers. Notwithstanding such best efforts, no provider of such services, including HIPAA Digital, can guarantee that a Customer’s given server cannot be misused, or wrongfully accessed by Customer’s employees or others. This is true whether Customer chooses to retain the services offered by HIPAA Digital, or elects to use such services through another provider.

Further, HIPAA Digital cannot and does not guarantee that no acts of theft, sabotage or unlawful access can occur by Customer’s employees or third parties. Customer understands and acknowledges that, other than as stated herein, HIPAA Digital makes no warranties or guarantees regarding the security of its services, nor regarding any damages that may allegedly be caused by such breach of security or other wrongdoing by Customer, its employees and related third parties. Customer is fully responsible for the misuse or unlawful use of the services being provided by HIPAA Digital to the extent that such unlawful or misuse of HIPAA Digital servers is undertaken by the Customer, its employees and/or related third parties.

Customer agrees to immediately notify HIPAA Digital in writing if Customer becomes aware of any breaches or misuses of a HIPAA Digital’s server. Customer further agrees that if any security breach or misuse occurs, HIPAA Digital has the right to suspend Customer’s access to the server pending an investigation and resolution. In addition, Customer acknowledges that HIPAA Digital has the right and obligation to cooperate in any government or other legal investigation regarding Customer’s use of HIPAA Digital’s servers, including any of the managed servers used by Customer. Any use of HIPAA Digital’s system to engage in software piracy, or in any other violations of law, will result in the immediate suspension of services by HIPAA Digital, and notification to appropriate law authorities.


If sensitive data will reside on the server either temporarily or permanently, the Customer agrees to notify HIPAA Digital in writing as soon as the Customer is aware of the sensitive data residing on their server. Sensitive data includes, but is not limited to, data which requires regulatory compliance such as HIPAA, PCI DSS, SOX, GLBA, and FISMA. Examples of sensitive data include electronic Protected Health Information (ePHI), credit card numbers, social security numbers, and financial records.

If HIPAA Digital is providing managed services for the Customer and if the Customer’s server(s) will contain any sensitive data, HIPAA Digital and Customer may have to enter into an additional agreement, which defines accountability for properly protecting the Customer’s server according to industry standards for information security.


HIPAA Digital will charge the customer for disk space, as needed. The customer pre-approves the addition of disk space charges by HIPAA Digital. The customer will be notified upon these changes.


Self-Managed Backups: If Customer opts to manage their own backups instead of using HIPAA Digital managed backup services, then Customer’s use of the backup server and service is at Customer’s sole risk. HIPAA Digital is not responsible for files and data residing on Customer’s server. Customer agrees to take full responsibility for files and data transferred and to maintain all appropriate backup of files and data stored on server.

Managed Backups: If the Customer opts for managed backup services, then HIPAA Digital is responsible for managing the backups on the Customer’s behalf; however, it is the Customer’s responsibility to ensure ePHI data is preserved for a minimum of seven years. If the Customer is deleting the ePHI data instead of preserving it, then they shall inform HIPAA Digital in writing at which point HIPAA Digital will then archive backups to preserve the data. The archives will consume more disk space, and HIPAA Digital will charge the customer for the disk space as needed. The customer pre-approves the addition of disk space charges by HIPAA Digital.


Customer agrees not to transmit unsolicited or prohibited advertising or other harassing or illegal materials through electronic mail or Internet media. The use of HIPAA Digital or any other service with reference to services obtained through HIPAA Digital, for unsolicited mass mailings, postings, or other activities considered an annoyance to others, commonly referred to as “spamming,” is strictly prohibited and may cause Customer’s services to be terminated immediately and without warning. Customer will be held fully responsible for any damages to Customer, HIPAA Digital, or any other party or parties resulting from any such conduct.


For service-level impacting issues support is available 24/7. For non-service-level impacting issues and requests, 12 hours of standard, working-hours support is available per month. Additional support past the 12 hours per month requires management review and extra fees may apply (customer will be advised prior to imposing these such fees).