Can Dreamhost email be considered HIPAA compliant?

Haven’t been able to find much on this topic anywhere…although I did find one earlier forum post that indicated the DH hosting platform is not HIPAA compliant…

…but in my case, I’m not worried about the entire platform - just the email portion. Granted that you’re using encryption on the email, can DH-hosted email be considered HIPAA compliant?

I’m not sure; it’s likely to depend on the email encryption products you’re using, who you’re communicating with, and what types of PHI are being included in your email.

But the bottom line is, we can’t give you any specific guidance here. Sorry. :frowning: If you have a security/compliance team in your organization, you should talk to them.


Especially if PHI was sitting on Dreamhost’s servers in the case of IMAP. You would ideally need signed Business Associate contract from your vendor. AFAIK, Dreamhost facilities do not practice HIPAA compliance, therefore no BA contract.