HostGator has stated publicly that their web hosting services are not HIPAA compliant, and that they may not be used to hosts applications or information that requires HIPAA compliance.
In fact, HostGator’s Terms of Service explicitly state that using any of the HostGator web hosting products to host data that falls under the HIPAA definition is a violation of of those terms of service.
You can read what HostGator says explicitly about their status with regard to HIPAA compliance in the help section of their website. The most pertinent statement about HIPAA and HostGator are in the image below.
As you can see from the statement, HostGator specifically prohibits those who use any of its services from using them to store “protected health information” as defined under HIPAA regulations.
One of the requirements of HIPAA compliant web hosting is the signing of a Business Associate Agreement (abbreviated BAA; sometimes also called a Business Associate Contract). HostGator specifically spells out that they DO NOT sign Business Associate Agreements.
When you look at what is required by a web hosting company to be compliant with all of the requirements of HIPAA, you can see why most web hosts (the great majority of which are not very large companies and don’t have the personnel) don’t offer HIPAA compliant web hosting.
HostGator targets mostly individuals and small businesses with their hosting services. Most of these customers don’t have HIPAA hosting needs.
If you need web hosting that is certified HIPAA compliant, you can go with one of the HIPAA hosting offerings from LiquidWeb.