HIPAA & BAA ยท Help desk / shared inbox
Is Help Scout HIPAA compliant?
Yes. Help Scout will sign a standard BAA; you self-serve by signing the appropriate version (covered entity or subcontractor) to enable HIPAA support on your account.
Key facts
- BAA available: Yes โ with a signed BAA
- What it takes: Sign Help Scout's standard BAA (covered-entity or subcontractor)
- Official source: Help Scout and HIPAA (Support) โ https://docs.helpscout.com/article/330-hipaa (verified 2026-06)
How to use Help Scout in a HIPAA-compliant way
- Determine whether you are a covered entity or a subcontractor.
- Sign the matching Help Scout BAA (covered-entity or subcontractor link).
- If using AI features, also sign the AI Feature Healthcare Addendum.
- Enable HIPAA support on your account once the BAA is signed.
- Retain the executed BAA for your compliance records.
Important caveats
- Help Scout uses its standard BAAs and cannot make custom or modified agreements.
- AI features require the separate AI Feature Healthcare Addendum to remain in scope.
- A BAA is one part of compliance; you remain responsible for proper configuration and use.
The bottom line
No software is "HIPAA compliant" on its own. HIPAA compliance is a property of your organization, not a tool. Even with a signed BAA, you remain responsible for configuring Help Scout correctly, limiting access to PHI, training staff, and maintaining your own safeguards. This page is general information, not legal advice; confirm current terms with Help Scout.
Frequently asked questions
Does Help Scout sign a BAA?
Yes. Sign Help Scout's standard BAA (covered-entity or subcontractor) A signed BAA is required before any PHI is involved.
Is Help Scout HIPAA compliant out of the box?
No software is "HIPAA compliant" by itself. Even when Help Scout offers a BAA, you are responsible for signing it, configuring the product correctly, restricting access, and maintaining your own administrative, physical, and technical safeguards.
What should I check before using Help Scout with PHI?
Help Scout uses its standard BAAs and cannot make custom or modified agreements.
