HIPAA & BAA · Video
Is Loom HIPAA compliant?
No. Loom states it is not able to sign a BAA and you should not send PHI to Loom, even though parent company Atlassian signs BAAs for Jira and Confluence.
Key facts
- BAA available: No — vendor will not sign a BAA
- Official source: Atlassian Support — Is Loom HIPAA Compliant? — https://support.atlassian.com/loom/docs/is-loom-hipaa-compliant/ (verified 2026-06)
What to do instead of Loom
- Do not upload or record PHI in Loom on any plan.
- For HIPAA-covered video/screen recording, use a vendor that signs a BAA (e.g., a HIPAA-eligible solution from Zoom, Microsoft Teams/Stream under M365 BAA, or another BAA-backed tool).
- For Atlassian-ecosystem PHI needs, use Jira or Confluence under Atlassian's BAA instead of Loom.
- Re-check Loom's HIPAA support page periodically, as the policy could change.
Important caveats
- Loom's BAA unavailability is explicit and applies to all plans.
- Atlassian's BAA for Jira/Confluence does NOT extend to Loom.
- Any PHI sent to Loom would be outside any business-associate protection.
The bottom line
No software is "HIPAA compliant" on its own. HIPAA compliance is a property of your organization, not a tool. Even with a signed BAA, you remain responsible for configuring Loom correctly, limiting access to PHI, training staff, and maintaining your own safeguards. This page is general information, not legal advice; confirm current terms with Loom.
Frequently asked questions
Does Loom sign a BAA?
No. Loom does not sign a Business Associate Agreement, so it should not be used to create, receive, store, or transmit protected health information (PHI).
Is Loom HIPAA compliant out of the box?
No software is "HIPAA compliant" by itself. Even when Loom offers a BAA, you are responsible for signing it, configuring the product correctly, restricting access, and maintaining your own administrative, physical, and technical safeguards.
What should I check before using Loom with PHI?
Loom's BAA unavailability is explicit and applies to all plans.
