HIPAA & BAA · Productivity & docs
Is Notion HIPAA compliant?
Conditionally. Notion will sign a BAA, but only on its Enterprise plan, and certain features (Notion AI, Notion Calendar, beta services) remain excluded.
Key facts
- BAA available: Conditionally — on specific plans
- What it takes: Enterprise plan only; the BAA is reviewed and signed in Workspace Settings. Free, Plus, and Business plans are not eligible under any configuration.
- Official source: Notion Help Center — HIPAA configuration — https://www.notion.com/help/hipaa (verified 2026-06)
How to use Notion in a HIPAA-compliant way
- Subscribe to Notion Enterprise.
- Review and sign Notion's BAA from the Workspace Settings menu.
- Keep PHI within covered core functionality (pages, databases, wikis, file uploads).
- Do not use excluded features for PHI: Notion AI add-on, Notion Calendar, and any beta services.
- Apply access controls and minimum-necessary sharing within the workspace.
Important caveats
- No plan below Enterprise can sign a BAA or hold PHI.
- Notion AI, Notion Calendar, and beta features are outside the BAA and must not process PHI.
- The BAA covers the core service only; verify each feature's coverage before use.
The bottom line
No software is "HIPAA compliant" on its own. HIPAA compliance is a property of your organization, not a tool. Even with a signed BAA, you remain responsible for configuring Notion correctly, limiting access to PHI, training staff, and maintaining your own safeguards. This page is general information, not legal advice; confirm current terms with Notion.
Frequently asked questions
Does Notion sign a BAA?
On specific plans. Enterprise plan only; the BAA is reviewed and signed in Workspace Settings. Free, Plus, and Business plans are not eligible under any configuration. A signed BAA is required before any PHI is involved.
Is Notion HIPAA compliant out of the box?
No software is "HIPAA compliant" by itself. Even when Notion offers a BAA, you are responsible for signing it, configuring the product correctly, restricting access, and maintaining your own administrative, physical, and technical safeguards.
What should I check before using Notion with PHI?
No plan below Enterprise can sign a BAA or hold PHI.
