HIPAA & BAA ยท Accounting
Is QuickBooks HIPAA compliant?
No. Intuit states QuickBooks Online is not HIPAA compliant and does not sign a Business Associate Agreement; you should not enter individually identifiable health information.
Key facts
- BAA available: No โ vendor will not sign a BAA
- Official source: Intuit: Is QuickBooks Online HIPAA compliant? โ https://quickbooks.intuit.com/learn-support/en-us/help-article/insurance-medical-benefits/quickbooks-online-hipaa-compliant/L9HSimAH5_US_en_US (verified 2026-06)
What to do instead of QuickBooks
- Do not enter PHI (individually identifiable health information) into QuickBooks Online, per Intuit's guidance.
- Keep QuickBooks limited to non-PHI financial/accounting data.
- For PHI-adjacent needs, use a HIPAA-focused medical billing/accounting tool that signs a BAA.
- If you must use QuickBooks Desktop with PHI, deploy it through a third-party HIPAA-compliant hosting provider that signs a BAA covering the hosting environment.
Important caveats
- Intuit will not enter into a BAA for QuickBooks Online products.
- Any 'HIPAA-compliant QuickBooks' offering comes from third-party hosting vendors, not Intuit itself.
- General security certifications do not equal HIPAA compliance or a BAA.
The bottom line
No software is "HIPAA compliant" on its own. HIPAA compliance is a property of your organization, not a tool. Even with a signed BAA, you remain responsible for configuring QuickBooks correctly, limiting access to PHI, training staff, and maintaining your own safeguards. This page is general information, not legal advice; confirm current terms with QuickBooks.
Frequently asked questions
Does QuickBooks sign a BAA?
No. QuickBooks does not sign a Business Associate Agreement, so it should not be used to create, receive, store, or transmit protected health information (PHI).
Is QuickBooks HIPAA compliant out of the box?
No software is "HIPAA compliant" by itself. Even when QuickBooks offers a BAA, you are responsible for signing it, configuring the product correctly, restricting access, and maintaining your own administrative, physical, and technical safeguards.
What should I check before using QuickBooks with PHI?
Intuit will not enter into a BAA for QuickBooks Online products.