HIPAA & BAA ยท Project management
Is Trello HIPAA compliant?
No. Atlassian does not offer a BAA for Trello on any plan; Trello is excluded from Atlassian's HIPAA-qualified products and PHI is prohibited on the platform.
Key facts
- BAA available: No โ vendor will not sign a BAA
- Official source: Atlassian HIPAA compliance (Trello not listed) โ https://www.atlassian.com/trust/compliance/resources/hipaa (verified 2026-06)
What to do instead of Trello
- Do not store or transmit PHI in Trello on any plan (Free, Standard, Premium, or Enterprise).
- For Atlassian-based HIPAA work, use a HIPAA-qualified product instead: Jira, Jira Service Management, or Confluence Cloud (Standard/Premium/Enterprise with a BAA).
- If you need Trello-style boards for PHI, choose a project tool that signs a BAA (e.g., Asana Enterprise or monday.com Enterprise).
- Review Atlassian's BAA scope to confirm which products your contract actually covers.
Important caveats
- Uploading PHI to Trello violates both HIPAA (no BAA) and Atlassian's Terms of Service and can lead to suspension.
- Atlassian signs BAAs for Jira/JSM/Confluence Cloud but explicitly not for Trello.
- Atlassian states HIPAA support for Trello is not on its roadmap.
The bottom line
No software is "HIPAA compliant" on its own. HIPAA compliance is a property of your organization, not a tool. Even with a signed BAA, you remain responsible for configuring Trello correctly, limiting access to PHI, training staff, and maintaining your own safeguards. This page is general information, not legal advice; confirm current terms with Trello.
Frequently asked questions
Does Trello sign a BAA?
No. Trello does not sign a Business Associate Agreement, so it should not be used to create, receive, store, or transmit protected health information (PHI).
Is Trello HIPAA compliant out of the box?
No software is "HIPAA compliant" by itself. Even when Trello offers a BAA, you are responsible for signing it, configuring the product correctly, restricting access, and maintaining your own administrative, physical, and technical safeguards.
What should I check before using Trello with PHI?
Uploading PHI to Trello violates both HIPAA (no BAA) and Atlassian's Terms of Service and can lead to suspension.
