HIPAA & BAA ยท Cloud storage
Is Tresorit HIPAA compliant?
Yes. Tresorit signs a BAA for customers on paid Professional, Business, and Enterprise plans seeking HIPAA compliance.
Key facts
- BAA available: Yes โ with a signed BAA
- What it takes: Professional, Business, or Enterprise subscription
- Official source: Tresorit Knowledge Base: Business Associate Agreement (BAA) โ https://support.tresorit.com/hc/en-us/articles/360011296254-Business-Associate-Agreement-BAA (verified 2026-06)
How to use Tresorit in a HIPAA-compliant way
- Subscribe to a Professional, Business, or Enterprise plan (Personal/Basic are not eligible).
- Request the BAA via Tresorit support / your account contact.
- Review and execute the BAA defining ePHI handling responsibilities.
- Enable zero-knowledge encryption and permission-based access for PHI tresors.
- Restrict and audit sharing before storing PHI.
Important caveats
- Free Basic and Personal plans cannot get a BAA.
- Customers remain responsible for how PHI is used, shared, and managed.
- Encryption is built in, but configuration and access governance are your responsibility.
The bottom line
No software is "HIPAA compliant" on its own. HIPAA compliance is a property of your organization, not a tool. Even with a signed BAA, you remain responsible for configuring Tresorit correctly, limiting access to PHI, training staff, and maintaining your own safeguards. This page is general information, not legal advice; confirm current terms with Tresorit.
Frequently asked questions
Does Tresorit sign a BAA?
Yes. Professional, Business, or Enterprise subscription A signed BAA is required before any PHI is involved.
Is Tresorit HIPAA compliant out of the box?
No software is "HIPAA compliant" by itself. Even when Tresorit offers a BAA, you are responsible for signing it, configuring the product correctly, restricting access, and maintaining your own administrative, physical, and technical safeguards.
What should I check before using Tresorit with PHI?
Free Basic and Personal plans cannot get a BAA.
