Monday.com

Is monday.com HIPAA compliant?

Yes, monday.com complies with the Health Insurance Portability and Accountability Act (HIPAA).

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law (USA) that sets standards for protecting sensitive patient health information.

It requires organizations to protect the privacy and security of protected health information (PHI).

PHI includes any information related to a person's physical or mental health, medical history, or payment for health care services.

Monday.com and HIPAA Compliance

Monday.com free and basic plans are not HIPAA compliant.

However, if you choose Monday.com as an Enterprise plan, with 25 or more users, then you can be granted the HIPAA features.

Note: On all HIPAA-compliant Enterprise plans, the broadcast feature and the ability to preview files are disabled to prevent accidental disclosure of Protected Health Information (PHI).

Things to Consider to Protect Customers and Their Personal Health Information

When handling PHI, organizations should consider the following:

Ensure that all employees are trained on HIPAA regulations and understand their responsibilities.
Implement technical safeguards such as encryption, access control, and audit trails.
Implement physical safeguards such as locked cabinets and restricted access to physical locations.
Implement administrative safeguards such as policies and procedures for handling PHI.
Ensure that all vendors and business associates are HIPAA compliant and have a BAA in place.

How to activate/deactivate HIPAA with monday.com

In order for your account to be HIPAA compliant, you must first accept the conditions for the Business Associate Agreement (BAA) and configure your account as HIPAA. You can sign a BAA electronically in just a few steps:

Click on your avatar at the bottom left of your screen
Select Admin
Click on Security and then choose Compliance
Click on the BAA link and then review and accept the BAA
Click "Activate HIPAA Compliance"