Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

Is Trello HIPAA compliant?

I'm looking into starting a coaching business and I need a application like Trello for client management and accountability. But most important the software has to be HIPAA compliant.

2 answers

Hi Josh,

It doesn't look like Trello is currently HIPAA compliant, but it does adhere to the US-Swiss Safe Harbor Framework. You can read more about Trello's privacy policy and compliances here:

My concern is the liability issue, if personal information which is sensitive, is accessible to Trello administrators or hackers.

I definitely understand that - privacy is important! The privacy policy linked above is written in a non-legalise manner that I'm finding easy to understand. It's definitely not lawyer jargon. I'd suggest giving it a read to help address your particular concerns. The policy will do a more thorough job of explaining things than any of us on the Community site will be able to do.

Thanks Daniel...John

I know that TRELLO was not HIPAA compliant in 2017 as per the attached thread. Have matters changed since?

I am an advisor for healthcare facilities. The question here is not an uncommon one.

Trello (and also certain software like Trello) should be avoided, as it represents tremendous legal risk. I cannot underscore that enough.

This is due not only to the risk of user error. You could think of Trello as a data company similar to Facebook. It categorically conflicts with the guiding principles of healthcare organizations and health data. Your process for evaluating and selecting a project management software must be equally rigorous to your process of selecting an EHR system.

If you are a smaller healthcare org or simply too resource-constrained to spend time researching appropriate project/task management software, my suggestion would be to contact your EHR provider. While it's probably not their job to find project/task management software for you, they will probably be nice enough to provide you with suggestions or pointers. They are already intimately familiar with your data-privacy needs and computer systems. 

Hi Glen, thank you for your crystal clear warning.

I work for a healthcare that is smaller/resource-constrained, as you said. I was considering pitching Trello for our leadership team, and am trying to figure out a solution that is both HIPAA compliant and cost efficient (ideally free).

Here's my question: is it acceptable to use a non-compliant solution like Trello, if we strictly refrain from using patient identifying information? For the most part, I don't anticipate needing to refer to patients in Trello. Would it be acceptable to use a patient's Medical Records Number, if it is assigned and used only internally within our organization?

Thank you for your help.

Like Heather Shannon likes this

Curious if this was ever answered as I have the same question.

Like Dele Olaleye likes this

Yeah, has things changed?

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted in Trello

Taco Tuesday: New years' resolutions with Trello

Congratulations to @Laura Holton , our latest winner of Taco Tuesday! And thanks to @Kristján Geir Mathiesen for sharing the picture of Taco having fun with his new friend  B...

2,387 views 28 41
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you