It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Is Trello HIPAA compliant?

I'm looking into starting a coaching business and I need a application like Trello for client management and accountability. But most important the software has to be HIPAA compliant.

2 answers

Hi Josh,

It doesn't look like Trello is currently HIPAA compliant, but it does adhere to the US-Swiss Safe Harbor Framework. You can read more about Trello's privacy policy and compliances here: https://trello.com/privacy

My concern is the liability issue, if personal information which is sensitive, is accessible to Trello administrators or hackers.

I definitely understand that - privacy is important! The privacy policy linked above is written in a non-legalise manner that I'm finding easy to understand. It's definitely not lawyer jargon. I'd suggest giving it a read to help address your particular concerns. The policy will do a more thorough job of explaining things than any of us on the Community site will be able to do.

Thanks Daniel...John

I know that TRELLO was not HIPAA compliant in 2017 as per the attached thread. Have matters changed since?

I am an advisor for healthcare facilities. The question here is not an uncommon one.

Trello (and also certain software like Trello) should be avoided, as it represents tremendous legal risk. I cannot underscore that enough.

This is due not only to the risk of user error. You could think of Trello as a data company similar to Facebook. It categorically conflicts with the guiding principles of healthcare organizations and health data. Your process for evaluating and selecting a project management software must be equally rigorous to your process of selecting an EHR system.

If you are a smaller healthcare org or simply too resource-constrained to spend time researching appropriate project/task management software, my suggestion would be to contact your EHR provider. While it's probably not their job to find project/task management software for you, they will probably be nice enough to provide you with suggestions or pointers. They are already intimately familiar with your data-privacy needs and computer systems. 

Hi Glen, thank you for your crystal clear warning.

I work for a healthcare that is smaller/resource-constrained, as you said. I was considering pitching Trello for our leadership team, and am trying to figure out a solution that is both HIPAA compliant and cost efficient (ideally free).

Here's my question: is it acceptable to use a non-compliant solution like Trello, if we strictly refrain from using patient identifying information? For the most part, I don't anticipate needing to refer to patients in Trello. Would it be acceptable to use a patient's Medical Records Number, if it is assigned and used only internally within our organization?

Thank you for your help.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Trello

NEW: Trello Board & Card Templates, Plus Community-Inspired Template Gallery

Hi there, Community! Jessica here from Trello Product Marketing. As we celebrate 50 million registered users, we're super excited to share several new features available in Trello now that will hel...

273 views 1 6
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you