Community
Products
Trello
Questions
Is Trello HIPAA compliant?

Is Trello HIPAA compliant?

I'm looking into starting a coaching business and I need a application like Trello for client management and accountability. But most important the software has to be HIPAA compliant.

2 answers

2 votes

Hi Josh,

It doesn't look like Trello is currently HIPAA compliant, but it does adhere to the US-Swiss Safe Harbor Framework. You can read more about Trello's privacy policy and compliances here: https://trello.com/privacy

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

My concern is the liability issue, if personal information which is sensitive, is accessible to Trello administrators or hackers.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

I definitely understand that - privacy is important! The privacy policy linked above is written in a non-legalise manner that I'm finding easy to understand. It's definitely not lawyer jargon. I'd suggest giving it a read to help address your particular concerns. The policy will do a more thorough job of explaining things than any of us on the Community site will be able to do.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Thanks Daniel...John

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

I know that TRELLO was not HIPAA compliant in 2017 as per the attached thread. Have matters changed since?

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

1 vote

I am an advisor for healthcare facilities. The question here is not an uncommon one.

Trello (and also certain software like Trello) should be avoided, as it represents tremendous legal risk. I cannot underscore that enough.

This is due not only to the risk of user error. You could think of Trello as a data company similar to Facebook. It categorically conflicts with the guiding principles of healthcare organizations and health data. Your process for evaluating and selecting a project management software must be equally rigorous to your process of selecting an EHR system.

If you are a smaller healthcare org or simply too resource-constrained to spend time researching appropriate project/task management software, my suggestion would be to contact your EHR provider. While it's probably not their job to find project/task management software for you, they will probably be nice enough to provide you with suggestions or pointers. They are already intimately familiar with your data-privacy needs and computer systems.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Hi Glen, thank you for your crystal clear warning.

I work for a healthcare that is smaller/resource-constrained, as you said. I was considering pitching Trello for our leadership team, and am trying to figure out a solution that is both HIPAA compliant and cost efficient (ideally free).

Here's my question: is it acceptable to use a non-compliant solution like Trello, if we strictly refrain from using patient identifying information? For the most part, I don't anticipate needing to refer to patients in Trello. Would it be acceptable to use a patient's Medical Records Number, if it is assigned and used only internally within our organization?

Thank you for your help.