Is Trello HIPAA compliant?

John O'Connor April 12, 2017

I'm looking into starting a coaching business and I need a application like Trello for client management and accountability. But most important the software has to be HIPAA compliant.

2 answers

2 votes
Daniel Eads _unmonitored account_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 12, 2017

Hi Josh,

It doesn't look like Trello is currently HIPAA compliant, but it does adhere to the US-Swiss Safe Harbor Framework. You can read more about Trello's privacy policy and compliances here: https://trello.com/privacy

John O'Connor April 12, 2017

My concern is the liability issue, if personal information which is sensitive, is accessible to Trello administrators or hackers.

Daniel Eads _unmonitored account_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 12, 2017

I definitely understand that - privacy is important! The privacy policy linked above is written in a non-legalise manner that I'm finding easy to understand. It's definitely not lawyer jargon. I'd suggest giving it a read to help address your particular concerns. The policy will do a more thorough job of explaining things than any of us on the Community site will be able to do.

John O'Connor April 12, 2017

Thanks Daniel...John

Kirti Moholkar April 22, 2019

I know that TRELLO was not HIPAA compliant in 2017 as per the attached thread. Have matters changed since?

1 vote
Glen Miller August 13, 2019

I am an advisor for healthcare facilities. The question here is not an uncommon one.

Trello (and also certain software like Trello) should be avoided, as it represents tremendous legal risk. I cannot underscore that enough.

This is due not only to the risk of user error. You could think of Trello as a data company similar to Facebook. It categorically conflicts with the guiding principles of healthcare organizations and health data. Your process for evaluating and selecting a project management software must be equally rigorous to your process of selecting an EHR system.

If you are a smaller healthcare org or simply too resource-constrained to spend time researching appropriate project/task management software, my suggestion would be to contact your EHR provider. While it's probably not their job to find project/task management software for you, they will probably be nice enough to provide you with suggestions or pointers. They are already intimately familiar with your data-privacy needs and computer systems. 

Ziv Kraus October 31, 2019

Hi Glen, thank you for your crystal clear warning.

I work for a healthcare that is smaller/resource-constrained, as you said. I was considering pitching Trello for our leadership team, and am trying to figure out a solution that is both HIPAA compliant and cost efficient (ideally free).

Here's my question: is it acceptable to use a non-compliant solution like Trello, if we strictly refrain from using patient identifying information? For the most part, I don't anticipate needing to refer to patients in Trello. Would it be acceptable to use a patient's Medical Records Number, if it is assigned and used only internally within our organization?

Thank you for your help.

Like Heather Shannon likes this
Heather Shannon May 17, 2021

Curious if this was ever answered as I have the same question.

Like Dele Olaleye likes this
Dele Olaleye July 19, 2021

Yeah, has things changed?

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events