Linear has earned a strong reputation among software engineering teams. It is fast, opinionated, and well-designed for development cycle tracking. That reputation has spread, and some clinics — particularly those with technology staff or hybrid tech-clinical teams — have adopted Linear as their cross-functional task tracker. That is where the compliance problem starts.
The BAA Problem
Linear does not offer a HIPAA Business Associate Agreement. Its security page covers SOC 2 Type II certification and encryption in transit and at rest — standard SaaS controls — but there is no HIPAA compliance program and no BAA available to customers.
Under HIPAA, any vendor that creates, receives, maintains, or transmits PHI on behalf of a covered entity must sign a BAA before that work begins. This is not optional. Clinics that allow patient information — even a name alongside a billing question, an appointment reference in a task note, or a care coordination issue — to enter Linear have no contractual protection in place.
HHS is clear on this point: using a vendor that handles PHI without a signed BAA is a HIPAA violation. The risk is not theoretical. OCR has levied significant fines for exactly this failure mode.
Linear is designed for engineering sprints, backlogs, and issue cycles. It has no concept of PHI-safe fields, no audit trail that satisfies HIPAA requirements, and no compliance templates. Adopting it for clinic operations work is using the wrong tool and creating exposure.
What Changes With PHIGuard
PHIGuard is built from the ground up for covered entities. It does not bolt compliance onto a generic task tracker. Compliance is the product.
Every PHIGuard plan includes:
- A signed BAA before your team handles a single patient-adjacent task
- Immutable audit trail on every action — who did what, when, and to which record — to satisfy HIPAA audit control requirements
- PHI-safe fields that prevent patient identifiers from appearing in notification emails, log sinks, or third-party integrations
- Clinical role structures — roles like Compliance Officer, Practice Administrator, and Clinician — not generic “members” and “admins”
- Compliance templates for annual risk analysis, workforce training, incident response, and policy review cycles
- Incident management workflows with the escalation paths and documentation standards a covered entity needs
If your team uses Linear for engineering work, keep it. Move any task that touches patient operations, compliance programs, or PHI-adjacent workflows into PHIGuard.
Pricing Comparison
| Linear | PHIGuard | |
|---|---|---|
| BAA included | No | Yes, at every tier |
| Pricing model | Per member/month (from $8/member/month) | Per clinic/month |
| HIPAA audit trail | No | Yes, built-in |
| Clinical compliance templates | No | Yes |
| PHI-safe task fields | No | Yes |
| Designed for covered entities | No | Yes |
Linear’s per-member pricing starts at $8 per member per month on the Basic plan. For a 10-person clinic operations team that is $80/month with no HIPAA coverage. PHIGuard’s Essentials plan is $99/month per clinic for the entire team — with a BAA included.
Who Should Use PHIGuard Instead of Linear
Any clinic operations team that tracks patient-adjacent work needs a tool built for covered entities. That includes billing coordination, care gap follow-up, incident logging, policy management, vendor BAA tracking, and any task that could reference a patient in any field.
If your practice has software engineers using Linear for development cycles, that use case stays in Linear. Clinical and compliance work moves to PHIGuard. The tools serve different functions, and mixing them creates the exact compliance gap that OCR investigations target.
The question is not whether Linear is a good product. It is. The question is whether it is the right tool for a covered entity’s operational work. It is not, and no BAA exists to make it one.