Todoist is a personal task manager that a lot of clinic administrators use as a private to-do list — and that, over time, becomes shared. Once a task has a patient name in it, the personal tool is a compliance problem. Todoist does not sign BAAs and was not designed for covered entities.
The BAA Problem
Doist, Todoist’s maker, does not sign Business Associate Agreements. There is no business tier that unlocks one. Any clinical detail inside Todoist is outside HIPAA coverage entirely.
What Changes With PHIGuard
PHIGuard is built for covered entities. Every tier — starting at $99/month per clinic — includes a signed BAA at signup. You also get:
- Immutable audit trail satisfying HIPAA §164.312(b)
- PHI-aware fields that keep patient data out of notifications and logs
- Compliance templates for annual training, risk analysis, incident response, and policy reviews
- Role-based access so the entire clinic team can coordinate under one subscription
Pricing Comparison
| Todoist | PHIGuard | |
|---|---|---|
| BAA available | No | Yes, every tier |
| Pricing model | Per user/month | Per clinic/month |
| HIPAA audit trail | No | Yes, built-in |
| Compliance templates | No | Yes |
| Starting price | $4/user/mo | $99/clinic/mo |
Who Should Use PHIGuard Instead of Todoist
Keep Todoist for personal, non-clinical reminders. Move any task that references a patient, appointment, or clinical event into PHIGuard — where the BAA, audit trail, and access controls already exist.