Is Trello HIPAA Compliant? No — Atlassian Does Not Offer a BAA for Trello
TLDR
Trello is not HIPAA compliant. Atlassian — Trello's parent company — does not offer a BAA for Trello on any plan. Using Trello to manage tasks that contain protected health information is a HIPAA violation regardless of which plan you're on. If your practice needs a task management tool that works with PHI, Trello is not an option.
The Short Answer
Trello is not HIPAA compliant. Atlassian does not offer a Business Associate Agreement for Trello on any plan. Private board settings, access controls, and security configurations do not change that. Using Trello for tasks that involve protected health information is a HIPAA violation regardless of how you have configured it.
Why Trello Can’t Be Used with PHI
HIPAA requires any vendor handling protected health information on your behalf to sign a Business Associate Agreement. That contract makes the vendor legally accountable for how they handle PHI and what steps they take if there is a breach.
Atlassian has not made Trello available under a BAA. You can set your boards to private, restrict access to staff only, and avoid storing document attachments. The moment a task contains a patient name, a diagnosis, or any other protected health information, your practice is out of compliance. No security setting substitutes for a signed BAA.
Atlassian does offer BAAs for some of its products — Jira Software and Confluence in certain enterprise agreements. Trello is not on that list. If you need a kanban board with HIPAA compliance, you need to look at other tools.
What This Means for Small Practices
Many small practices use Trello because it is free, familiar, and fast to set up. For non-clinical administrative tasks — supply orders, equipment maintenance, marketing — it works fine.
PHI tends to creep in. A front desk staffer adds a patient name to a card to track paperwork. A provider attaches a referral note to a board. Someone titles a card with an appointment reason. None of these feel like a compliance incident in the moment. They are just the ordinary way people use task boards. In Trello, each one creates a HIPAA problem because there is no BAA covering the data.
The Compliance Gap
Trello has no HIPAA mode because Atlassian never offered a BAA for it. There is nothing to configure.
Some practices try to manage this with internal policies: no patient names on cards, initials only, keep PHI in the EHR. These policies are hard to enforce and do not close the legal gap. Atlassian has made no contractual commitment to protect PHI that ends up in Trello. If a staffer breaks the rule, your practice holds the liability alone.
Who Should Use Trello
Trello works well for non-clinical tasks that stay clear of patient data. A practice can use it for supply tracking, facilities work, and internal projects — as long as clinical task management lives in a separate, HIPAA-compliant tool.
Who Should Look Elsewhere
If PHI-related task management is the goal, Trello is the wrong tool. ClickUp Business Plus at $19/user/month includes a BAA and supports a self-serve upgrade. PHIGuard starts at $20/month flat for up to 10 staff with a BAA at every tier and compliance program features built in. Dock Health at $15/user/month was built for healthcare teams. All three will sign a BAA. Trello will not, and that is the only thing that matters for HIPAA.
Like what you're reading?
Try PHIGuard free — no credit card required.
- Business Associate Agreement (BAA)
- A contract required by HIPAA between your practice and any vendor handling protected health information. Without one, using a tool with PHI is a HIPAA violation.
DEFINITION
- Covered Entity
- Under HIPAA, a covered entity is a healthcare provider, health plan, or healthcare clearinghouse that transmits health information electronically. If you run a medical practice, you are a covered entity and must comply with HIPAA.
DEFINITION
Q&A
Is Trello HIPAA compliant?
No. Atlassian does not offer a BAA for Trello on any plan. Trello cannot be used with protected health information under any configuration.
Q&A
Can a small medical practice use Trello without paying enterprise prices?
Price is not the issue with Trello. There is no price at which Trello becomes HIPAA compliant, because Atlassian does not offer a BAA for Trello at any tier.
Q&A
What features does Trello restrict for HIPAA?
This question doesn't apply. Trello offers no HIPAA mode or HIPAA-specific configuration because no BAA is available. HIPAA compliance requires a BAA first — without one, feature configuration is irrelevant.
Want to learn more?
Is Trello HIPAA compliant?
What plan do I need for HIPAA on Trello?
What is a BAA?
Does Atlassian offer BAAs for any products?
What's the cheapest HIPAA-compliant alternative?
Keep reading
Best HIPAA-Compliant Alternative to Trello for Medical Practices
Trello offers no BAA at any tier — it cannot be used with PHI. PHIGuard starts at $20/mo flat with a BAA included and a built-in compliance dashboard.
What Is a Business Associate Agreement (BAA)? HIPAA Explained
A Business Associate Agreement (BAA) is a HIPAA-required contract between your medical practice and any vendor handling patient data. Without one, you're exposed.
Best HIPAA Compliance Software for Small Medical Practices (2026)
We compared the top HIPAA compliance tools for small practices. These are the ones that deliver real value — and the ones that are overpriced for what small clinics actually need.
Is ClickUp HIPAA Compliant? Yes, But Not on Every Plan
ClickUp is HIPAA compliant on Business Plus and Enterprise tiers — lower plans (Free, Unlimited, Business) offer no BAA and cannot be used with PHI.