Is Zapier HIPAA Compliant?

Zapier is an automation tool that enables software applications to be integrated, allowing products that don’t normally communicate with each other to do so. Being able to integrate, say your CRM with your email service provider, allows you to work more efficiently. However, as an organization working in the healthcare field, you have to be careful when choosing which software to use, and how your organization uses the software. When a software application has the potential to access protected health information, it must be HIPAA compliant. So, is Zapier HIPAA compliant? Find out below.

Zapier Security Features

Looking at a software application’s data security measures is an important part of determining whether or not it is HIPAA compliant. To be HIPAA compliant, these security measures must ensure the confidentiality, integrity, and availability of protected health information (PHI).

According to Zapier’s security page their data safeguards are as follows:

Account and access controls
Two factor authentication
256-bit AES encryption
Audit controls and logs

Rated #1 on G2

“Compliancy Group makes a highly complex process easy to understand.”

Learn More

All of the above mentioned security controls are sufficient to ensure that PHI is secure, however, just because a platform is secure, doesn’t make it HIPAA compliant.

Zapier Business Associate Agreements

When using Zapier with your software applications that have the potential to access PHI, Zapier is considered a business associate. HIPAA requires healthcare organizations to have signed business associate agreements (BAAs) with all of their business associates before using their services.

Will Zapier sign a business associate agreement? No, Zapier does not sign BAAs with their healthcare clients. They state on their site, “Zapier does not claim HIPAA compliance, and cannot advise on how Zapier usage may or may not comply with your unique requirements.”