Airtable is a cloud-based productivity tool that directly competes with Microsoft Excel and Google Sheets. As a spreadsheet-database hybrid, it has the features of a relational database with the look and feel of a traditional spreadsheet.
With Airtable, users can create and share information within these documents, and staff members can use resources updated in real-time. I
Is Airtable HIPAA compliant? Yes, based on our research, Aitable can be HIPAA compliant.
Will Airtable sign a business associate agreement (BAA)?
Yes, Airtable will sign a business associate agreement, which can be reviewed here.
What does the Airtable BAA cover?
The Airtable BAA is part of the Health Information Exhibit, which supports HIPAA compliance for Enterprise Scale customers. It covers the use and disclosure of protected health information (PHI), stating, "Airtable enables our customers to utilize our solution in compliance with the Health Insurance Portability and Accountability Act (HIPAA)."
Their BAA covers:
- Protection of PHI
- Compliance with HIPAA Privacy, Security, and Breach Notification Rules
- Enterprise Key Management (EKM) for encryption
- Data Loss Prevention (DLP) integration
- Enterprise Single Sign-On (SSO)
- Enterprise Audit Logs
What does the Airtable BAA exclude?
Airtable's BAA is available only to Enterprise Scale customers. Customers not on this plan are not permitted to store ePHI or medical information in their Airtable environment. The terms state, "Customers are not permitted to store ePHI or medical information in their Airtable environment if they are not on the Enterprise Scale plan and have not executed a Health Information Exhibit."
Conclusion
Airtable signs a BAA and is, therefore, HIPAA compliant.
FAQS
What is a business associate agreement?
A business associate agreement (BAA) is a legally binding contract establishing a relationship between a covered entity under the Health Insurance Portability and Accountability Act (HIPAA) and its business associates. The purpose of this agreement is to ensure the proper protection of personal health information (PHI) as required by HIPAA regulations.
What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) sets national standards for protecting the privacy and security of certain health information, known as protected health information (PHI).
HIPAA is designed to protect the privacy and security of individuals’ health information and to ensure that healthcare providers and insurers can securely exchange electronic health information. Violations of HIPAA can result in significant fines and penalties for covered entities.
Who does HIPAA apply to?
HIPAA applies to covered entities, which include healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates of these covered entities. These are entities that perform certain functions or activities on behalf of the covered entity.
