Vendor compliance profile

Is Airtable HIPAA compliant?

Airtable may support some HIPAA-regulated workflows only for Enterprise Scale customers that execute Airtable's Health Information Exhibit or applicable BAA terms. Do not store ePHI in Airtable unless plan eligibility, covered features, integrations, automations, and support boundaries are verified.

Visit vendor site

HIPAA status signal

Conditional

BAA public signal

Enterprise Scale only

SOC 2 evidence signal

Public evidence

PHI warning: Bases, record fields, attachments, interfaces, automations, emails, support tickets, AI features, and integrations can expose ePHI if they are not inside the covered configuration.

Search query answers

Is Airtable HIPAA compliant in 2026?

Airtable may support some HIPAA-regulated workflows only for Enterprise Scale customers that execute Airtable's Health Information Exhibit or applicable BAA terms. It should not be treated as HIPAA-ready on lower plans or before covered features, integrations, automations, and support boundaries are verified.

Does Airtable offer a BAA for HIPAA?

Airtable's public health information documentation says the Health Information Exhibit includes Business Associate Addendum terms for HIPAA customers and is available through the Enterprise Scale process. Buyers should verify the current contract, covered services, and plan eligibility directly with Airtable.

Can Airtable store ePHI?

Airtable should store ePHI only after the customer verifies Enterprise Scale eligibility, executes the required health information terms, configures access controls, and confirms that bases, interfaces, attachments, automations, AI features, support, and integrations remain in covered scope.

What should buyers verify for Airtable HIPAA BAA official review?

Ask Airtable to confirm the executed Health Information Exhibit or BAA, covered products, excluded features, support access, AI use, retention, audit logs, attachments, exports, and each integration that may receive ePHI.

HIPAA, BAA, and SOC 2 summary

HIPAAAirtable states that HIPAA support is available on Enterprise Scale and that customers intending to store ePHI must execute the Health Information Exhibit, which includes the Business Associate Addendum for HIPAA customers.
BAAAirtable's current health information documentation says the Health Information Exhibit execution process is available only to Enterprise Scale customers; customers without it are not permitted to store ePHI or medical information in Airtable.
SOC 2Airtable publicly references security and compliance controls, including SOC 2 materials. Request the current report and confirm whether the relevant Airtable services are in scope.
PHI riskBases, record fields, attachments, interfaces, automations, emails, support tickets, AI features, and integrations can expose ePHI if they are not inside the covered configuration.
CategoryHIPAA-Compliant Forms and Intake Software
Last checked2026-06-01
ConfidenceHigh

Public evidence and open questions

What public sources say

  • Airtable states that HIPAA support is available on Enterprise Scale.
  • Airtable says customers intending to store ePHI must execute the Health Information Exhibit, which includes Business Associate Addendum terms for HIPAA customers.
  • Airtable publicly references security and compliance controls, including SOC 2 materials.

What remains unconfirmed

  • Whether the buyer's exact workspace, plan, bases, interfaces, automations, AI features, support path, and integrations are included in covered scope.
  • Whether attachments, exports, notifications, third-party syncs, and downstream tools each have appropriate BAA coverage and configuration.

What it may be used for

  • Structured operational tracking where ePHI is excluded from Airtable.
  • HIPAA-regulated workflows only after Enterprise Scale eligibility, Health Information Exhibit execution, covered-feature review, and configuration controls are verified.
  • Internal workflow databases where access controls, auditability, attachments, automations, and integrations are reviewed together.

What not to use it for

  • Storing ePHI on non-Enterprise Scale plans or before the Health Information Exhibit is executed.
  • Putting ePHI in base names, table names, interface names, support tickets, screenshots, outgoing emails, or unsupported automations.
  • Sending PHI to third-party integrations without separate BAA and data-flow review.

What to verify with the vendor

  • Whether Airtable has executed the Health Information Exhibit or applicable BAA terms for the exact customer account.
  • Whether the buyer's plan, workspace, bases, interfaces, attachments, automations, AI features, support access, exports, and audit logs are in covered scope.
  • Whether third-party integrations, sync destinations, email notifications, forms, and downstream tools have separate BAA coverage where needed.
  • Whether user permissions, sharing, retention, exports, backups, and incident response controls match the intended ePHI workflow.

Safer alternatives and related profiles

Safer alternatives to consider

  • A HIPAA-focused intake, case management, or patient operations platform with explicit BAA coverage for the exact workflow.
  • Airtable Enterprise Scale only after health information terms, feature scope, integrations, and configuration are verified.
  • A covered database or workflow tool where ePHI storage, attachments, audit logs, and downstream syncs are contractually in scope.

Jotform

HIPAA: Conditional | SOC 2: Public evidence

Wix

HIPAA: Conditional | SOC 2: Verify with vendor

Google Workspace

HIPAA: Conditional | SOC 2: Public evidence

Zapier

HIPAA: Not supported for PHI | SOC 2: Public evidence

HubSpot

HIPAA: Conditional | SOC 2: Public evidence

FAQ

Is Airtable HIPAA compliant in 2026?

Airtable may support some HIPAA-regulated workflows only for Enterprise Scale customers that execute Airtable's Health Information Exhibit or applicable BAA terms. It should not be treated as HIPAA-ready on lower plans or before covered features, integrations, automations, and support boundaries are verified.

Does Airtable offer a BAA for HIPAA?

Airtable's public health information documentation says the Health Information Exhibit includes Business Associate Addendum terms for HIPAA customers and is available through the Enterprise Scale process. Buyers should verify the current contract, covered services, and plan eligibility directly with Airtable.

Can Airtable store ePHI?

Airtable should store ePHI only after the customer verifies Enterprise Scale eligibility, executes the required health information terms, configures access controls, and confirms that bases, interfaces, attachments, automations, AI features, support, and integrations remain in covered scope.

What should buyers verify for Airtable HIPAA BAA official review?

Ask Airtable to confirm the executed Health Information Exhibit or BAA, covered products, excluded features, support access, AI use, retention, audit logs, attachments, exports, and each integration that may receive ePHI.

Is Airtable HIPAA compliant?

Airtable may support some HIPAA-regulated workflows only for Enterprise Scale customers that execute Airtable's Health Information Exhibit or applicable BAA terms. Do not store ePHI in Airtable unless plan eligibility, covered features, integrations, automations, and support boundaries are verified.

Will Airtable sign a BAA?

Airtable's current health information documentation says the Health Information Exhibit execution process is available only to Enterprise Scale customers; customers without it are not permitted to store ePHI or medical information in Airtable.

Can Airtable be used with PHI?

Do not use this vendor with PHI until your organization verifies BAA scope, covered services, configuration, access controls, data retention, and connected integrations.

Does SOC 2 mean Airtable is HIPAA compliant?

No. SOC 2 evidence can support security diligence, but it does not prove HIPAA compliance, confirm BAA coverage, or approve PHI use. Review HIPAA terms, BAA scope, covered services, configuration, and intended workflow separately.

What should buyers verify before using Airtable with PHI?

Whether Airtable has executed the Health Information Exhibit or applicable BAA terms for the exact customer account. Whether the buyer's plan, workspace, bases, interfaces, attachments, automations, AI features, support access, exports, and audit logs are in covered scope. Whether third-party integrations, sync destinations, email notifications, forms, and downstream tools have separate BAA coverage where needed. Whether user permissions, sharing, retention, exports, backups, and incident response controls match the intended ePHI workflow.

Last checked and source notes

Last checked
2026-06-01
Confidence
High
Dataset rows
268 vendors
  • Reviewed Airtable HIPAA and health information materials for Enterprise Scale, Health Information Exhibit, and BAA signals on 2026-06-01.
  • Airtable HIPAA suitability depends on plan, executed terms, covered features, account configuration, support boundaries, and integrations.
  • ComplySaaS did not verify a private Airtable contract or customer-specific BAA.
  • Airtable HIPAA overview
  • Airtable Health Information Datasheet