Vendor compliance profile
Is Airtable HIPAA compliant?
Airtable may support some HIPAA-regulated workflows only for Enterprise Scale customers that execute Airtable's Health Information Exhibit or applicable BAA terms. Do not store ePHI in Airtable unless plan eligibility, covered features, integrations, automations, and support boundaries are verified.
HIPAA status signal
Conditional
BAA public signal
Enterprise Scale only
SOC 2 evidence signal
Public evidence
PHI warning: Bases, record fields, attachments, interfaces, automations, emails, support tickets, AI features, and integrations can expose ePHI if they are not inside the covered configuration.
HIPAA, BAA, and SOC 2 summary
| HIPAA | Airtable states that HIPAA support is available on Enterprise Scale and that customers intending to store ePHI must execute the Health Information Exhibit, which includes the Business Associate Addendum for HIPAA customers. |
|---|---|
| BAA | Airtable's current health information documentation says the Health Information Exhibit execution process is available only to Enterprise Scale customers; customers without it are not permitted to store ePHI or medical information in Airtable. |
| SOC 2 | Airtable publicly references security and compliance controls, including SOC 2 materials. Request the current report and confirm whether the relevant Airtable services are in scope. |
| Category | HIPAA-Compliant Forms and Intake Software |
What it may be used for
- General business workflows that do not include PHI.
- Healthcare-adjacent operations after BAA scope and configuration have been verified.
- Vendor risk review, procurement research, and compliance planning.
What not to use it for
- Storing ePHI on non-Enterprise Scale plans or before the Health Information Exhibit is executed.
- Putting ePHI in base names, table names, interface names, support tickets, screenshots, outgoing emails, or unsupported automations.
- Sending PHI to third-party integrations without separate BAA and data-flow review.
What to verify with the vendor
- Whether the vendor will sign a BAA for your exact product, plan, and use case.
- Which services, add-ons, regions, and support channels are covered by the agreement.
- Whether your intended workflow stores, transmits, or processes PHI.
- Which admin, access control, retention, audit log, and encryption settings must be enabled.
Safer alternatives and related profiles
FAQ
Is Airtable HIPAA compliant?
Airtable may support some HIPAA-regulated workflows only for Enterprise Scale customers that execute Airtable's Health Information Exhibit or applicable BAA terms. Do not store ePHI in Airtable unless plan eligibility, covered features, integrations, automations, and support boundaries are verified.
Will Airtable sign a BAA?
Airtable's current health information documentation says the Health Information Exhibit execution process is available only to Enterprise Scale customers; customers without it are not permitted to store ePHI or medical information in Airtable.
Can Airtable be used with PHI?
Do not use this vendor with PHI until your organization verifies BAA scope, covered services, configuration, access controls, data retention, and connected integrations.
Last checked and source notes
- Last checked
- 2026-04-30
- Confidence
- High
- Dataset rows
- 267 vendors
- ComplySaaS public vendor dataset entry.
- Vendor trust center, legal terms, BAA documentation, and covered services should be re-checked before use.
- Airtable HIPAA overview
- Airtable Health Information Datasheet