Vendor compliance profile

Is Help Scout HIPAA compliant?

Help Scout may support HIPAA-regulated support workflows for eligible Pro accounts after the appropriate BAA is signed and HIPAA support is enabled. AI features require the additional healthcare terms described by Help Scout, while notifications, integrations, attachments, exports, user access, and downstream vendors still require configuration and review.

Visit vendor site

Direct compliance answer

Help Scout HIPAA, BAA, PHI, and SOC 2 snapshot

Last checked: 2026-07-16 | Confidence: High

Direct answerHelp Scout may support HIPAA-regulated support workflows for eligible Pro accounts after the appropriate BAA is signed and HIPAA support is enabled. AI features require the additional healthcare terms described by Help Scout, while notifications, integrations, attachments, exports, user access, and downstream vendors still require configuration and review.
BAA availabilityHelp Scout publishes BAA forms for covered entities and subcontractors. Buyers should confirm the executed agreement, Pro account eligibility, activation, AI addendum where applicable, and exact service scope.
Can it handle PHI?Conversation subjects, email bodies, attachments, customer profiles, notifications, exports, APIs, AI features, CRM syncs, unofficial integrations, and support access can expose PHI outside the intended Help Scout inbox.
SOC 2 caveatHelp Scout says buyers can request its SOC 2 report. Review the current report period, system scope, exceptions, hosting, support access, AI functionality, and integrations used by the workflow.
What to verifyPro plan eligibility, executed BAA, HIPAA activation, covered inboxes and features, and the AI Feature Healthcare Addendum where applicable. User roles, support access, notifications, attachments, customer profiles, retention, deletion, exports, APIs, auditability, and incident response.

HIPAA status signal

Conditional

BAA public signal

Pro plan BAA

SOC 2 evidence signal

Report on request

PHI warning: Conversation subjects, email bodies, attachments, customer profiles, notifications, exports, APIs, AI features, CRM syncs, unofficial integrations, and support access can expose PHI outside the intended Help Scout inbox.

Search query answers

Is Help Scout HIPAA compliant?

Help Scout publishes HIPAA support for eligible Pro accounts after an appropriate BAA is signed and the account is enabled. The organization must still review notifications, users, attachments, exports, integrations, support access, retention, and any AI feature healthcare addendum.

Does Help Scout offer a BAA?

Help Scout publishes BAA paths for covered entities and subcontractors. Confirm Pro plan eligibility, the executed agreement, HIPAA activation, AI feature terms, account configuration, and each integration before introducing PHI.

Can Help Scout AI features process PHI?

Help Scout says customers seeking HIPAA support for its AI features should also sign the AI Feature Healthcare Addendum. Verify the current AI feature scope, data sources, retention, human access, outputs, and downstream integrations before PHI use.

HIPAA, BAA, and SOC 2 summary

HIPAAHelp Scout states that eligible Pro customers can enable HIPAA support after signing the appropriate BAA, subject to account activation, configuration, integrations, and customer responsibilities.
BAAHelp Scout publishes BAA forms for covered entities and subcontractors. Buyers should confirm the executed agreement, Pro account eligibility, activation, AI addendum where applicable, and exact service scope.
SOC 2Help Scout says buyers can request its SOC 2 report. Review the current report period, system scope, exceptions, hosting, support access, AI functionality, and integrations used by the workflow.
PHI riskConversation subjects, email bodies, attachments, customer profiles, notifications, exports, APIs, AI features, CRM syncs, unofficial integrations, and support access can expose PHI outside the intended Help Scout inbox.
CategoryHIPAA-Compliant Help Desk and Ticketing Systems
Last checked2026-07-16
ConfidenceHigh

Public evidence and open questions

What public sources say

  • Help Scout publishes HIPAA support for eligible Pro accounts and public BAA paths.
  • Help Scout identifies a separate AI Feature Healthcare Addendum for customers using AI features with HIPAA support.
  • Help Scout documents notification changes, integration responsibilities, account access, and SOC 2 report availability.

What remains unconfirmed

  • Whether the buyer's exact Help Scout Pro account, BAA, HIPAA activation, AI addendum, inboxes, users, and features are covered.
  • Whether notifications, attachments, APIs, exports, CRM integrations, unofficial apps, support access, and downstream systems fit the intended PHI workflow.

What it may be used for

  • HIPAA-regulated support inboxes after Pro eligibility, BAA execution, HIPAA activation, account configuration, and integration review.
  • Healthcare customer service with governed notifications, users, attachments, retention, and downstream systems.
  • Non-PHI support conversations where sensitive health context is intentionally excluded.

What not to use it for

  • Introducing PHI before the BAA is signed and HIPAA support is enabled for the eligible account.
  • Using AI features with PHI before the additional healthcare terms and exact feature scope are verified.
  • Sending PHI into unofficial integrations, uncovered CRM systems, notifications, exports, or support channels without separate review.

What to verify with the vendor

  • Pro plan eligibility, executed BAA, HIPAA activation, covered inboxes and features, and the AI Feature Healthcare Addendum where applicable.
  • User roles, support access, notifications, attachments, customer profiles, retention, deletion, exports, APIs, auditability, and incident response.
  • Whether official and unofficial integrations, CRM syncs, Slack, mobile notifications, AI features, and downstream vendors have appropriate coverage.
  • Whether PHI can appear in subjects, previews, forwarded messages, quoted text, screenshots, exports, or external support cases.

Safer alternatives and related profiles

Safer alternatives to consider

  • Zendesk only after Advanced Compliance, Healthcare Agreement, covered services, and security configuration are verified.
  • Freshdesk only after Freshworks confirms BAA scope and required account configuration for the exact suite products.
  • A healthcare-specific patient messaging or support tool when AI, attachments, or integrations cannot be kept within covered scope.

FAQ

Is Help Scout HIPAA compliant?

Help Scout publishes HIPAA support for eligible Pro accounts after an appropriate BAA is signed and the account is enabled. The organization must still review notifications, users, attachments, exports, integrations, support access, retention, and any AI feature healthcare addendum.

Does Help Scout offer a BAA?

Help Scout publishes BAA paths for covered entities and subcontractors. Confirm Pro plan eligibility, the executed agreement, HIPAA activation, AI feature terms, account configuration, and each integration before introducing PHI.

Can Help Scout AI features process PHI?

Help Scout says customers seeking HIPAA support for its AI features should also sign the AI Feature Healthcare Addendum. Verify the current AI feature scope, data sources, retention, human access, outputs, and downstream integrations before PHI use.

Will Help Scout sign a BAA?

Help Scout publishes BAA forms for covered entities and subcontractors. Buyers should confirm the executed agreement, Pro account eligibility, activation, AI addendum where applicable, and exact service scope.

Can Help Scout be used with PHI?

Do not use this vendor with PHI until your organization verifies BAA scope, covered services, configuration, access controls, data retention, and connected integrations.

Does SOC 2 mean Help Scout is HIPAA compliant?

No. SOC 2 evidence can support security diligence, but it does not prove HIPAA compliance, confirm BAA coverage, or approve PHI use. Review HIPAA terms, BAA scope, covered services, configuration, and intended workflow separately.

What should buyers verify before using Help Scout with PHI?

Pro plan eligibility, executed BAA, HIPAA activation, covered inboxes and features, and the AI Feature Healthcare Addendum where applicable. User roles, support access, notifications, attachments, customer profiles, retention, deletion, exports, APIs, auditability, and incident response. Whether official and unofficial integrations, CRM syncs, Slack, mobile notifications, AI features, and downstream vendors have appropriate coverage. Whether PHI can appear in subjects, previews, forwarded messages, quoted text, screenshots, exports, or external support cases.

Last checked and source notes

Last checked
2026-07-16
Confidence
High
Dataset rows
271 vendors
  • Reviewed Help Scout's HIPAA support, notification, integration, and security materials on 2026-07-16.
  • Help Scout's HIPAA article was updated February 12, 2026 when reviewed.
  • ComplySaaS did not verify a private Help Scout account, signed BAA, AI addendum, activation, or customer-specific workflow.
  • Help Scout and HIPAA
  • Help Scout HIPAA notification controls