Vendor compliance profile
Is QuickBooks HIPAA compliant?
QuickBooks Online should not be used to store individually identifiable health information. Intuit's public QuickBooks guidance says QuickBooks Online is not compliant with HIPAA privacy standards, so healthcare teams should keep PHI out of invoices, memos, attachments, and customer records.
HIPAA status signal
Not HIPAA compliant
BAA public signal
Unable to confirm
SOC 2 evidence signal
Verify with vendor
PHI warning: Billing descriptions, invoice notes, attachments, and customer records may reveal health information.
HIPAA, BAA, and SOC 2 summary
| HIPAA | Intuit's QuickBooks Online support guidance states that QuickBooks Online meets online security standards but is not compliant with HIPAA privacy standards. |
|---|---|
| BAA | Unable to confirm public BAA availability for QuickBooks Online PHI workflows from Intuit's public guidance. Verify directly with Intuit before regulated use. |
| SOC 2 | Security or SOC evidence should be requested through Intuit's current trust, legal, or procurement process; it does not override Intuit's HIPAA privacy guidance. |
| Category | HIPAA-Compliant Accounting and Payments Software |
What it may be used for
- General business workflows that do not include PHI.
- Healthcare-adjacent operations after BAA scope and configuration have been verified.
- Vendor risk review, procurement research, and compliance planning.
What not to use it for
- Entering individually identifiable health information into QuickBooks Online.
- Adding diagnosis, treatment, patient status, visit details, or medical notes to invoices, customer records, memos, receipts, or attachments.
- Treating payment or accounting security controls as HIPAA workflow approval.
What to verify with the vendor
- Whether the vendor will sign a BAA for your exact product, plan, and use case.
- Which services, add-ons, regions, and support channels are covered by the agreement.
- Whether your intended workflow stores, transmits, or processes PHI.
- Which admin, access control, retention, audit log, and encryption settings must be enabled.
Safer alternatives and related profiles
QuickBooks Desktop
HIPAA: Unable to confirm | SOC 2: Verify with vendor
Zelle
HIPAA: Unable to confirm | SOC 2: Verify with participating bank
Chime
HIPAA: Unable to confirm | SOC 2: Verify with vendor
Stripe
HIPAA: Unable to confirm | SOC 2: Public evidence
Square
HIPAA: Conditional | SOC 2: Verify with vendor
FAQ
Is QuickBooks HIPAA compliant?
QuickBooks Online should not be used to store individually identifiable health information. Intuit's public QuickBooks guidance says QuickBooks Online is not compliant with HIPAA privacy standards, so healthcare teams should keep PHI out of invoices, memos, attachments, and customer records.
Will QuickBooks sign a BAA?
Unable to confirm public BAA availability for QuickBooks Online PHI workflows from Intuit's public guidance. Verify directly with Intuit before regulated use.
Can QuickBooks be used with PHI?
Do not use this vendor with PHI until your organization verifies BAA scope, covered services, configuration, access controls, data retention, and connected integrations.
Last checked and source notes
- Last checked
- 2026-04-30
- Confidence
- High
- Dataset rows
- 267 vendors
- ComplySaaS public vendor dataset entry.
- Vendor trust center, legal terms, BAA documentation, and covered services should be re-checked before use.
- Intuit: Is QuickBooks Online HIPAA compliant?