Does Salesforce enable HIPAA compliance?

Salesforce can enable HIPAA compliance, but you must talk to your account representative to sign a Business Associate Agreement (BAA). You can connect Salesforce to “Shield” premium services for additional monitoring, encryption, and auditing.

The Salesforce platform can be set up to meet HIPAA compliance standards through certain features that help keep protected health information (PHI) secure in the cloud. Salesforce includes administrative, physical, technical, organizational, and documentation safeguards to protect PHI.

Customers can use customer-controlled security features through Salesforce Covered Services. Additionally, Salesforce has security safeguards such as data encryption in transit, ongoing monitoring for security violations, and audit logging to identify changes in activity. Customer administrators can use configurable tools to define permission sets that govern the visibility of data, maintain strict password security, monitor field level history, set security rules to manage data access, define a company-wide sharing model and role hierarchy.

In addition to permission sets, customers can define user profiles to limit data record access to authorized employees.

It’s a good idea to use the premium set of Salesforce features known as “Salesforce Shield.” These features provide extra monitoring, encryption, and auditing. You might need to enable other features or additional services to ensure the protection of PHI when information is in transit.

If you’re planning to use Salesforce for patient information, reach out to your account representative for a signed Business Associate Agreement (BAA). The account representative can also advise you on specific features and settings for HIPAA compliance.

Product details

Company Logo


CRM Services

Product description

Salesforce is a cloud-based customer relationship management software service. Other enterprise applications include marketing automation, application development, and analytics.

This web page was updated on September 28, 2022.


Readers should perform their own research before making the final decision. The information on the Jotform HIPAA Compliance Checker does not constitute official healthcare or legal advice. Jotform is not liable for any damage or liabilities arising out of or connected in any manner with this platform.

If you see any incorrect, incomplete or inaccurate information, please request correction by filling the form below.

Request Correction

Get professional solutions with Jotform Enterprise

Discover how Jotform Enterprise can benefit your organization. Automate, collaborate, and scale with ease.