Is Smartsheet HIPAA compliant?

Yes, Smartsheet have stated that it is HIPAA compliant. Its security features meet HIPAA requirements, and the company is willing to sign a business associate agreement (BAA).

Smartsheet enables covered entities to store, access, and share protected health information (PHI). Its security and privacy services meet or exceed HIPAA’s regulatory requirements for protecting health data.

Customers can access the Smartsheet HIPAA Implementation Guide to learn how to properly configure Smartsheet for PHI. Covered entities must adjust specific features and security controls for HIPAA compliance. Security features include user access management, user auto-provisioning, activity monitoring, and sharing-control management.

Physical, administrative, and technical protections are available through Smartsheet security configurations. External auditors verify the security processes annually. Additionally, customers can request audit reports and penetration test reports.

Encryption protects data in transit and at rest. To transmit content securely, users should use the share function to send a link to a cloud-based document. Importing data and sending it through the attachment feature may put the security of PHI at risk.

HIPAA compliance applies to the main Smartsheet tools only. Add-ons such as partner apps may not meet HIPAA requirements. Covered entities should evaluate the security and privacy of each add-on before using it with PHI.

Smartsheet will sign a business associate agreement (BAA) for customers with an Enterprise plan. File attachments in Smartsheet are stored and managed through Amazon Web Services (AWS). In addition to signing a BAA with covered entities, Smartsheet also has a BAA in place with AWS.

Product details

Company Logo

Business Associate Agreement


HIPAA Compliant




Product description

Smartsheet provides cloud-based tools to support task management and collaboration. Users can share documents, manage workflow, assign tasks, and track project progress.


Readers should perform their own research before making the final decision. The information on the Jotform HIPAA Compliance Checker does not constitute official healthcare or legal advice. Jotform is not liable for any damage or liabilities arising out of or connected in any manner with this platform.

If you see any incorrect, incomplete or inaccurate information, please request correction by filling the form below.

Request Correction