25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Is Airtable HIPAA Compliant?

Posted By on Mar 12, 2025

Airtable is HIPAA compliant for covered entities and business associates who subscribe to an Enterprise Scale plan and enter into a Business Associate Agreement with Airtable. However, covered entities and business associates are advised that limitations apply to how Airtable can be used in compliance with HIPAA.

Airtable is a customizable business management platform with automation capabilities that helps organizations better manage data by enabling connections between siloed databases. The platform can be used – for example – for collaborative project management, inventory management, or data collection and analysis. Airtable can also function as a CRM solution due to numerous integration options.

In healthcare, Airtable has many potential uses. It could be used to keep track of appointments and consultant availability, streamline care teams’ workflows, or be used to build relational databases that track patients’ healthcare journeys and automatically trigger actions (i.e., run scripts, send MS Teams notifications, etc.) when specific events occur. However, these uses require disclosures of Protected Health Information (PHI) to the Airtable platform.

Is Airtable HIPAA Compliant?

In April 2024, Airtable announced it would support HIPAA compliance for customers that subscribe to an Enterprise Scale plan. Although smaller healthcare organizations may find they are required to pay for seats or services they are unable to use, the announcement means covered entities and business associates can use Airtable to collect, analyze, and store PHI in Airtable databases, and transmit PHI via HIPAA compliant integrations.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

However, there are limitations on how Airtable can be used in compliance with HIPAA. For example, PHI can only be stored in “Records” (similar to Excel Cells) in “Bases” (aka “Databases”), Records may not be emailed via an automated function if they include PHI, and any external integrations used with the Airtable platform must also support HIPAA compliance (i.e., MS Teams, Salesforce, Google Workspace, etc.).

In addition, there is no HIPAA support for Airtable AI, disclosures of PHI to Airtable’s Customer Support team are not permitted (verbal or digital), and healthcare customers are not permitted to use Airtable as – or as the technology behind – a patient portal. While these limitations restrict the potential uses for Airtable in healthcare, there are also many benefits to using Airtable without disclosing PHI in healthcare environments.

Will Airtable Sign a Business Associate Agreement?

Like most software vendors, Airtable offers a standard one-size-fits all Business Associate Agreement to qualifying customers rather than signing each customer’s Business Associate Agreement. Covered entities and business associates can request a copy of the Agreement from Airtable’s Sales Team in order to review the division of responsibilities and obligations before committing to an Enterprise Scale plan.

What is slightly different with regards to the Airtable Business Associate Agreement is that it allows customers to apply the Agreement to only those organizational units that will collect, analyze, store, or transmit PHI. This means that some organizational units may be able to remain on a less expensive (but feature-limited) Team or Business subscription, instead of the whole organization subscribing to an Enterprise Scale plan.

In addition, Airtable provides advice on the best practices organizations can adopt to ensure the platform is used in compliance with HIPAA. These include regularly reviewing user access via the admin panel, monitoring activity via downloadable reports, and enabling SSO login processes. Organizations can also enhance their HIPAA compliance efforts via Enterprise Key Management capabilities and Data Loss Prevention APIs.

Find Out More about Airtable from the Source

Covered entities and business associates who are interested in Airtable’s HIPAA compliant capabilities are advised to speak directly to the vendor. Airtable offers all customers a free feature-limited version of the software to trial. Although this version does not support HIPAA compliance, it will give covered entities and business associates more idea about the platform’s potential uses in healthcare.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist