25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Is Zapier HIPAA Compliant?

Posted By on Jul 17, 2024

Zapier is not HIPAA compliant due to the number of applications that integrate with the online automation platform and the sub-processors used by Zapier that themselves do not support HIPAA compliance. While this does not prevent HIPAA covered entities from using the platform, the inability to create, receive, store, or transmit Protected Health Information (PHI) limits the potential uses of Zapier in healthcare.

Zapier is a “no-code” automation platform that connects web applications via a drag and drop interface and orchestrates the flow of data between them. Zapier can be used to automate time-consuming tasks such as managing files and folders, sending notifications, and backing up data. It can also be used to prioritize workloads  and streamline communications.

In the healthcare industry, a platform with Zapier’s capabilities could be deployed for mapping patients’ journeys, managing medications, and coordinating discharges. It could also be used to automate eligibility, authorization, claims, and billing processes. However, Zapier does not support HIPAA compliance and cannot be used to create, receive, store, or transmit PHI.

Why Zapier Does Not Support HIPAA Compliance

Zapier does not provide a direct answer to why the platform does not support HIPAA compliance. Instead, in the FAQ section of the Data Privacy webpage, there is a question asking “Can I use Zapier with healthcare/medical data? And/or, will you sign my company’s BAA? The answer to the question states:

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

“The use of regulated healthcare and medical data including Protected Health Information (PHI) under HIPAA isn’t supported on Zapier. Zapier also can’t sign business associate agreements (BAAs) or equivalent agreements for handling PHI or other similar information.”

This is despite Zapier appearing to meet many of the requirements for HIPAA compliance. According to the site’s Security and Compliance webpage, Zapier has security monitoring and logging capabilities, a full suite of identity and access management tools – including SCIM for cross-domain identity management – and enterprise grade encryption for data at rest.

In addition, customers can take advantage of technical safeguards such as multifactor authentication, SSO (SAML), and application controls to limit who has access to what integrations and the data passing through them. The platform is also certified as SOC 2 (Type II) compliant. So, what is stopping Zapier from supporting HIPAA compliance?

Why Isn’t Zapier HIPAA Compliant? (Answered)

One of the reasons for Zapier’s popularity is the vast range of applications that can be connected by the platform. However, many of the applications themselves do not support HIPAA compliance (i.e., PayPal, Wix , Calendly, etc.). In addition, Zapier uses ChatGPT to automate smart workloads. ChatGPT also does not support HIPAA compliance.

It is also important to be aware that Zapier uses multiple sub-processors in the automation process. While some of these can support HIPAA compliance, Zapier would have to enter into Business Associate Agreements with each compliant sub-processor in order for customers to be able to create, receive, store, or transmit PHI via the automation platform.

There have been multiple requests posted on the Zapier community forum to make Zapier HIPAA compliant. However, in order to make Zapier HIPAA compliant, access to many of the applications and sub-processors would have to be removed. This would significantly limit the capabilities of the platform and the potential uses of Zapier in healthcare.

Covered Entities Can Still Use Zapier – Just Not with PHI

Due to the number of changes that would have to be made to the platform to support HIPAA compliance, it is unlikely that Zapier will be HIPAA compliant any time soon. However, this does not necessarily prevent HIPAA covered entities from using the platform for administrative tasks – provided PHI is not exposed to the platform or any connected applications.

Covered entities, business associates, and HIPAA-covered subcontractors who require advice on how to use Zapier without exposing PHI to the platform or any connected applications can ask for help on the Zapier community forum. Alternatively, it may be beneficial to speak with a healthcare compliance professional with experience of automated healthcare processes.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist