Best answer

Why isn't HIPAA compliance supported?

Userlevel 3

I need to transfer data from Jotform to Salesforce and thought I could use Zapier, but it looks like I’ve hit a roadblock, per this page


Best answer by nicksimard 9 May 2020, 01:50

View original

This post has been closed for comments. Please create a new post if you need help or have a question about this topic.

44 replies

Userlevel 3
Badge +3

Sure I cast a paper ballot and you can count it twice!!


Yes you have my vote for HIPAA compliance.

Userlevel 7
Badge +7

Even though Zapier doesn’t claim HIPAA compliance, they secure the system very well and with their best effort. They do not claim this probably because that would mean they would have to deal with certain certificates, audits, whatever.

Because of that, it’s completely your choice and actions to making it “HIPAA” compliant with policies of usage you setup yourself. I don’t have experience with HIPAA, but this would be your own choice.

Maybe @Danvers can say if something like this is on the feature request list.


Userlevel 7
Badge +11

Hi @John123!

I’ve added your vote for this request as well!

Userlevel 3
Badge +3

Dr. Case: 

I don’t know Zendesk or specifically but there are ways around this issue of using Zapier involving HIPAA compliant.

The primary things to understand are: 

  1. don’t send HIPAA compliant data to Zapier; that is, make sure there are no personal identifiers in the data that would make it HIPAA compliant
  2.  if you send data to Zapier, “tag it” with a number (i.e., submission ID) that you will use later to match up with the HIPAA compliant data once it is back in your HIPAA compliant system
  3. that should do it!

Happy Holidays!

Can we add a vote for us as well… Seems like a highly requested feature to be lacking. 

Userlevel 7
Badge +11

Hey @planitmars and @blueguy, welcome to the Community!

I’m happy to confirm that your votes have been added for Zapier to become HIPAA compliant. :)

Add me to the list, too, please.  We're a Zapier partner and this is what many of our customers need to properly roll out zapier in an enterprise environment. 

I would like to be added to that vote as well too. Thank you.

Hey there @christina.d 

I also work at a health tech startup that would use Zapier, that would benefit a lot if you were HIPAA compliant. Please add my vote to this thread.

It appears that with Zapier, most components if not all of the required and even most addressable requirements under HIPAA Security Rule are met.  

@DrCase , I would not recommend the advice from @blueguy without further consulting with an attorney.  §164.502(d) of the Privacy Rule permits a covered entity or its business associate to create information that is not individually identifiable by following the de-identification standard and implementation specifications in §164.514(a)-(b). However, I don’t believe the method suggested may meet those standards as it would still be a new individual identifier.

Any organization dealing with ePHI should also carefully consult with an attorney who understands software/tech and HIPAA/HITECH regulations.


All technical requirements aside, Zapier must also offer to execute Business Associate Agreements as well-- which they do not. Users should not believe that they can be HIPAA compliant on the simple basis that Zapier is not providing any “guarantee” and that the User would be fully responsible, as the requirement for a BAA is a clear requirement in order to meet the standards under HIPAA/HITECH.

Additionally, if Zapier was to learn you are using the system to handle ePHI, it would automatically have obligations as outlined by federal law, which likely would mean it would have no choice but to suspend your services and make a report of the violation to the Office of Civil Rights for the US Dept. of Health and Human Services.

The lack of Zapier (or any vendor for that matter) not signing a BAA and not officially allowing their system for use with ePHI, does not mean they are completely resolved of obligations under the law should they become aware of it’s use with ePHI.

@christina.d , I hope this is something you review as well.

Userlevel 7
Badge +8

@LeahtheHealthcareOBM I have added your vote!


Currently I can only use Zapier in a very limited fashion due to it lacking HIPAA compliance. Don’t make me switch! Some sort of official statement on Zapier’s plans would be most helpful.

Please add my vote for Zapier setting up a process to becoming HIPAA compliant.

Userlevel 7
Badge +11

Mod Edit: 03-21-2022

Hi @kbeisly!

I see that you’ve found Zapier’s official public-facing statement on data privacy. It’s definitely something that other users have asked for, and I’ve added your vote for it. I don’t have anything resembling a timeline for if/when that will be supported, however. 

As @ForYourIT pointed out, we do take the security of your data seriously. On that same page that you linked to, you can see some of the technical details. But we can not claim HIPAA compliance, since the use of regulated healthcare and medical data like HIPAA is not supported on Zapier. You can read more about this information here: Can I use Zapier with healthcare/medical data? And/or, will you sign my company’s BAA?

Userlevel 7
Badge +12

Hi @casebookbrian, thanks for your reply. I’ve shared your thoughts with the team and added you as an interested user. Thanks!

Pls add my vote as well. 

Userlevel 7
Badge +9

Hi there, @Joseph Moore. Thank for reaching out and sharing your candid feedback! I’ve got your vote added to this feature request. While I don’t have an update or ETA to offer at the moment, we’ll definitely send an email as soon we have one to share.

How do I add my vote?

Please add my vote as well. Thank you!

Userlevel 7
Badge +12

Hi @IHC_IT - thanks for your message, I’ve added your vote for that 🙂

Can you add my vote as well? I’m a huge fan of Zapier, but the lack of HIPAA compliance creates a major barrier to us using it in any significant way. 


I'd also like to add my vote...

Userlevel 3
Badge +3

Here is your work around on this issue; correct Zapier is not Hipaa compliant.  You can connect your JotForm to Google Sheets and this is Hipaa compliant.  Call this Google Sheet #1.  Create a second Google Sheet #2 with a simple important range / query function leaving out the personal identifiers or PHI.  Send the information from the JotForm (which has a unique identifier) and Google Sheet #2 back to Zapier utilizing the Submission ID as the unique identifier.  When Zapier is done with the data send it back to Google Sheet #3 and use the Submission ID to query the PHI data and personal identifiers from Google Sheet #1.  

We use these tools and in essence we never have PHI data travel with Personal identifiers.


Hope that helps!

Userlevel 7
Badge +11

Hi @lawbarker!

I’ve added your voice to that request as well! 


Any update on this . We are UK based and use Zapier for all our processes we are expanding internationally and I am disappointed to see it is not HIPAA compliant which will be essential for us