monday.comEnterprise tier only
BAA on select plansPHI with conditions
monday.com signs a BAA only on the Enterprise tier, effective when an admin accepts it and activates the HIPAA-compliant feature; downgrading from Enterprise ends coverage.
HIPAA compliant project management: monday vs Smartsheet vs Asana vs ClickUp vs Trello
If tasks, tickets or attachments in your project tracker can reference patients, the tool needs a BAA. Four of these five sign one — but only on their top Enterprise tier — and Trello refuses outright. Here is the cited verdict for each.
5 tools compared · 4 sign a BAA · 1 won't · last verified 2026-05-31 · how we verify
SmartsheetEnterprise plan only
BAA on select plansPHI with conditions
Smartsheet signs a BAA (via account manager) only for Enterprise plan customers, and PHI may be uploaded only into 'PHI Eligible Services'; Add-Ons and third-party storage are excluded.
AsanaEnterprise only
BAA on select plansPHI with conditions
Asana signs a BAA only for eligible Enterprise customers, with HIPAA guardrails enabled after execution.
ClickUpEnterprise plan only
BAA on select plansPHI with conditions
ClickUp issues a BAA only to Enterprise plan customers; other tiers cannot access HIPAA features.
TrelloNo BAA — PHI prohibited
No BAANot for PHI
Atlassian does not sign a BAA covering Trello because Trello's Terms of Service prohibit processing sensitive personal information; Trello is omitted from Atlassian's HIPAA-qualified product list.
Every verdict above is cited public information, not legal or compliance advice. A BAA's availability changes with your plan, region and contract, and the product names here may be governed by a parent suite's agreement — always confirm the current BAA and PHI scope directly with the vendor before processing protected health information.
Frequently asked questions
Which project management tools sign a HIPAA BAA?
monday.com, Smartsheet, Asana, ClickUp will sign a HIPAA Business Associate Agreement (BAA), each on a specific plan tier. Trello does not sign a BAA. Every verdict on this page is cited and date-stamped — confirm current terms with the vendor before storing PHI.
Does monday.com sign a HIPAA BAA?
Sometimes — monday.com signs a HIPAA BAA only on specific plans or add-ons. monday.com signs a BAA only on the Enterprise tier, effective when an admin accepts it and activates the HIPAA-compliant feature; downgrading from Enterprise ends coverage.
Does Smartsheet sign a HIPAA BAA?
Sometimes — Smartsheet signs a HIPAA BAA only on specific plans or add-ons. Smartsheet signs a BAA (via account manager) only for Enterprise plan customers, and PHI may be uploaded only into 'PHI Eligible Services'; Add-Ons and third-party storage are excluded.
Does Asana sign a HIPAA BAA?
Sometimes — Asana signs a HIPAA BAA only on specific plans or add-ons. Asana signs a BAA only for eligible Enterprise customers, with HIPAA guardrails enabled after execution.
Does ClickUp sign a HIPAA BAA?
Sometimes — ClickUp signs a HIPAA BAA only on specific plans or add-ons. ClickUp issues a BAA only to Enterprise plan customers; other tiers cannot access HIPAA features.
Does Trello sign a HIPAA BAA?
No — Trello does not sign a HIPAA Business Associate Agreement (BAA). Atlassian does not sign a BAA covering Trello because Trello's Terms of Service prohibit processing sensitive personal information; Trello is omitted from Atlassian's HIPAA-qualified product list.
Compare another category
See all HIPAA category comparisons →
Browse all 105 vendors by category →