BBAA Atlas

Is Asana HIPAA compliant?

Work management · vendor site ↗

BAA on select plansPHI with conditionsSOC 2 Type II
Will Asana sign a HIPAA BAA?
Sometimes — Asana signs a HIPAA BAA only on specific plans or add-ons.
Asana signs a BAA only for eligible Enterprise customers, with HIPAA guardrails enabled after execution.
PHI eligibility
Limited operational PHI may be stored on Enterprise with a signed BAA and HIPAA activation, following minimum-necessary; do not store clinical records, diagnostic images, or detailed clinical notes, or use Asana as an EHR.
SOC 2
SOC 2 Type II
Trust center
asana.com
Sub-processors
asana.com
Notes
Asana's own HIPAA help page redirects to a JS-rendered portal that could not be fetched directly; verdict corroborated by a third-party compliance source citing Asana's Enterprise BAA. Confirm in the admin console.
Last verified 2026-05-31confidence: medium· Vendor terms change — confirm directly with Asana before storing PHI.

Get notified when this changes

We track Asana's BAA and HIPAA status. Leave your email and we'll send one note if the verdict on this page changes.

One email per change. No newsletter, no selling your address.

How to request and sign a BAA with Asana

Sometimes — Asana signs a HIPAA BAA only on specific plans or add-ons.

Request routeSelf-serve — enable it in your account
  1. 1
    Get on a qualifying plan
    Asana signs a BAA only for eligible Enterprise customers, with HIPAA guardrails enabled after execution.
  2. 2
    Request the Business Associate Agreement
    Asana lets you obtain the BAA without a sales call. Follow the path named in the plan requirement above — typically an in-product toggle or a billing / compliance settings page — then request and accept the agreement from your own account.
  3. 3
    Confirm what PHI is allowed before you store any
    Limited operational PHI may be stored on Enterprise with a signed BAA and HIPAA activation, following minimum-necessary; do not store clinical records, diagnostic images, or detailed clinical notes, or use Asana as an EHR. Match your configuration to this scope before putting protected health information into Asana.
Last verified 2026-05-31 · Plan tiers and BAA terms change often — confirm the current process directly with Asana before you rely on it. This is cited public information, not legal advice.

Frequently asked questions

Does Asana sign a HIPAA Business Associate Agreement (BAA)?
Sometimes — Asana signs a HIPAA BAA only on specific plans or add-ons. Asana signs a BAA only for eligible Enterprise customers, with HIPAA guardrails enabled after execution.
Is Asana HIPAA compliant?
Asana can be HIPAA-compliant only on the specific plans or add-ons where it will sign a Business Associate Agreement (BAA). Limited operational PHI may be stored on Enterprise with a signed BAA and HIPAA activation, following minimum-necessary; do not store clinical records, diagnostic images, or detailed clinical notes, or use Asana as an EHR.
Can you store PHI (protected health information) in Asana?
Limited operational PHI may be stored on Enterprise with a signed BAA and HIPAA activation, following minimum-necessary; do not store clinical records, diagnostic images, or detailed clinical notes, or use Asana as an EHR.
Is Asana SOC 2 certified?
Asana reports a SOC 2 Type II attestation according to its public security documentation.
How do I request a HIPAA BAA from Asana?
Asana lets you obtain the BAA without a sales call. Follow the path named in the plan requirement above — typically an in-product toggle or a billing / compliance settings page — then request and accept the agreement from your own account. Confirm current terms directly with Asana before storing PHI.
What plan do I need to sign a BAA with Asana?
Asana signs a BAA only for eligible Enterprise customers, with HIPAA guardrails enabled after execution.

Sources

Asana HIPAA Compliance: Does Asana Sign a BAA
https://www.accountablehq.com/post/asana-hipaa-compliance-does-asana-sign-a-baa-and-can-you-use-it-for-phi
Supports: BAA on Enterprise only; PHI minimum-necessary; not for clinical recordsdated: undated
This page is cited public information, not legal or compliance advice. A BAA's availability can depend on your specific plan, region, and contract. Always confirm current terms with Asana before processing protected health information.

Check another vendor

ClickUpBAA on select plansmonday.comBAA on select plansSmartsheetBAA on select plansActiveCampaignBAA on select plansAcuity SchedulingBAA on select plansAdobe Acrobat SignBAA on select plans

See all HIPAA compliant project management software
Browse all 105 vendors by category →