Is Basecamp HIPAA compliant?
No BAANot for PHISOC 2
Will Basecamp sign a HIPAA BAA?
No — Basecamp does not sign a HIPAA Business Associate Agreement (BAA).
Basecamp (37signals) does not offer or sign a HIPAA Business Associate Agreement and makes no HIPAA claims on its site or in the 37signals security policy, which is silent on HIPAA / PHI. It also lacks PHI-specific access logging and data-categorization controls.
PHI eligibility
Do not store PHI in Basecamp; no BAA is available on any plan.
SOC 2
SOC 2
Trust center
Sub-processors
—
Notes
The 37signals security policy is silent on HIPAA / BAA (no offering); verdict is corroborated by third-party reviews. Confidence is medium pending an explicit first-party statement.
Get notified when this changes
We track Basecamp's BAA and HIPAA status. Leave your email and we'll send one note if the verdict on this page changes.
How to request and sign a BAA with Basecamp
No — Basecamp does not sign a HIPAA Business Associate Agreement (BAA).
There is no BAA to request — Basecamp will not sign one. Basecamp (37signals) does not offer or sign a HIPAA Business Associate Agreement and makes no HIPAA claims on its site or in the 37signals security policy, which is silent on HIPAA / PHI. It also lacks PHI-specific access logging and data-categorization controls.
Need a vendor in this space that does? See which HIPAA compliant project management software sign a BAA →
Last verified 2026-05-31 · Plan tiers and BAA terms change often — confirm the current process directly with Basecamp before you rely on it. This is cited public information, not legal advice.
Frequently asked questions
Does Basecamp sign a HIPAA Business Associate Agreement (BAA)?
No — Basecamp does not sign a HIPAA Business Associate Agreement (BAA). Basecamp (37signals) does not offer or sign a HIPAA Business Associate Agreement and makes no HIPAA claims on its site or in the 37signals security policy, which is silent on HIPAA / PHI. It also lacks PHI-specific access logging and data-categorization controls.
Is Basecamp HIPAA compliant?
Basecamp is not HIPAA-ready: it does not sign a Business Associate Agreement (BAA), so you cannot use it to process protected health information (PHI). Do not store PHI in Basecamp; no BAA is available on any plan.
Can you store PHI (protected health information) in Basecamp?
Do not store PHI in Basecamp; no BAA is available on any plan.
Is Basecamp SOC 2 certified?
Basecamp reports a SOC 2 attestation according to its public security documentation.
How do I request a HIPAA BAA from Basecamp?
You can't — Basecamp does not sign a HIPAA Business Associate Agreement. Basecamp (37signals) does not offer or sign a HIPAA Business Associate Agreement and makes no HIPAA claims on its site or in the 37signals security policy, which is silent on HIPAA / PHI. It also lacks PHI-specific access logging and data-categorization controls.
What plan do I need to sign a BAA with Basecamp?
Basecamp does not offer a BAA on any plan, so no plan qualifies. Basecamp (37signals) does not offer or sign a HIPAA Business Associate Agreement and makes no HIPAA claims on its site or in the 37signals security policy, which is silent on HIPAA / PHI. It also lacks PHI-specific access logging and data-categorization controls.
Sources
https://37signals.com/policies/security
https://www.paubox.com/blog/is-basecamp-hipaa-compliant
This page is cited public information, not legal or compliance advice. A BAA's availability can depend on your specific plan, region, and contract. Always confirm current terms with Basecamp before processing protected health information.
Check another vendor
See all HIPAA compliant project management software →
Browse all 105 vendors by category →