BBAA Atlas

Is QuickBooks Online (Intuit) HIPAA compliant?

Accounting · vendor site ↗

No BAANot for PHI
Will QuickBooks Online (Intuit) sign a HIPAA BAA?
No — QuickBooks Online (Intuit) does not sign a HIPAA Business Associate Agreement (BAA).
Intuit's official position is that QuickBooks Online meets industry security standards but is not compliant with HIPAA privacy standards, and Intuit will not enter into a Business Associate Agreement. Intuit advises healthcare professionals not to enter individually identifiable health information into QuickBooks Online.
PHI eligibility
Keep PHI out of QuickBooks Online. Names, dates, and payment amounts not tied to a health context are fine, but no diagnoses, treatment details, or patient identifiers in invoices, memos, or notes.
SOC 2
Not publicly confirmed
Trust center
Sub-processors
Notes
Intuit's own support guidance states QBO is not HIPAA-compliant and advises against entering individually identifiable health info; the explicit 'will not sign a BAA' wording is documented via HIPAA Journal quoting Intuit's official statement (the direct Intuit support URL repeatedly timed out on fetch).
Last verified 2026-05-31confidence: high· Vendor terms change — confirm directly with QuickBooks Online (Intuit) before storing PHI.

Get notified when this changes

We track QuickBooks Online (Intuit)'s BAA and HIPAA status. Leave your email and we'll send one note if the verdict on this page changes.

One email per change. No newsletter, no selling your address.

How to request and sign a BAA with QuickBooks Online (Intuit)

No — QuickBooks Online (Intuit) does not sign a HIPAA Business Associate Agreement (BAA).

There is no BAA to request — QuickBooks Online (Intuit) will not sign one. Intuit's official position is that QuickBooks Online meets industry security standards but is not compliant with HIPAA privacy standards, and Intuit will not enter into a Business Associate Agreement. Intuit advises healthcare professionals not to enter individually identifiable health information into QuickBooks Online.

Need a vendor in this space that does? See which HIPAA compliant payments & billing software sign a BAA →

Before you sign — watch for
  • HIPAA is enabled per account / workspace — each one needs its own BAA, not a single org-wide signature.
Last verified 2026-05-31 · Plan tiers and BAA terms change often — confirm the current process directly with QuickBooks Online (Intuit) before you rely on it. This is cited public information, not legal advice.

Frequently asked questions

Does QuickBooks Online (Intuit) sign a HIPAA Business Associate Agreement (BAA)?
No — QuickBooks Online (Intuit) does not sign a HIPAA Business Associate Agreement (BAA). Intuit's official position is that QuickBooks Online meets industry security standards but is not compliant with HIPAA privacy standards, and Intuit will not enter into a Business Associate Agreement. Intuit advises healthcare professionals not to enter individually identifiable health information into QuickBooks Online.
Is QuickBooks Online (Intuit) HIPAA compliant?
QuickBooks Online (Intuit) is not HIPAA-ready: it does not sign a Business Associate Agreement (BAA), so you cannot use it to process protected health information (PHI). Keep PHI out of QuickBooks Online. Names, dates, and payment amounts not tied to a health context are fine, but no diagnoses, treatment details, or patient identifiers in invoices, memos, or notes.
Can you store PHI (protected health information) in QuickBooks Online (Intuit)?
Keep PHI out of QuickBooks Online. Names, dates, and payment amounts not tied to a health context are fine, but no diagnoses, treatment details, or patient identifiers in invoices, memos, or notes.
Is QuickBooks Online (Intuit) SOC 2 certified?
We could not confirm a public SOC 2 report for QuickBooks Online (Intuit). SOC 2 is separate from a HIPAA BAA — confirm both directly with QuickBooks Online (Intuit).
How do I request a HIPAA BAA from QuickBooks Online (Intuit)?
You can't — QuickBooks Online (Intuit) does not sign a HIPAA Business Associate Agreement. Intuit's official position is that QuickBooks Online meets industry security standards but is not compliant with HIPAA privacy standards, and Intuit will not enter into a Business Associate Agreement. Intuit advises healthcare professionals not to enter individually identifiable health information into QuickBooks Online.
What plan do I need to sign a BAA with QuickBooks Online (Intuit)?
QuickBooks Online (Intuit) does not offer a BAA on any plan, so no plan qualifies. Intuit's official position is that QuickBooks Online meets industry security standards but is not compliant with HIPAA privacy standards, and Intuit will not enter into a Business Associate Agreement. Intuit advises healthcare professionals not to enter individually identifiable health information into QuickBooks Online.

Sources

Is QuickBooks HIPAA Compliant?
https://www.hipaajournal.com/is-quickbooks-hipaa-compliant/
Supports: Quotes Intuit's official statement that QuickBooks Online is not HIPAA-compliant and that Intuit will not enter into a BAA; advises against entering individually identifiable health informationdated: 2025-02-09
This page is cited public information, not legal or compliance advice. A BAA's availability can depend on your specific plan, region, and contract. Always confirm current terms with QuickBooks Online (Intuit) before processing protected health information.

Check another vendor

ActiveCampaignBAA on select plansAcuity SchedulingBAA on select plansAdobe Acrobat SignBAA on select plansAircallSigns a BAAAirtableBAA on select plansAmazon Web Services (AWS)Signs a BAA

See all HIPAA compliant payments & billing software
Browse all 105 vendors by category →