Is BambooHR HIPAA compliant? (2025 update)

BambooHR is an HR platform that helps companies manage employee records, payroll add-ons, benefits administration, and applicant tracking. With BambooHR, employers can centralize HR data, run payroll modules, and automate HR workflows.

Is BambooHR HIPAA compliant? No, based on our review, BambooHR is not HIPAA compliant.

Will BambooHR sign a business associate agreement (BAA)?

No, BambooHR does not act as a HIPAA Business Associate and will not sign a BAA. The company explicitly states that it is not a Business Associate as defined under HIPAA and requires customers not to upload or store PHI in the service.

Conclusion

BambooHR does not sign a BAA and is therefore not HIPAA compliant for handling PHI. 

Learn more: HIPAA Compliant Email: The Definitive Guide

FAQs

What is a business associate agreement?

A BAA is a legally binding contract between a HIPAA-covered entity and a vendor that handles PHI. It requires the vendor to protect PHI and follow HIPAA security and privacy rules.

What is HIPAA?

HIPAA sets national standards for protecting the privacy and security of certain health information. HIPAA requires covered entities and their business associates to safeguard PHI and limits how it can be used or disclosed.

Who does HIPAA apply to?

HIPAA applies to covered entities (healthcare providers, health plans, and healthcare clearinghouses) and their business associates, vendors that create, receive, maintain, or transmit PHI on behalf of those covered entities.