HIPAA is a federal law that establishes national standards for how health plans, health care clearinghouses, and health care providers (“Covered Entities”) access, use, or disclose patient information called “Protected Health Information” or “PHI”. The national standards established under HIPAA may also extend to subcontractors that provide services to Covered Entities (“Business Associates”) or their subcontractors (“Business Associate Subcontractors”) and come into contact with PHI on their behalf. HIPAA is enforced by the US Department of Health and Human Services.

Questions about HIPAA

CDC.GOV provides a clear overview of HIPAA.

Yes; many Smartsheet customers elect to use our service to receive, maintain, or transmit PHI in accordance with their HIPAA obligations. For specific product eligibility, control configurations, and recommendations, please see our HIPAA article

If you have additional questions not answered above, please complete this form and a Smartsheet Security Engineer will reach out to you.