Is Smartsheet HIPAA Compliant?

Is Smartsheet HIPAA Compliant?

Smartsheet is HIPAA compliant provided that organizations subscribe to a Smartsheet Enterprise Plan, enter into a Business Associate Agreement with Smartsheet, and configure the security settings so the platform can be used in compliance with the HIPAA Security Rule. This final requirement is the one organizations may find most challenging due to a reported lack of customer support.

Smartsheet is “spreadsheet-style” collaboration and project management software that, because of its similarities to Excel, is sometimes used in healthcare organizations to automate administrative tasks and workflows. But, if the software is used to collect, use, maintain, or transmit Protected Health Information (PHI) is Smartsheet HIPAA compliant?

This question is answered on the company’s Smartsheet and HIPAA webpage which provides a brief explanation of the HIPAA requirements, describes how Smartsheet audits its security mechanisms to support HIPAA compliance, and explains how PHI uploaded to the software is protected from unauthorized access in transit and at rest.

The webpage also explains the customers’ responsibilities to use Smartsheet compliantly and that, to use Smartsheet compliantly, it is necessary to subscribe to an Enterprise plan, enter into a Business Associate Agreement, and configure the security settings in the Enterprise plan to create safe sharing lists, approved HIPAA compliant email addresses, and auto-provisioning rules (etc.).

For administrators in large organizations with years of experience configuring software to be HIPAA compliant and training members of the workforce how to use the software compliantly, adjusting the security settings so the software is used in compliance with HIPAA is not going to be an issue. However, for most other users, using Smartsheet may prove challenging.

Issues with Smartsheet and HIPAA Compliance

Software review sites often provide mixed messages. When the software meets users’ expectations, you get 4 or 5 star reviews. When users feel the software doesn’t do what it says on the tin, you get 1 or 2 star reviews. Consequently, it can be helpful to be guided by the Gartner peer review site because of the better balance of reviews published by verified customers.


Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

With regards to Gartner’s peer reviews for Smartsheet, whether or not Smartsheet is HIPAA compliant doesn’t appear to be an issue. What does appear to be an issue is the volume of work required to customize Smartsheet to provide more than basic functionality – an issue that is exacerbated by an apparent lack of support for business customers.

The complexity of the software, its lack of intuitiveness, and the navigation difficulties reported by some reviewers implies that, although Smartsheet may tick the boxes of HIPAA compliance, you are left to fend for yourself once you have subscribed to an Enterprise Plan and entered into a Business Associate Agreement – and this can create problems for many organizations.

As with any software, if it is too complicated to understand, lacks intuitiveness, or is difficult to navigate, mistakes could occur in the configuration of the software or users could find workarounds to bypass security controls in order “to get the job done”. Either way, is a software solution is being used compliantly, the software is not HIPAA compliant.

Is Smartsheet HIPAA Compliant? Conclusion

In the context of is Smartsheet HIPAA compliant, no software is HIPAA compliant because it is how the software is configured and used – rather than the software’s capabilities – that determine compliance. Therefore, it is fair to say Smartsheet facilitates HIPAA compliance – provided you subscribe to an Enterprise Plan, enter into a Business Associate Agreement, and configure the security controls correctly.

Smartsheet does offer the option of a free trial to evaluate the software in your own environment, but the free trial only gives you access to the Business Plan – not to the Enterprise Plan with the HIPAA compliant capabilities. Therefore, in order to identify whether Smartsheet would be a HIPAA compliant project management solution for your organization, you would need to contact the company and request a free trial of the Enterprise Plan.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: