HIPAA compliance

Pipedream can sign Business Associate Addendums (BAAs) for Enterprise customers intending to pass PHI to Pipedream. We can also provide a third-party SOC 2 report detailing our HIPAA-related controls.

HIPAA-eligible services

• Workflows
• Event sources
• Data stores
• Destinations

Ineligible services

Any service not listed in the HIPAA-eligible services section is not eligible for use with PHI under HIPAA. Please reach out to Pipedream support if you have questions about a specific service.

The following services are explicitly not eligible for use with PHI under HIPAA.

• v1 workflows
• File stores

Your obligations as a customer

If you are a covered entity or business associate under HIPAA, you must ensure that you have a BAA in place with Pipedream before passing PHI to Pipedream.

You must also ensure that you are using Pipedream in a manner that complies with HIPAA. This includes:

• You may only use HIPAA-eligible services to process or store PHI
• You may not include PHI in Pipedream resource names, like the names of projects or workflows

Signing a Business Associate Addendum

Pipedream is considered a Business Associate under HIPAA regulations. If you are a Covered Entity or Business Associate under HIPAA, you must have a Business Associate Agreement (BAA) in place with Pipedream before passing PHI to Pipedream. This agreement is an addendum to our standard terms, and outlines your obligations as a customer and Pipedream's obligations as a Business Associate under HIPAA.

Please request a BAA by visiting https://pipedream.com/support.

Requesting information on HIPAA controls

Please request compliance reports from https://pipedream.com/support. Pipedream can provide a SOC 2 Type II report covering Security controls, and a SOC 2 Type I report for Confidentiality and Availability. In 2025, Pipedream plans to include Confidentiality and Availability controls in our standard Type II audit.