Slack can meet HIPAA requirements, but only on Enterprise Grid with a signed BAA and specific admin configuration.
Get started for freeYes, with conditions. Slack supports HIPAA compliance only on its Enterprise Grid plan. Slack will sign a BAA for Enterprise Grid customers, but the organization is responsible for configuring the workspace to meet HIPAA requirements. Standard, Pro, and Business+ plans are not eligible for a BAA.
Slack offers a Business Associate Agreement exclusively for Enterprise Grid customers. Standard, Pro, and Business+ plans do not qualify for a BAA, making them ineligible for HIPAA-governed use.
Source: Slack HIPAA compliance (Enterprise Grid)Signing a BAA does not automatically make Slack HIPAA compliant. The organization must configure data loss prevention, retention policies, access controls, and channel restrictions to meet HIPAA requirements.
Source: Slack HIPAA compliance (Enterprise Grid)Slack's Free, Pro, and Business+ plans do not include the security and compliance features required for HIPAA-governed use. Only Enterprise Grid provides the admin controls, audit logs, and data residency options needed.
Source: Slack HIPAA compliance (Enterprise Grid)Maintaining HIPAA compliance on Slack Enterprise Grid requires ongoing admin work: monitoring DLP policy violations, managing channel permissions, reviewing audit logs, and updating configurations as Slack releases new features. The HIPAA Security Rule requires covered entities to implement and maintain these administrative safeguards.
Source: HHS HIPAA Security RuleSlack's compliance documentation states that Enterprise Grid supports HIPAA compliance and that Slack will enter into a BAA with Enterprise Grid customers. Slack also states that the customer is responsible for configuring the workspace in accordance with HIPAA requirements.Source: Slack HIPAA compliance (Enterprise Grid)
Required plan: Slack Enterprise Grid
Requires IT staff who can configure and maintain Enterprise Grid security settings. Enterprise Grid pricing is not published — contact Slack sales for a quote. Not a one-time setup — policies need ongoing review as Slack releases new features and integrations.
Purpose-built HIPAA messaging that ships compliant out of the box. Signed BAA included at signup on every plan, including the free plan. No enterprise contract required.
Enterprise clinical messaging for hospitals and health systems with role-based routing, EHR integrations, and care team assignments.
HIPAA-compliant communication platform for medical practices with secure messaging, phone, fax, and telehealth in one system.
For a detailed comparison, see BloomText vs Slack.
Only on Enterprise Grid. Slack will sign a BAA for Enterprise Grid customers and the plan includes the admin controls needed for HIPAA-governed use. Standard, Pro, and Business+ plans are not eligible.
Yes, but only for Enterprise Grid customers. Slack will enter into a Business Associate Agreement as part of the Enterprise Grid contract. Lower-tier plans do not qualify for a BAA.
Slack Enterprise Grid is the only plan eligible for HIPAA-compliant use. It includes the admin controls, audit logs, DLP capabilities, and data residency options required to meet HIPAA requirements.
Enterprise Grid is designed for large organizations and its pricing reflects that. Smaller practices may find the cost and configuration overhead disproportionate to their messaging needs.
Last verified May 26, 2026.
