Spellbook Now Complies with HIPAA Requirements

Spellbook now meets the administrative, technical, and physical safeguards required under the Health Insurance Portability and Accountability Act (HIPAA), supporting legal teams working within healthcare.

Spellbook is now able to support customers with HIPAA obligations and sign Business Associate Agreements (BAAs) where required.

What This Means for Our Customers

Support for PHI Workflows
Spellbook can be used for matters involving PHI—including healthcare contracts, regulatory work, vendor agreements, and other documents that contain protected health information (PHI).

Business Associate Agreements (BAAs)
Spellbook can now execute BAAs with customers that need them. BAAs are the contractual mechanism that ensures HIPAA obligations flow between organizations. Spellbook has also signed BAAs with downstream vendors that process information protected under HIPAA.

Compliance & Risk Management
HIPAA readiness simplifies vendor due diligence and enables organizations in healthcare and adjacent industries to adopt Spellbook without increasing privacy or security risk.

Healthcare & Health-Tech Ready
This includes hospitals and health systems, private practices, telehealth providers, payors, labs, pharmacies, life sciences companies, and healthcare technology vendors, as well as legal teams that handle PHI as part of their work.

How HIPAA Compliance Works

Organizations demonstrate compliance by implementing the safeguards outlined in the HIPAA Privacy, Security, and Breach Notification Rules and, where PHI is involved, by signing a Business Associate Areement (BAA) with customers. The BAA is an agreement that lets a HIPAA-regulated customer use our product for contracts or workflows containing PHI, while contractually binding us to HIPAA required protections. Spellbook meets these requirements and will continue to strengthen its controls over time.

Resources, documentation, and vendor BAAs are available in the Spellbook Trust Center.

Looking Ahead

HIPAA readinessbuilds on Spellbook’s broader security and privacy program, including SOC 2 Type II. We will continue to update safeguards, review policies, and expand documentation to support customers operating in regulated industries.

Legal professionals should be able to adopt AI without compromising privacy obligations. CompliHIPAA compliance ensures Spellbook can support sensitive healthcare-related legal work securely and responsibly.