Is Make.com HIPAA Compliant? With HIPAAtizer, Yes!

Q: Does Make.com sign a BAA?

Make.com does not offer a standard, publicly available HIPAA Business Associate Agreement. Because PHI never needs to enter Make.com when you use HIPAAtizer, you don’t need a BAA with Make to build compliant workflows. HIPAAtizer provides a BAA for all Covered Entity accounts, covering the environment where PHI is actually collected and stored.

Q: Can I send PHI through Make.com?

You should not. Unless you have a signed BAA with Make.com and have configured your account accordingly, PHI should not be transmitted through Make.com. The recommended approach is to keep PHI inside HIPAAtizer and pass only secure links and non-PHI metadata to Make.com.

Q: Is there a BAA included with HIPAAtizer?

Yes. HIPAAtizer provides a Business Associate Agreement for all Covered Entity accounts.

Q: Can I test the Make.com integration for free?

Yes. Our free Developer Sandbox gives you full access to build and test your Make.com scenarios before going live. We also offer a 30-day free trial for Covered Entity accounts.

Make.com is a powerful automation platform – but it is not HIPAA Compliant by default. With HIPAAtizer as your HIPAA-Compliant layer, you can keep Protected Health Information (PHI) safe while still automating everything that happens after a form is submitted. Sign up for free and start building compliant Make.com workflows.

The short answer
Yes – you can use Make.com in a HIPAA-Compliant way, as long as PHI stays where it belongs. The common approach is to use HIPAAtizer as the HIPAA-Compliant layer where PHI is collected and stored, while using Make.com for the automation that happens afterward. PHI never needs to touch Make.com’s servers.

Make.com and HIPAAtizer logos side by side illustrating a HIPAA-Compliant form automation integration.

How the HIPAAtizer + Make.com workflow works

Patients complete a HIPAAtizer form.

The PHI is collected and stored within HIPAAtizer’s HIPAA-Compliant environment, covered by the Business Associate Agreement (BAA) you’ve already signed.

When a form is submitted, HIPAAtizer sends a webhook to Make.com. The webhook contains non-PHI metadata, such as the submission ID and secure links to the submission and any associated files. The actual form field data is not included.

Make.com receives the webhook and executes any automation scenario you’ve configured.

One important consideration: Make.com is not HIPAA Compliant by default. Unless you have a signed BAA with Make.com and have configured your account accordingly, PHI should not be transmitted through Make.com. Keeping PHI within HIPAAtizer and passing only secure links and metadata to Make.com is generally the recommended approach.

Why this approach works

PHI stays in a HIPAA-Compliant vault

All Protected Health Information is collected and stored inside HIPAAtizer’s HIPAA-Compliant environment, covered by a signed BAA. Make.com only ever receives non-PHI metadata and secure links.

No Make.com BAA required

Because PHI never enters Make.com, you don’t need Make to sign a Business Associate Agreement to build compliant automations. HIPAAtizer covers the part of the workflow where PHI actually lives.

Automate with 2,000+ apps

Once the secure webhook reaches Make.com, you can route data into CRMs, spreadsheets, messaging tools, schedulers, and thousands of other apps – building the exact scenario your practice needs, no code required.

Secure links, not raw data

Authorized team members open the submission and any files through secure links that point back to HIPAAtizer. Sensitive data is only viewable by people with permission to access it.

EXPLORE ALL FEATURES

How It Works

Step 1

Sign Up and Build Your Form

Create your free account. Sign up for a free Developer Sandbox or a Covered Entity account. Build your form with our drag-and-drop HIPAA-Compliant form builder, or send us your existing PDF/Word form and we’ll convert it for free.

HIPAAtizer sign up page with Google registration and email options.

HIPAAtizer integrated accounts page with Webhooks highlighted.

Step 2

Set Up a Webhook in HIPAAtizer

Connect the HIPAAtizer webhook to a Make.com scenario, using the submission ID and secure links delivered in the webhook payload.

Step 3

Build, and Activate in Make.com

Build and activate your scenario. Submissions are then routed automatically and securely according to your workflow.

View the Full Webhooks Guide

HIPAAtizer webhook configuration panel showing URL, HTTP method, and trigger event settings for HIPAA-Compliant form data automation.

Frequently Asked Questions

Is Make.com HIPAA Compliant?

No. Make.com is not HIPAA Compliant by default and does not publish a Business Associate Agreement (BAA) for handling Protected Health Information (PHI). Its public compliance materials cover GDPR, SOC 2 Type II, and ISO 27001 – but not HIPAA. With HIPAAtizer, this is not a problem: PHI is collected and stored inside HIPAAtizer’s HIPAA-Compliant environment, and only non-PHI metadata is passed to Make.com, so your automations run without putting PHI on Make’s servers.

Does Make.com sign a BAA?

Can I send PHI through Make.com?

What data does HIPAAtizer actually send to Make.com?

Is there a BAA included with HIPAAtizer?

Can I test the Make.com integration for free?

Start building your HIPAA-Compliant Make.com workflow today

Whether you’re capturing patient data, routing intake forms, or triggering follow-ups, HIPAAtizer lets you automate with Make.com while keeping PHI safe and compliant. Sign up for free or schedule a call with our team.

Need help with your form setup or Make.com scenario? Contact us at support@hipaatizer.com or use our live chat. HIPAAtizer provides a Business Associate Agreement for all Covered Entity accounts.

Make® is a registered trademark of Celonis SE. HIPAAtizer is not affiliated with, endorsed by, or sponsored by Make or Celonis SE. The integration between HIPAAtizer and Make.com is provided solely for user convenience. All product names, logos, and brands are the property of their respective owners.