Does Intercom Sign a HIPAA Business Associate Agreement?
By BAA Generator Editorial · Published Apr 19, 2026 · Last reviewed Apr 19, 2026 · 5 min read
Key Takeaways
- ✗ No — Intercom does not sign a HIPAA BAA on any plan
- ✗ Intercom explicitly states it is not a HIPAA business associate
- ✓ Intercom can be used for general inquiries that do not involve PHI
- ✓ HIPAA-compliant alternatives: Zendesk (enterprise BAA), Freshdesk (verify availability)
What Intercom Says About HIPAA
Intercom has been explicit in its terms of service and security documentation: Intercom is not a HIPAA business associate and does not provide BAAs. This is a clear policy position, not an oversight or gap. Intercom has made the business decision not to pursue HIPAA compliance certification and BAA execution.
This means that regardless of how your healthcare organization configures Intercom, regardless of which plan tier you are on, and regardless of your own internal HIPAA compliance program — Intercom is not eligible for handling PHI. The absence of a BAA is a fundamental legal and compliance gap that internal policies cannot fix.
Healthcare Organizations Using Intercom: What Is Allowed
Many healthcare organizations and health tech companies use Intercom for website chat and customer support. Using Intercom is not inherently problematic — the issue is what data passes through it.
Acceptable Intercom uses in a healthcare context:
- General website chat for non-patient visitors (prospective patients asking about services)
- Support inquiries that do not involve the patient's health information
- Billing questions that involve only financial information (not linked to diagnoses)
- Internal team support workflows that do not involve patient data
Not acceptable in Intercom:
- Patient support conversations that include diagnoses, symptoms, medications, or treatment details
- Support tickets linked to patient records in your health system
- Chat conversations where patients identify themselves and discuss health conditions
- Any Intercom use where patient identity is linked to healthcare context
HIPAA-Compliant Alternatives to Intercom
| Tool | HIPAA BAA Available? | Notes |
|---|---|---|
| Zendesk (Enterprise) | Yes | BAA available for qualifying enterprise plans; contact sales |
| Freshdesk (Enterprise) | Verify | Has offered BAAs; verify current availability with Freshdesk |
| Salesforce Service Cloud | Yes (with BAA) | Covered under Salesforce HIPAA BAA for healthcare-configured deployments |
| Intercom | No | Not HIPAA eligible; no BAA on any plan |
Frequently Asked Questions
Does Intercom sign a HIPAA BAA?
No — Intercom explicitly states it is not a HIPAA business associate and does not offer BAAs on any plan. Do not use Intercom with patient PHI.
Can I use Intercom for healthcare customer support?
Yes — for general inquiries that do not involve PHI. Ensure your Intercom conversations never include patient names linked to health information, diagnoses, insurance details, or appointment data with health context.
What HIPAA-compliant alternatives to Intercom exist?
Zendesk (enterprise plans with BAA) and Salesforce Service Cloud (with BAA) are the most common alternatives for healthcare customer support. Verify current BAA availability with each vendor before deploying PHI-containing workflows.
For a broader look at which vendors sign HIPAA BAAs, see our vendor BAA lookup guide.
Need to generate a BAA for a vendor that does sign?
When you switch to a HIPAA-eligible support tool, generate a compliant BAA document in minutes.
Generate BAA for Free →