Teams and Businesses

About HIPAA and 1Password

End-to-end encryption protects all data stored in 1Password.

The 1Password security model leaves AgileBits without a way to access, decrypt, or view anything you save in 1Password. As a result, AgileBits isn’t defined as a Business Associate pursuant to HIPAA nor subject to a Business Associate Agreement.


1Password Business offers actionable insights for powerful administration, access controls for customized permissions, and SSO support to improve auditing capabilities. 1Password is SOC 2 type 2 certified and undergoes frequent third-party evaluations.


Strong and layered encryption protects your data at rest (on AgileBits servers and your device) and in transit. 1Password uses the Advanced Encryption Standard (NIST FIPS 197) and 256-bit symmetric cryptographic keys. All symmetric keys are generated on your device and encrypted using a public / private key pair. AgileBits never has access to the private key required to decrypt your secure data.

Learn more

Still need help?

If this article didn't answer your question, contact 1Password Support.