HIPAA & BAA · Telehealth
Is Doxy.me HIPAA compliant?
Yes. Doxy.me provides a free BAA to all users, generated directly inside the account settings; the Free/Professional BAA covers individual providers, while organizations with multiple providers need a Clinic BAA.
Key facts
- BAA available: Yes — with a signed BAA
- What it takes: All plans, including Free and Professional; multi-provider organizations need a Clinic BAA
- Official source: Doxy.me Help Center — How do I get a BAA with doxy.me? — https://help.doxy.me/en/articles/95880-baa-how-do-i-get-a-baa-with-doxy-me (verified 2026-06)
How to use Doxy.me in a HIPAA-compliant way
- Sign in and open Account Settings in the left column
- Select the BAA tab
- Enter your practice/legal information and generate the agreement
- Download a copy for your records (Doxy.me also retains one on your account)
- For multiple providers, contact Doxy.me support to be covered under a Clinic BAA
Important caveats
- The self-serve BAA on Free/Professional is for a single provider only; group practices must arrange a Clinic BAA
- No tool is automatically HIPAA compliant: you must still configure it correctly and run your own compliance program (risk analysis, training, access controls)
- Confirm the executed BAA covers every feature you plan to use before transmitting PHI
The bottom line
No software is "HIPAA compliant" on its own. HIPAA compliance is a property of your organization, not a tool. Even with a signed BAA, you remain responsible for configuring Doxy.me correctly, limiting access to PHI, training staff, and maintaining your own safeguards. This page is general information, not legal advice; confirm current terms with Doxy.me.
Frequently asked questions
Does Doxy.me sign a BAA?
Yes. All plans, including Free and Professional; multi-provider organizations need a Clinic BAA A signed BAA is required before any PHI is involved.
Is Doxy.me HIPAA compliant out of the box?
No software is "HIPAA compliant" by itself. Even when Doxy.me offers a BAA, you are responsible for signing it, configuring the product correctly, restricting access, and maintaining your own administrative, physical, and technical safeguards.
What should I check before using Doxy.me with PHI?
The self-serve BAA on Free/Professional is for a single provider only; group practices must arrange a Clinic BAA
