HIPAA & BAA ยท E-signature
Is Dropbox Sign HIPAA compliant?
Conditionally. Dropbox Sign supports HIPAA for customers on an annual Standard or Premium plan who sign a BAA and meet the minimum contract value.
Key facts
- BAA available: Conditionally โ on specific plans
- What it takes: Annual Standard or Premium plan, signed BAA, and minimum contract value
- Official source: Dropbox Help: Is Dropbox Sign HIPAA compliant? โ https://help.dropbox.com/security/dropbox-sign-hipaa-compliance (verified 2026-06)
How to use Dropbox Sign in a HIPAA-compliant way
- Move to (or confirm) an annual Standard or Premium Dropbox Sign plan.
- Contact your Dropbox account manager, or the Dropbox Sign sales team via their contact form, to request HIPAA compliance.
- Meet the minimum contract value requirement.
- Sign the Business Associate Agreement with Dropbox.
- Accept the resulting feature limitations once HIPAA mode is enabled.
Important caveats
- Enabling HIPAA disables certain features: no CC on signature requests, no emailed PDF copies of signed documents, and no editing of a document's title/message.
- A minimum contract value applies, so this is not available on low-tier or monthly plans.
- Free and monthly plans are not eligible.
The bottom line
No software is "HIPAA compliant" on its own. HIPAA compliance is a property of your organization, not a tool. Even with a signed BAA, you remain responsible for configuring Dropbox Sign correctly, limiting access to PHI, training staff, and maintaining your own safeguards. This page is general information, not legal advice; confirm current terms with Dropbox Sign.
Frequently asked questions
Does Dropbox Sign sign a BAA?
On specific plans. Annual Standard or Premium plan, signed BAA, and minimum contract value A signed BAA is required before any PHI is involved.
Is Dropbox Sign HIPAA compliant out of the box?
No software is "HIPAA compliant" by itself. Even when Dropbox Sign offers a BAA, you are responsible for signing it, configuring the product correctly, restricting access, and maintaining your own administrative, physical, and technical safeguards.
What should I check before using Dropbox Sign with PHI?
Enabling HIPAA disables certain features: no CC on signature requests, no emailed PDF copies of signed documents, and no editing of a document's title/message.
