HIPAA & BAA · Unified communications / VoIP
Is RingCentral HIPAA compliant?
Yes. RingCentral offers a signed BAA for healthcare customers and covered entities, covering in-scope products such as RingEX, RingCentral Fax, RingCX, and Contact Center, but you must request and execute it before handling PHI.
Key facts
- BAA available: Yes — with a signed BAA
- What it takes: Signed BAA available for eligible plans and in-scope services; request from your RingCentral representative
- Official source: RingCentral — Business Associate Agreement (legal) — https://www.ringcentral.com/legal/vendor-baa.html (verified 2026-06)
How to use RingCentral in a HIPAA-compliant way
- Purchase an eligible RingCentral plan/service
- Request the RingCentral BAA from your RingCentral representative
- Confirm which products and features are in scope for your deployment
- Review and sign the BAA before transmitting PHI
- Configure security settings (TLS/SRTP, access controls) per the agreement
Important caveats
- Not every feature is automatically in scope — confirm exactly which products/features the BAA covers
- You must request and execute the BAA before any PHI touches the platform
- RingCentral provides certifications (HITRUST, SOC 2 Type II, ISO 27001), but your org still owns its HIPAA configuration and safeguards
The bottom line
No software is "HIPAA compliant" on its own. HIPAA compliance is a property of your organization, not a tool. Even with a signed BAA, you remain responsible for configuring RingCentral correctly, limiting access to PHI, training staff, and maintaining your own safeguards. This page is general information, not legal advice; confirm current terms with RingCentral.
Frequently asked questions
Does RingCentral sign a BAA?
Yes. Signed BAA available for eligible plans and in-scope services; request from your RingCentral representative A signed BAA is required before any PHI is involved.
Is RingCentral HIPAA compliant out of the box?
No software is "HIPAA compliant" by itself. Even when RingCentral offers a BAA, you are responsible for signing it, configuring the product correctly, restricting access, and maintaining your own administrative, physical, and technical safeguards.
What should I check before using RingCentral with PHI?
Not every feature is automatically in scope — confirm exactly which products/features the BAA covers
