Vendor BAA Guide

Does Datadog Sign a HIPAA Business Associate Agreement?

By BAA Generator Editorial · Published Apr 20, 2026 · Last reviewed Apr 20, 2026 · 5 min read

Key Takeaways

✓ Yes on Enterprise plans only — BAA available, requires contacting Datadog sales
✓ No on Free and Pro plans — no BAA available at these tiers
✓ Monitoring logs and APM traces in health environments can contain PHI
✓ Configure log scrubbing at the Datadog Agent level to minimize PHI ingestion

Direct answer: Yes — Datadog signs a HIPAA BAA on Enterprise plans (custom pricing). The Free plan and Pro plan (~$15/host/month) do NOT include a HIPAA BAA. For any healthtech company or health system running Datadog for infrastructure monitoring, APM, or log management on a HIPAA-covered environment, an Enterprise plan and explicit BAA execution are required before deploying in production.

Datadog is the market-leading cloud monitoring, APM, and log management platform used by engineering and infrastructure teams across industries. In healthcare — health systems, digital health startups, health insurance portals, and telehealth platforms — Datadog is increasingly common for observability. The challenge is that Datadog's BAA is gated behind the Enterprise tier, which many teams discover only after they have already deployed Datadog into a HIPAA environment.

Datadog Plan BAA Coverage

Datadog's infrastructure, APM, and log products are sold at different price points, but HIPAA BAA access requires the Enterprise tier regardless of which Datadog products you use.

Plan	Approx. Price	HIPAA BAA	Notes
Free	$0	NO	No BAA; do not use for HIPAA-covered infrastructure
Pro	~$15/host/mo	NO	No BAA at this tier; not suitable for PHI-handling environments
Enterprise	Custom pricing	YES	BAA available via account manager; may require security review

Why Datadog Is a HIPAA Risk for Healthcare Infrastructure

Monitoring systems are often overlooked in HIPAA compliance reviews because they are perceived as purely technical tools rather than PHI-handling systems. In reality, Datadog ingests data from the same infrastructure that handles PHI, and that data can contain:

Application logs — server logs from health apps that may include patient IDs, session tokens, or API request/response bodies containing health data
APM traces — distributed traces of requests that span microservices, which may include query parameters or payloads with PHI
Database metrics — query performance metrics that may reveal patterns tied to patient-specific queries
Custom metrics and dashboards — application-level metrics that engineering teams define, which may inadvertently include PHI identifiers

Any healthtech team deploying Datadog in a production environment that handles PHI must have an Enterprise plan and an executed BAA before going live.

How to Get a HIPAA BAA from Datadog

Unlike self-service platforms, Datadog's HIPAA BAA requires an Enterprise sales process:

Contact Datadog sales and request an Enterprise plan quote for your organization
Negotiate and execute the Datadog Master Services Agreement (Enterprise tier)
Request the HIPAA BAA through your assigned Datadog account manager
Datadog may require a security questionnaire before executing the BAA
Review and sign the BAA; retain a copy for your compliance documentation

In parallel, configure Datadog Agent log filtering rules to scrub PHI from logs before they reach Datadog's cloud. This reduces the PHI footprint even with a BAA in place. See our guide on which vendors sign a HIPAA BAA and our resource on BAA requirements for healthtech startups for broader context.

What Happens If You Use Datadog Without a BAA?

Using Datadog to monitor infrastructure that handles PHI — without an executed BAA — means you are sharing PHI with a vendor that has no contractual HIPAA obligations to your organization. This violates the HIPAA business associate provisions. The fact that PHI entered Datadog unintentionally does not eliminate the violation. Engineering teams should conduct a Datadog compliance review before any HIPAA-covered application goes to production.

Frequently Asked Questions

Does Datadog sign a HIPAA BAA?

Yes — but only on Enterprise plans with custom pricing. Datadog's Free plan and Pro plan (~$15/host/month) do not include a HIPAA BAA. To obtain a BAA from Datadog, contact Datadog sales for an Enterprise plan and explicitly request the BAA through your account manager. Datadog may conduct a security review before executing the BAA.

Can Datadog logs contain PHI?

Yes — this is the primary compliance risk. Datadog collects infrastructure metrics, APM traces, and log data from your applications. In a healthcare environment, logs and APM traces can contain patient IDs, health record references, API request payloads with health data, or other PHI. Any healthtech team running Datadog in a HIPAA-covered environment needs a BAA — which requires an Enterprise plan.

Which Datadog plan includes a HIPAA BAA?

Only Datadog Enterprise (custom pricing) includes a HIPAA BAA. The Free plan and Pro plan (~$15/host/month) do not. Enterprise pricing is based on hosts, log ingestion volume, and additional products selected. Contact Datadog sales to get an Enterprise quote and initiate the BAA process.

How do I get a BAA from Datadog for my healthcare infrastructure?

To get a BAA from Datadog: (1) contact Datadog sales and request an Enterprise plan quote, (2) negotiate and execute the Enterprise service agreement, (3) request the HIPAA BAA through your assigned account manager, (4) review and sign the BAA. Datadog may require a security questionnaire before executing. Configure log filtering to scrub PHI at the Datadog Agent level before data reaches Datadog's cloud.

Need a BAA for your Datadog integration?

Generate a HIPAA-compliant Business Associate Agreement in minutes — covers all vendor types, free to start.

Generate Your BAA Free →