Does DocuSign sign a HIPAA BAA?

Yes — DocuSign offers a HIPAA Business Associate Agreement on Business Pro and Enterprise plans. DocuSign Personal and Standard plans do not qualify. Healthcare organizations using DocuSign for patient-facing documents (consent forms, intake forms, treatment authorizations) that contain PHI must be on a qualifying plan and must execute the BAA before using DocuSign for those documents.

Can I use DocuSign for HIPAA-compliant patient signature collection?

Yes — on a qualifying DocuSign Business Pro or Enterprise plan with a signed BAA in place. DocuSign provides audit trails, access controls, and encryption suitable for HIPAA compliance. The BAA covers DocuSign's handling of PHI in documents sent through its platform. You must also ensure your envelope configurations don't unnecessarily expose PHI to non-authorized parties.

Is Dropbox Sign (formerly HelloSign) a HIPAA alternative to DocuSign?

Yes — Dropbox Sign (formerly HelloSign) also offers a HIPAA BAA on Business plans. It is generally less expensive than DocuSign's qualifying plans. For small practices needing HIPAA-compliant e-signatures at lower cost, Dropbox Sign Business is a common alternative to DocuSign Business Pro.

Vendor BAA Guide

Does DocuSign Sign a HIPAA Business Associate Agreement?

By BAA Generator Editorial · Published Apr 19, 2026 · Last reviewed Apr 19, 2026 · 4 min read

Key Takeaways

✓ Yes — DocuSign offers a HIPAA BAA on Business Pro and Enterprise plans
⚠ DocuSign Personal and Standard plans are not eligible — do not use for PHI documents
✓ Must request the BAA from DocuSign — not self-service
✓ Dropbox Sign (formerly HelloSign) is a less expensive alternative with a BAA on Business plans
✓ The BAA covers DocuSign's platform — you still need BAAs with other vendors

Direct answer: Yes — DocuSign offers a HIPAA BAA on Business Pro and Enterprise plans. Personal and Standard plans are not eligible. Healthcare organizations using DocuSign for consent forms, patient intake documents, or any other PHI-containing documents must be on a qualifying plan and must execute the BAA before using DocuSign for those workflows.

DocuSign is ubiquitous in healthcare for patient consent forms, intake packets, authorization forms, and provider agreements. If any of those documents contain patient names, dates of birth, diagnoses, or other PHI, your DocuSign account must be covered by a BAA.

Which DocuSign Plans Qualify for a HIPAA BAA?

DocuSign's HIPAA BAA is available on:

DocuSign Business Pro — the mid-tier business plan
DocuSign Enterprise — full enterprise plan with advanced features

Not eligible: DocuSign Personal ($15/mo), DocuSign Standard ($25/mo). These plans do not qualify for HIPAA BAA coverage. If you're currently using a Personal or Standard plan for patient-facing documents that contain PHI, you must upgrade before those documents can be sent compliantly.

How to Get DocuSign's HIPAA BAA

Unlike Google Workspace's self-service Admin console acceptance, DocuSign requires a manual request:

Ensure your organization is on DocuSign Business Pro or Enterprise
Contact DocuSign's support or your account representative and request the HIPAA BAA
DocuSign will provide their standard BAA for review and signature
Once executed, retain a copy in your compliance records

Do not use DocuSign for PHI-containing documents until the BAA is fully executed and on file.

What a DocuSign BAA Covers

DocuSign's HIPAA BAA covers DocuSign's obligations for PHI transmitted through or stored within the DocuSign platform, including:

Encryption of documents at rest and in transit
Access controls and audit trails for all document activity
Breach notification requirements
Data retention and deletion practices

Cost-Effective Alternative: Dropbox Sign

For small practices and startups where DocuSign Business Pro pricing is prohibitive, Dropbox Sign (formerly HelloSign) is a commonly used alternative. Dropbox Sign's Business plan offers a HIPAA BAA at a lower price point than DocuSign's qualifying plans. Both platforms support HIPAA-compliant e-signature workflows when the BAA is in place.

Need a BAA for your other vendors?

Beyond DocuSign, you need BAAs with your EHR, billing company, cloud storage, and more. Generate HIPAA-compliant BAAs in minutes.

Generate BAA for Free →