Does Dropbox sign a HIPAA BAA?

Yes — Dropbox offers a HIPAA Business Associate Agreement on Dropbox Business and Dropbox Business Plus plans. Free personal Dropbox accounts and Dropbox Plus (individual paid plan) are not eligible. Healthcare organizations must be on a qualifying Business plan and request the BAA from Dropbox's legal team.

Is personal Dropbox HIPAA compliant?

No. Free Dropbox accounts and Dropbox Plus (individual paid plan) are not covered under Dropbox's HIPAA BAA and cannot be used to store or transmit protected health information. Only Dropbox Business and Business Plus plans qualify for HIPAA compliance.

How do I request a HIPAA BAA from Dropbox?

To request a HIPAA BAA from Dropbox, your organization must be on a Dropbox Business or Business Plus plan. Contact Dropbox Business support and request the HIPAA BAA through their support portal or your account representative. Dropbox will provide a BAA document for your review and signature. Unlike Google Workspace, Dropbox does not offer self-service BAA acceptance.

Vendor BAA Guide

Does Dropbox Sign a HIPAA Business Associate Agreement?

By BAA Generator Editorial · Published Apr 19, 2026 · Last reviewed Apr 19, 2026 · 4 min read

Key Takeaways

✓ Yes — Dropbox signs a HIPAA BAA on Business and Business Plus plans
⚠ Free Dropbox and Dropbox Plus (personal) are not eligible — do not store PHI there
✓ Must request the BAA through Dropbox Business support — not self-service
✓ Dropbox's BAA covers file storage and sync; Dropbox Sign (e-signature) has its own BAA
✓ You still need BAAs with any other vendors who access your Dropbox-stored files

Direct answer: Yes — Dropbox offers a HIPAA BAA on Dropbox Business and Business Plus plans. Free personal accounts and Dropbox Plus (individual plan) are not eligible. You must request the BAA from Dropbox Business support — it is not self-service. Note that Dropbox Sign (formerly HelloSign), Dropbox's e-signature product, is a separate service with its own separate BAA.

Dropbox is commonly used in small medical practices for file sharing — patient intake forms, imaging files, billing documents. If any of those files contain PHI, your Dropbox account must be covered by a BAA. Here's what you need to know.

Which Dropbox Plans Qualify for a HIPAA BAA?

Dropbox's HIPAA BAA is available on:

Dropbox Business (team plan, starts at 3 users)
Dropbox Business Plus
Dropbox Business Advanced
Dropbox Enterprise

Not eligible: Dropbox Free, Dropbox Plus (individual $9.99/mo plan), Dropbox Professional. These are personal plans and do not qualify for a HIPAA BAA under any circumstances.

How to Request Dropbox's HIPAA BAA

Unlike Google Workspace's self-service Admin console acceptance, Dropbox requires a manual request:

Ensure your organization is on a qualifying Dropbox Business plan
Contact Dropbox Business support through your admin account
Request the HIPAA Business Associate Agreement
Dropbox will send a BAA document for your review, negotiation (if needed), and signature
Retain a copy of the signed BAA for your compliance records

The BAA execution process typically takes a few business days. Do not store PHI in Dropbox prior to completing BAA execution.

Dropbox vs. Dropbox Sign (Two Separate BAAs)

Many healthcare organizations use both Dropbox (for file storage) and Dropbox Sign (for electronic signatures). These are separate products that require separate BAAs:

Dropbox Business BAA — covers file storage, sync, and sharing in Dropbox
Dropbox Sign BAA — covers e-signature workflows in Dropbox Sign (formerly HelloSign); available on Business plan

If you use both products with PHI, you need BAAs with both. A Dropbox BAA does not automatically cover Dropbox Sign.

What Dropbox's BAA Covers

Dropbox's HIPAA BAA covers:

Dropbox's obligations to safeguard PHI stored in your Dropbox Business account
Encryption of files at rest (AES-256) and in transit (TLS)
Breach notification to your organization
Access control and audit logging through Dropbox admin tools
PHI return or deletion at account termination

Managing multiple vendor BAAs?

Generate HIPAA-compliant BAAs for each of your vendors — EHR, billing, cloud storage, and more. Free to start.

Generate BAA for Free →