BAA Generator
HomeResourcesDoes Dropbox Sign a HIPAA BAA?
Vendor BAA Guide

Does Dropbox Sign a HIPAA Business Associate Agreement?

By BAA Generator Research Team  ·  Published Apr 19, 2026  ·  Last reviewed Apr 19, 2026  ·  2 min read

Need a BAA right now?

Generate my BAA → See pricing →

Key Takeaways

Direct answer: Yes — Dropbox offers a HIPAA BAA on Dropbox Business and Business Plus plans. Free personal accounts and Dropbox Plus (individual plan) are not eligible. You must request the BAA from Dropbox Business support — it is not self-service. Note that Dropbox Sign (formerly HelloSign), Dropbox's e-signature product, is a separate service with its own separate BAA.

Dropbox is commonly used in small medical practices for file sharing — patient intake forms, imaging files, billing documents. If any of those files contain PHI, your Dropbox account must be covered by a BAA. Here's what you need to know.

Which Dropbox Plans Qualify for a HIPAA BAA?

Dropbox's HIPAA BAA is available on:

Not eligible: Dropbox Free, Dropbox Plus (individual $9.99/mo plan), Dropbox Professional. These are personal plans and do not qualify for a HIPAA BAA under any circumstances.

How to Request Dropbox's HIPAA BAA

Unlike Google Workspace's self-service Admin console acceptance, Dropbox requires a manual request:

  1. Ensure your organization is on a qualifying Dropbox Business plan
  2. Contact Dropbox Business support through your admin account
  3. Request the HIPAA Business Associate Agreement
  4. Dropbox will send a BAA document for your review, negotiation (if needed), and signature
  5. Retain a copy of the signed BAA for your compliance records

The BAA execution process typically takes a few business days. Do not store PHI in Dropbox prior to completing BAA execution.

Dropbox vs. Dropbox Sign (Two Separate BAAs)

Many healthcare organizations use both Dropbox (for file storage) and Dropbox Sign (for electronic signatures). These are separate products that require separate BAAs:

If you use both products with PHI, you need BAAs with both. A Dropbox BAA does not automatically cover Dropbox Sign.

What Dropbox's BAA Covers

Dropbox's HIPAA BAA covers:

More vendor BAA guides

Acuity Scheduling Amplitude Anthropic Athenahealth Aws Box Calendly Cerner Datadog Docusign Doxy ME Drchrono Eclinicalworks Epic Fullstory Github Google Cloud Google Workspace Hotjar Hubspot Intercom Jotform Kareo Mailchimp Microsoft 365 Microsoft Azure Mixpanel Monday Com Notion Openai Ringcentral Salesforce Segment Sendgrid Sentry Simplepractice Slack Square Stripe Therapynotes Twilio Typeform Zapier Zoom For Healthcare Zoom

Generate a compliant BAA in 5 minutes

HHS model BAA provisions · 45 CFR § 164.504(e) compliant · clean PDF + editable Word

Generate my BAA → See pricing →

No subscription · PDF + Word · Free watermarked preview

Related: Productivity, storage & forms

Box Notion monday.com Jotform Typeform Calendly Acuity Zapier DocuSign

Frequently Asked Questions

Does Dropbox sign a HIPAA BAA?
Yes — Dropbox offers a HIPAA Business Associate Agreement on Dropbox Business and Dropbox Business Plus plans. Free personal Dropbox accounts and Dropbox Plus (individual paid plan) are not eligible. Healthcare organizations must be on a qualifying Business plan and request the BAA from Dropbox's legal team.
Is personal Dropbox HIPAA compliant?
No. Free Dropbox accounts and Dropbox Plus (individual paid plan) are not covered under Dropbox's HIPAA BAA and cannot be used to store or transmit protected health information. Only Dropbox Business and Business Plus plans qualify for HIPAA compliance.
How do I request a HIPAA BAA from Dropbox?
To request a HIPAA BAA from Dropbox, your organization must be on a Dropbox Business or Business Plus plan. Contact Dropbox Business support and request the HIPAA BAA through their support portal or your account representative. Dropbox will provide a BAA document for your review and signature. Unlike Google Workspace, Dropbox does not offer self-service BAA acceptance.