Does RingCentral Sign a HIPAA Business Associate Agreement?
By BAA Generator Editorial · Published Apr 20, 2026 · Last reviewed Apr 20, 2026 · 5 min read
Key Takeaways
- ✓ Yes — RingCentral signs a HIPAA BAA for healthcare customers on qualifying plans
- ✓ RingCentral Advanced, Ultra, and RingCentral for Healthcare all support HIPAA BAAs
- ✓ Phone systems handling patient calls and voicemails with PHI require BAA coverage
- ✓ A BAA alone is not sufficient — HIPAA-compliant settings must be enabled in the admin console
RingCentral is one of the most widely-used cloud communications platforms, offering VoIP phone service, video meetings, team messaging, and eFax in an integrated system. For medical practices, RingCentral handles a significant volume of PHI daily through patient phone calls, appointment reminder calls, voicemails containing health information, and secure messaging between clinical staff.
RingCentral Plan Coverage for HIPAA BAA
| Plan | BAA Available? | Notes |
|---|---|---|
| RingCentral Core | No BAA standard | Entry-level plan; contact sales for healthcare eligibility |
| RingCentral Advanced | BAA available with healthcare agreement | Request through RingCentral healthcare sales |
| RingCentral Ultra | BAA available | Full-featured plan with BAA support |
| RingCentral for Healthcare | Yes — BAA included | Healthcare-specific plan with compliance features |
When Does a Phone System Require a BAA?
Many medical practices overlook their phone system when inventorying vendor BAA requirements. A HIPAA Business Associate Agreement is required for your phone system when it:
- Receives patient voicemails — if patients leave messages with their name, health condition, prescription refill requests, or insurance information, those voicemails are PHI stored on RingCentral's servers
- Records calls — call recording features that capture patient conversations create PHI that RingCentral stores and processes
- Handles faxes with PHI — electronic fax (eFax) services receiving lab results, referral documents, or medical records are handling PHI
- Stores voicemail-to-email transcriptions — if RingCentral transcribes voicemails and delivers them via email, those transcriptions containing PHI require BAA coverage
- Enables staff messaging about patients — internal team messaging on RingCentral that includes patient information (names, conditions, appointment details) constitutes PHI communication requiring BAA coverage
How to Get a HIPAA BAA from RingCentral
RingCentral's BAA is not automatically included in standard plan subscriptions:
- Contact RingCentral sales and specify that you are a healthcare organization requiring HIPAA compliance
- Confirm your plan qualifies (Advanced, Ultra, or RingCentral for Healthcare)
- Request the HIPAA Business Associate Agreement addendum
- After executing the BAA, enable HIPAA-compliant settings in the RingCentral Admin Portal — this includes configuring access controls, managing AI features, and setting retention policies for voicemails and recordings
A critical point: executing the BAA is necessary but not sufficient. HIPAA requires both a signed BAA and appropriate technical and administrative safeguards. RingCentral's admin console includes settings that must be configured for HIPAA compliance — the default configuration is not sufficient for healthcare use.
What Happens If You Use RingCentral Without a BAA?
Medical practices using RingCentral without a BAA for patient communications are in ongoing HIPAA violation. Every voicemail, call recording, and fax received from patients without a BAA is a separate instance of non-compliant PHI handling. Given the volume of patient communications in a typical practice, this represents significant cumulative risk.
Phone and communication systems are frequently overlooked in HIPAA compliance audits because practices focus on their EHR. However, OCR investigations following breaches consistently examine all systems that touched the PHI involved — including phone platforms.
For general guidance on when BAAs are required, see our guide on when you need a HIPAA BAA. For a full vendor overview, see our vendor BAA lookup guide.
Frequently Asked Questions
Does RingCentral sign a HIPAA BAA?
Yes — RingCentral signs a HIPAA BAA for healthcare customers on qualifying plans including Advanced, Ultra, and RingCentral for Healthcare. Contact RingCentral sales to request the BAA and confirm your plan's eligibility.
Is RingCentral HIPAA compliant for medical practices?
Yes — RingCentral can be configured for HIPAA compliance on qualifying plans with an executed BAA and properly enabled HIPAA settings in the admin console. A signed BAA alone is not sufficient; appropriate technical configuration is also required.
Does RingCentral's voicemail system require a BAA?
Yes — if patients leave voicemails containing PHI (name, health condition, prescription requests, etc.), those recordings are PHI stored on RingCentral's servers. An executed BAA is required. The same applies to call recordings, eFax, and voicemail transcription features.
How do I set up RingCentral for HIPAA compliance?
To set up RingCentral for HIPAA compliance: contact sales to request the BAA and confirm plan eligibility; execute the BAA; then enable HIPAA-compliant settings in the Admin Portal covering access controls, AI features, and voicemail/recording retention policies. Train staff on HIPAA-appropriate use of all communication features.
Need a BAA for your RingCentral integration?
Generate a HIPAA-compliant Business Associate Agreement in minutes — covers all vendor types, free to start.
Generate Your BAA Free →