DropboxStandard/Advanced/Business+ (US teams) BAA on select plansPHI with conditions
Dropbox signs a BAA electronically via the admin console for US-based team accounts on Standard, Advanced, Enterprise, Education, Business, and Business Plus tiers (not free/Plus/Family); Dropbox Sign requires its own separate BAA.
BAA on select plansPHI with conditions
Box has signed BAAs with healthcare/life-sciences customers since 2013, available only on Enterprise, Enterprise Plus, or Enterprise Advanced plans and requested via the Admin Console.
BAA on select plansPHI with conditions
Google offers a HIPAA BAA to any paid Workspace/Cloud Identity customer via the Admin console (not free consumer Gmail), covering only services on the HIPAA Included Functionality list.
Google Drive is a HIPAA Included service under the Google Workspace BAA — accept it in the Admin console on any paid Workspace plan (not free consumer Gmail/Drive).
BAA on select plansPHI with conditions
Microsoft's HIPAA BAA is included by default through the Data Protection Addendum for commercial/enterprise customers covering in-scope services; Microsoft will not sign a customer's own BAA form, and free accounts are excluded.
OneDrive and SharePoint are in scope under the Microsoft 365 / Office 365 commercial BAA — there is no separate OneDrive BAA, and free accounts are excluded.
Every verdict above is cited public information, not legal or compliance advice. A BAA's availability changes with your plan, region and contract, and the product names here may be governed by a parent suite's agreement — always confirm the current BAA and PHI scope directly with the vendor before processing protected health information.
Which cloud storage tools sign a HIPAA BAA?
All 4 (Dropbox, Box, Google Drive, OneDrive) will sign a HIPAA Business Associate Agreement (BAA), each on a specific plan tier. Every verdict on this page is cited and date-stamped — confirm current terms with the vendor before storing PHI.
Does Dropbox sign a HIPAA BAA?
Sometimes — Dropbox signs a HIPAA BAA only on specific plans or add-ons. Dropbox signs a BAA electronically via the admin console for US-based team accounts on Standard, Advanced, Enterprise, Education, Business, and Business Plus tiers (not free/Plus/Family); Dropbox Sign requires its own separate BAA.
Does Box sign a HIPAA BAA?
Sometimes — Box signs a HIPAA BAA only on specific plans or add-ons. Box has signed BAAs with healthcare/life-sciences customers since 2013, available only on Enterprise, Enterprise Plus, or Enterprise Advanced plans and requested via the Admin Console.
Does Google Drive sign a HIPAA BAA?
Sometimes — Google Drive signs a HIPAA BAA only on specific plans or add-ons. Google offers a HIPAA BAA to any paid Workspace/Cloud Identity customer via the Admin console (not free consumer Gmail), covering only services on the HIPAA Included Functionality list.
Does OneDrive sign a HIPAA BAA?
Sometimes — OneDrive signs a HIPAA BAA only on specific plans or add-ons. Microsoft's HIPAA BAA is included by default through the Data Protection Addendum for commercial/enterprise customers covering in-scope services; Microsoft will not sign a customer's own BAA form, and free accounts are excluded.