Is DocuSign HIPAA compliant?
Signs a BAAPHI with conditionsSOC 2 Type II
Will DocuSign sign a HIPAA BAA?
Yes — DocuSign will sign a HIPAA Business Associate Agreement (BAA).
DocuSign may enter into a BAA with HIPAA Covered Entities and meets Business Associate obligations; generally provided for enterprise customers.
PHI eligibility
eSignature/IAM can be used for documents containing PHI under a signed BAA, with the covered entity responsible for compliant deployment.
SOC 2
SOC 2 Type II
Trust center
Sub-processors
—
Notes
Also holds ISO 27001, FedRAMP, and PCI DSS. Exact plan gating for the BAA is not specified on the page.
Get notified when this changes
We track DocuSign's BAA and HIPAA status. Leave your email and we'll send one note if the verdict on this page changes.
How to request and sign a BAA with DocuSign
Yes — DocuSign will sign a HIPAA Business Associate Agreement (BAA).
Request routeBy request — via trust center or support
- 1Confirm your account is coveredDocuSign may enter into a BAA with HIPAA Covered Entities and meets Business Associate obligations; generally provided for enterprise customers.
- 2Request the Business Associate AgreementDocuSign provides the BAA on request. Open a request through DocuSign's trust center and ask for the current Business Associate Agreement covering your plan.
- 3Confirm what PHI is allowed before you store anyeSignature/IAM can be used for documents containing PHI under a signed BAA, with the covered entity responsible for compliant deployment. Match your configuration to this scope before putting protected health information into DocuSign.
Last verified 2026-05-31 · Plan tiers and BAA terms change often — confirm the current process directly with DocuSign before you rely on it. This is cited public information, not legal advice.
Frequently asked questions
Does DocuSign sign a HIPAA Business Associate Agreement (BAA)?
Yes — DocuSign will sign a HIPAA Business Associate Agreement (BAA). DocuSign may enter into a BAA with HIPAA Covered Entities and meets Business Associate obligations; generally provided for enterprise customers.
Is DocuSign HIPAA compliant?
DocuSign can be used in a HIPAA-compliant way: it signs a Business Associate Agreement (BAA), which HIPAA requires before you process PHI with a vendor. eSignature/IAM can be used for documents containing PHI under a signed BAA, with the covered entity responsible for compliant deployment.
Can you store PHI (protected health information) in DocuSign?
eSignature/IAM can be used for documents containing PHI under a signed BAA, with the covered entity responsible for compliant deployment.
Is DocuSign SOC 2 certified?
DocuSign reports a SOC 2 Type II attestation according to its public security documentation.
How do I request a HIPAA BAA from DocuSign?
DocuSign provides the BAA on request. Open a request through DocuSign's trust center and ask for the current Business Associate Agreement covering your plan. Confirm current terms directly with DocuSign before storing PHI.
What plan do I need to sign a BAA with DocuSign?
DocuSign may enter into a BAA with HIPAA Covered Entities and meets Business Associate obligations; generally provided for enterprise customers.
Sources
https://www.docusign.com/solutions/industries/healthcare
This page is cited public information, not legal or compliance advice. A BAA's availability can depend on your specific plan, region, and contract. Always confirm current terms with DocuSign before processing protected health information.
Check another vendor
See all HIPAA compliant docs & collaboration tools →
Browse all 105 vendors by category →