Is HelloSign HIPAA compliant?

Yes, HelloSign has described itself as HIPAA compliant. Security controls meet HIPAA requirements, and HelloSign is willing to provide a signed business associate agreement (BAA).

HelloSign provides HIPAA-compliant solutions for covered entities, ensuring security and privacy for all documents that contain protected health information (PHI). The service uses Transport Layer Security (TLS) encryption for all communications in transit and AES 256-bit encryption for stored files.

Enterprise-level security controls include two levels of encryption for each document: a unique document encryption key (DEK) for each file and a master key that protects the DEK, which is regularly rotated for additional security. This configuration offers an extra layer of security in the event that someone bypasses physical security measures to access a hard drive.

HelloSign also offers audit reports that track activity and changes made to each document, giving covered entities the ability to view the audit trail as needed. HelloSign conducts regular user access reviews and provides extensive training for employees on HIPAA’s Security and Privacy Rules.

Customers must have a HelloSign Enterprise account to access features that comply with HIPAA and Service Organization Control (SOC) 2. HelloSign is willing to sign a business associate agreement (BAA) for customers with an Enterprise account — a key HIPAA requirement.

Product details

Company Logo

Business Associate Agreement


HIPAA Compliant




Product description

HelloSign is a simple and secure tool for collecting electronic signatures. It includes reusable templates and integration options for other software programs.


Readers should perform their own research before making the final decision. The information on the Jotform HIPAA Compliance Checker does not constitute official healthcare or legal advice. Jotform is not liable for any damage or liabilities arising out of or connected in any manner with this platform.

If you see any incorrect, incomplete or inaccurate information, please request correction by filling the form below.

Request Correction