Skip to main content

Do you have a Business Associate Agreement (BAA)?

Aviva Glassman avatar
Written by Aviva Glassman
Updated over 10 months ago

Yes. You can find our Business Associate Agreement (BAA) here which governs our cooperation between us as a Business Associate and healing professionals when they are defined as a Covered Entity under HIPAA. All Covered Entities who use our platform agree to the terms of the BAA upon signing up

As a Business Associate under HIPAA, Upheal enters into a BAA with each therapist who uses the platform. Under the terms of the BAA, Upheal agrees to:

  • Only use and disclose personal health information (PHI) as permitted by the BAA or as required by law

  • Use security safeguards to prevent unauthorized use or disclosure of PHI

  • Report any unauthorized use or disclosure of PHI to the Covered Entity

  • Ensure that Upheal’s own subcontractors follow the same restrictions and conditions regarding the creation, receipt, maintenance, or transmission of PHI

  • Provide and update PHI when necessary and maintain records of disclosures, which should be made available to the Covered Entity

  • Allow the Secretary of Health and Human Services to review its practices and records for HIPAA compliance

Did this answer your question?