Do you have a Business Associate Agreement (BAA)?
Juraj Chrappa avatar
Written by Juraj Chrappa
Updated over a week ago

Yes. You can find our Business Associate Agreement (BAA) here which governs our cooperation between us as a Business Associate and healing professionals when they are defined as a Covered Entity under HIPAA. All Covered Entities who use our platform agree to the terms of the BAA upon signing up

As a Business Associate under HIPAA, Upheal enters into a BAA with each therapist who uses the platform. Under the terms of the BAA, Upheal agrees to:

  • Only use and disclose personal health information (PHI) as permitted by the BAA or as required by law

  • Use security safeguards to prevent unauthorized use or disclosure of PHI

  • Report any unauthorized use or disclosure of PHI to the Covered Entity

  • Ensure that Upheal’s own subcontractors follow the same restrictions and conditions regarding the creation, receipt, maintenance, or transmission of PHI

  • Provide and update PHI when necessary and maintain records of disclosures, which should be made available to the Covered Entity

  • Allow the Secretary of Health and Human Services to review its practices and records for HIPAA compliance

Did this answer your question?