All Collections
Privacy and security
Upheal’s Business Associate Agreement (BAA)
Do you have a Business Associate Agreement (BAA)?
Do you have a Business Associate Agreement (BAA)?
Juraj Chrappa avatar
Written by Juraj Chrappa
Updated over a week ago

Yes. You can find our Business Associate Agreement (BAA) here which governs our cooperation between us as a Business Associate and healing professionals when they are defined as a Covered Entity under HIPAA. All Covered Entities who use our platform agree to the terms of the BAA upon signing up

As a Business Associate under HIPAA, Upheal enters into a BAA with each therapist who uses the platform. Under the terms of the BAA, Upheal agrees to:

  • Only use and disclose personal health information (PHI) as permitted by the BAA or as required by law

  • Use security safeguards to prevent unauthorized use or disclosure of PHI

  • Report any unauthorized use or disclosure of PHI to the Covered Entity

  • Ensure that Upheal’s own subcontractors follow the same restrictions and conditions regarding the creation, receipt, maintenance, or transmission of PHI

  • Provide and update PHI when necessary and maintain records of disclosures, which should be made available to the Covered Entity

  • Allow the Secretary of Health and Human Services to review its practices and records for HIPAA compliance

Related Articles
Can a transcript of my session become available if there is a legal request for progress notes?
How can Upheal use data provided by therapists under the BAA?
What are Upheal’s obligations under the BAA?
Make your workspace HIPAA compliant
Adding Upheal to your existing informed consent documents
Did this answer your question?