Skip to main content
All CollectionsPrivacy and securityUpheal’s Business Associate Agreement (BAA)
Do you have a Business Associate Agreement (BAA)?
Do you have a Business Associate Agreement (BAA)?
Juraj Chrappa avatar
Written by Juraj Chrappa
Updated over a year ago

Yes. You can find our Business Associate Agreement (BAA) here which governs our cooperation between us as a Business Associate and healing professionals when they are defined as a Covered Entity under HIPAA. All Covered Entities who use our platform agree to the terms of the BAA upon signing up

As a Business Associate under HIPAA, Upheal enters into a BAA with each therapist who uses the platform. Under the terms of the BAA, Upheal agrees to:

  • Only use and disclose personal health information (PHI) as permitted by the BAA or as required by law

  • Use security safeguards to prevent unauthorized use or disclosure of PHI

  • Report any unauthorized use or disclosure of PHI to the Covered Entity

  • Ensure that Upheal’s own subcontractors follow the same restrictions and conditions regarding the creation, receipt, maintenance, or transmission of PHI

  • Provide and update PHI when necessary and maintain records of disclosures, which should be made available to the Covered Entity

  • Allow the Secretary of Health and Human Services to review its practices and records for HIPAA compliance

Related Articles
How can Upheal use data provided by therapists under the BAA?
Can Upheal access clients' information stored on the platform?
What are Upheal’s obligations under the BAA?
Make your workspace HIPAA compliant
How does Upheal protect my personal information?
Did this answer your question?