What are Upheal’s obligations under the BAA?
Juraj Chrappa avatar
Written by Juraj Chrappa
Updated over a week ago

As a Business Associate under HIPAA, Upheal enters into a BAA with each therapist who uses the platform. Under the terms of the BAA, Upheal agrees to:

  • Only use and disclose personal health information (PHI) as permitted by the BAA or as required by law

  • Use security safeguards to prevent unauthorized use or disclosure of PHI

  • Report any unauthorized use or disclosure of PHI to the Covered Entity

  • Ensure that Upheal’s own subcontractors follow the same restrictions and conditions regarding the creation, receipt, maintenance, or transmission of PHI

  • Provide and update PHI when necessary and maintain records of disclosures, which should be made available to the Covered Entity

  • Allow the Secretary of Health and Human Services to review its practices and records for HIPAA compliance

Did this answer your question?