Business Associate Agreement (BAA)
MedXtract is prepared to enter into a Business Associate Agreement (BAA) with covered entities under HIPAA.
What is a BAA?
A Business Associate Agreement (BAA) is a contract between a covered entity (like a healthcare provider) and a business associate (like MedXtract) that ensures both parties understand their responsibilities for protecting PHI (Protected Health Information) under HIPAA.
When you use MedXtract to process patient documents, we become a business associate and need a BAA in place to legally handle PHI on your behalf.
Our BAA Commitment
- We will only use and disclose PHI as permitted by the BAA and HIPAA
- We implement appropriate safeguards to protect PHI
- We report any security incidents involving PHI
- We ensure our subcontractors also comply with HIPAA requirements
- We return or destroy PHI when the agreement terminates
Security Controls Covered
Technical Safeguards
- • Encryption in transit and at rest
- • Access controls and authentication
- • Audit logs and monitoring
- • Secure data transmission
Administrative Safeguards
- • Security policies and procedures
- • Workforce training and awareness
- • Incident response procedures
- • Regular risk assessments
Next Steps
Ready to move forward? Our legal team will work with you to execute a BAA that meets your organization's specific requirements and compliance needs.
This information is for general purposes only and does not constitute legal advice. Please consult with your legal counsel for specific compliance requirements.