Business Associate Agreement

A Business Associate Agreement (BAA) is a legal contract required under HIPAA between a covered entity (healthcare provider, health plan, or healthcare clearinghouse) and a business associate (a vendor like Onalyst that handles PHI on their behalf).

The BAA establishes the permitted uses and disclosures of PHI, requires appropriate safeguards, and ensures compliance with HIPAA regulations.

Our Business Associate Agreement covers:

• Audio recordings of patient encounters
• Transcribed text from recordings
• AI-generated clinical notes and documentation
• Patient demographic information
• ICD-10 codes and billing information
• Any other PHI processed through our platform

• Permitted Uses: PHI may only be used to provide the contracted services
• Safeguards: Implementation of administrative, physical, and technical safeguards
• Subcontractors: Any subcontractors handling PHI must also sign BAAs
• Breach Notification: 24-hour notification requirement for any security incidents
• Audit Rights: Covered entity may audit our HIPAA compliance
• Termination: Either party may terminate for material breach
• Return/Destruction: PHI returned or destroyed upon termination

The free Starter plan is not intended for use with PHI and does not include a BAA.

To request a Business Associate Agreement:

1. Sign up for a Professional or Clinic plan
2. Contact our compliance team at compliance@onalyst.org
3. Provide your organization details and authorized signatory information
4. We'll send you our standard BAA for review and signature
5. Once signed by both parties, your account will be BAA-protected