HIPAA-compliant BAA terms for hospital networks, clinic networks, and private clinical practices.
This Business Associate Agreement (BAA) applies to all transactions where PatientIQ (the Business Associate) stores, processes, or transmits Protected Health Information (PHI) on behalf of registered healthcare clinics, hospitals, or private practices (the Covered Entity).
PatientIQ will only use or disclose PHI as required to perform dashboard analytics, database storage, SOAP dictation note mapping, secure messaging synchronization, and related clinical SaaS actions requested by the Covered Entity, or as required by law.
We agree to implement administrative, physical, and technical safeguards that reasonably protect the confidentiality, integrity, and availability of electronic PHI (ePHI). Every record check, file access, and credential verification event is registered in the Security Audit log viewer with IP tracking.
PatientIQ will notify the Covered Entity within twenty-four (24) hours of discovering any unauthorized access, use, or disclosure of PHI (a Security Incident or Breach) to ensure federal notification thresholds are satisfied.