Business Associate Agreement
HIPAA BAA
CareCribe enters into a Business Associate Agreement (BAA) with all covered entities prior to processing any protected health information (PHI). This page provides an overview of our BAA terms. To receive a copy of our full BAA for review and execution, please contact us.
What is a BAA?
A Business Associate Agreement is a contract required by HIPAA between a covered entity (your organization) and a business associate (CareCribe) that handles protected health information on your behalf. It establishes the permitted uses and disclosures of PHI and requires appropriate safeguards.
Our Commitments
PHI Protection
We implement administrative, physical, and technical safeguards to protect all PHI in accordance with HIPAA Security Rule requirements.
Breach Notification
We will notify you of any breach of unsecured PHI within the timeframes required by HIPAA, including details of the breach and steps taken to mitigate harm.
Access Controls
PHI access is restricted to authorized personnel only. All access is logged and auditable. Role-based permissions ensure minimum necessary access.
Data Encryption
All PHI is encrypted in transit (TLS 1.2+) and at rest (AES-256). Audio recordings and clinical notes are stored in encrypted, access-controlled storage.
Subcontractor Compliance
Any subcontractors who may access PHI are required to agree to the same restrictions and conditions that apply to CareCribe under the BAA.
Data Return/Destruction
Upon termination of the agreement, we will return or destroy all PHI as directed by the covered entity, in accordance with HIPAA requirements.
Request a BAA
To request a copy of our Business Associate Agreement for review and execution, contact our compliance team:
CareCribe Compliance Team
compliance@carecribe.comWe typically execute BAAs within 2–3 business days.