Overview

A Business Associate Agreement (BAA) is executed with every client prior to the activation of any module that may process Protected Health Information (PHI). This agreement satisfies the HIPAA Privacy and Security Rule requirements for covered entities and their business associates.

What the BAA Covers

Permitted uses and disclosures of PHI
Data security safeguards (AES-256 at rest, TLS 1.2+ in transit)
Breach notification procedures
Data retention and destruction policies
Subcontractor obligations
Audit and monitoring rights

Data Handling

Phone numbers are SHA-256 hashed with a per-clinic salt before storage. No raw PHI is persisted in our systems. Patient inquiries are classified by intent (pricing, scheduling, clinical) and routed accordingly — clinical/dosing questions are immediately escalated to licensed staff.

Get Your BAA

The full BAA is executed as part of the onboarding process. For review before signing, contact nick@scrutexity.com.