Skip to main content

BAA with WithinEHR

WithinEHR executes a Business Associate Agreement (BAA) with all covered entities and partners that handle Protected Health Information (PHI) in compliance with HIPAA regulations.

The BAA establishes WithinEHR’s legal and operational responsibility as a Business Associate and outlines how PHI is accessed, processed, stored, and protected within the platform.

Under this agreement, WithinEHR commits to:

  • Safeguarding PHI: Implement and maintain appropriate administrative, technical, and physical safeguards to protect PHI against unauthorized access, use, or disclosure.
  • HIPAA Compliance: Fully comply with HIPAA Privacy, Security, and Breach Notification Rules as they apply to business associates.
  • Data Use Limitations: Use or disclose PHI solely for permitted purposes as defined by the agreement and applicable law.
  • Breach Notification: Promptly notify covered entities of any unauthorized disclosure, breach, or suspected compromise of PHI and support required remediation actions.
  • Subcontractor Accountability: Ensure that any subcontractors or partners with potential access to PHI are bound by HIPAA-compliant agreements and security standards.
  • Audit and Compliance Support: Provide cooperation for audits, risk assessments, and regulatory inquiries when reasonably required.
  • Secure Data Handling: Enforce secure data storage, encryption, and retention policies aligned with industry standards.
  • Termination Protections: Ensure proper handling or secure destruction of PHI upon contract termination.

The BAA ensures that Covered Entities using WithinEHR can confidently deploy the platform knowing patient data is handled with the highest level of legal, operational, and security assurance.