HIPAA COMPLIANCE
Business Associate Agreement
xEHR provides a signed BAA to all customers handling Protected Health Information.
What is a Business Associate Agreement?
A Business Associate Agreement (BAA) is a legally binding contract required by HIPAA between a covered entity (healthcare provider) and a business associate (xEHR) that handles Protected Health Information (PHI) on their behalf.
xEHR's Commitment
As your business associate, xEHR commits to:
- Use and disclose PHI only as permitted by the agreement and HIPAA
- Implement appropriate safeguards to prevent unauthorized use or disclosure
- Report any security incidents or breaches promptly
- Ensure any subcontractors agree to the same restrictions
- Make PHI available to individuals upon request
- Return or destroy PHI upon contract termination
Security Measures
Our BAA is backed by robust technical safeguards including:
- AES-256 encryption for data at rest and in transit
- Role-based access controls
- Comprehensive audit logging
- Regular security assessments and penetration testing
- Hosted on SOC 2 Type II, ISO 27001 certified cloud infrastructure
- Multi-tenant isolation with dedicated clinical data stores per organization
How to Obtain Your BAA
xEHR provides a signed Business Associate Agreement as part of every customer onboarding process. Your BAA will be provided during implementation before any PHI is transferred to our platform.
Request BAA Information
For questions about our Business Associate Agreement or to request a copy for review, please contact our compliance team.
Contact Compliance Team