DOKit provides signed Business Associate Agreements (BAAs) for all customers processing protected health information (PHI).
A Business Associate Agreement (BAA) is a legally binding contract required under HIPAA between a Covered Entity (such as a healthcare provider, health plan, or healthcare clearinghouse) and a Business Associate (any vendor or service provider that handles PHI on their behalf).
The BAA establishes the permitted uses and disclosures of PHI, requires appropriate safeguards, and ensures compliance with HIPAA's Privacy and Security Rules. Without a signed BAA, Covered Entities cannot share PHI with vendors like DOKit.
PHI is used only to provide the contracted services and as required by law. We do not sell, share, or use PHI for any unauthorized purposes.
We implement administrative, physical, and technical safeguards to protect PHI, including AES-256 encryption, access controls, and comprehensive audit logging.
We commit to notifying you within 24 hours of discovering any breach of unsecured PHI, exceeding the HIPAA requirement of 60 days.
Any subcontractors we engage that access PHI are required to sign BAAs and adhere to the same privacy and security obligations.
Upon termination, we return or destroy all PHI as directed. You can request a certificate of destruction for compliance records.
Ready to get started? Contact us to request a BAA. Our team typically processes BAA requests within 1-2 business days.