Back to Home

Business Associate Agreement

Business Associate Agreement (BAA)

Last Updated: March 2026

As a Business Associate under HIPAA, Scribient executes Business Associate Agreements with all customers who process protected health information (PHI) through our platform.

What is a BAA?

A Business Associate Agreement is a legally binding contract required by HIPAA when a covered entity (healthcare provider, health plan, or healthcare clearinghouse) shares PHI with a business associate (a vendor or service provider).

The BAA establishes:

  • The permitted uses and disclosures of PHI
  • Required safeguards to protect PHI
  • Breach notification requirements
  • Responsibilities of both parties

    • When Do You Need a BAA?

    You need a BAA with Scribient if:

  • You are a HIPAA covered entity
  • You use Scribient to process, store, or transmit PHI
  • Your patients' health information is entered into or generated by our platform

    • If you're unsure whether you need a BAA, consult with your compliance officer or legal counsel.

    Our BAA Terms

    Scribient's BAA includes the following key provisions:

    Permitted Uses

  • Processing clinical recordings and transcriptions
  • Generating SOAP notes and clinical documentation
  • Storing PHI on our secure infrastructure
  • EHR integration and data synchronization
  • Concierge services (where applicable)

    • Safeguards We Provide

  • Administrative safeguards (policies, training, access controls)
  • Physical safeguards (secure facilities, workstation security)
  • Technical safeguards (encryption, access controls, audit logging)

    • Breach Notification

  • Immediate investigation upon discovery
  • Notification within 24 hours of confirmed breach
  • Full cooperation with covered entity's response
  • Documentation and remediation

    • Subcontractors

  • All subcontractors must agree to equivalent protections
  • Scribient remains responsible for subcontractor compliance
  • List of subcontractors available upon request

    • Termination

  • Return or destruction of PHI upon termination
  • 30-day data export period
  • Certification of data destruction available

    • How to Request a BAA

    For New Customers

    A BAA is included as part of the subscription process. When you sign up for Scribient:

    1. Review the BAA terms presented during checkout

    2. Accept the BAA as part of account creation

    3. A countersigned copy is emailed to you

    For Existing Customers

    If you need a copy of your executed BAA or need to update your agreement:

    1. Contact your account manager

    2. Or email legal@scribient.ai

    3. We'll send your BAA within 24 hours

    For Enterprise Customers

    If you require a custom BAA or have specific contractual requirements:

    1. Contact our sales team

    2. Schedule a call with our legal team

    3. We'll work with you to meet your needs

    Frequently Asked Questions

    Is the BAA included with all plans?

    Yes, a BAA is included with all Scribient subscription plans at no additional cost.

    Can I use my organization's BAA template?

    For enterprise customers, we can review and potentially accept your organization's BAA template. Contact legal@scribient.ai.

    How long is the BAA valid?

    The BAA remains in effect for the duration of your subscription and until all PHI has been returned or destroyed.

    What happens to PHI after termination?

    You have 30 days to export your data after termination. After this period, PHI is securely destroyed in accordance with HIPAA requirements.

    Contact Information

    For BAA requests and questions:

    **Email**: legal@scribient.ai

    **Phone**: 1-800-SCRIBIENT

    For compliance questions:

    **Email**: compliance@scribient.ai

    Request a call with our compliance team:

    Schedule a Meeting

    Other Legal Documents

    Privacy PolicyTerms of ServiceHIPAA ComplianceBAA Information