HIPAA Business Associate Agreement

HIPAA Business Associate Agreement

Business Associate Agreement for HIPAA Compliance

Last Updated: 13/03/2026

HIPAA Business Associate Agreement

This Business Associate Agreement ("BAA") is entered into between FISIOTOOL SOFTWARE LLC ("Business Associate") and the user or entity ("Covered Entity") using the Sentinel Health AI platform.

Effective Date: Upon acceptance of these terms

Parties

Business Associate

FISIOTOOL SOFTWARE LLC
1621 Central Ave
Cheyenne, WY 82001
United States
EIN: 37-2215928
support@sentinelhealthai.com

Covered Entity

The user or entity accessing and using the Sentinel Health AI platform for healthcare-related purposes.

Definitions

Protected Health Information (PHI)

Any individually identifiable health information transmitted or maintained by the Covered Entity, regardless of form, that is created or received by the Covered Entity.

Business Associate

A person or entity that performs certain functions or activities on behalf of, or provides certain services to, a Covered Entity that involve the use or disclosure of PHI.

Electronic Protected Health Information (ePHI)

Any PHI that is transmitted in electronic form or maintained in electronic media.

Business Associate Obligations

1. Use and Disclosure Limitations

Business Associate shall not use or disclose PHI other than as permitted by this Agreement or as required by law.

2. Safeguards

Business Associate shall implement appropriate administrative, physical, and technical safeguards:

  • Encryption for all ePHI in transit and at rest
  • Access controls and authentication mechanisms
  • Audit logging and monitoring
  • Business continuity and disaster recovery
  • Workforce security training

3. Minimum Necessary

Business Associate shall only use or disclose the minimum necessary PHI to accomplish the intended purpose of the use or disclosure.

4. Reporting

Business Associate shall report any breach of unsecured PHI to Covered Entity without unreasonable delay and no later than 60 days after discovery.

Permitted Uses and Disclosures

Business Associate may use or disclose PHI only for the following purposes:

  • To provide services to Covered Entity as specified in the Terms of Service
  • For the proper management and administration of Business Associate
  • To carry out responsibilities under this Agreement
  • As required by law, with appropriate documentation
  • For public health and safety purposes, as permitted by HIPAA

Security Requirements

Technical Safeguards

  • Access control: Unique user identification and emergency access procedures
  • Audit controls: Hardware, software, and procedural mechanisms
  • Integrity controls: Mechanisms to prevent improper alteration or destruction
  • Transmission security: Encryption for all ePHI transmissions

Administrative Safeguards

  • Security official: Designated responsible for security policies
  • Workforce security: Policies and procedures for workforce members
  • Information access management: Implementation of access policies
  • Security awareness and training: Ongoing education programs

Physical Safeguards

  • Facility access controls: Controlling physical access to facilities
  • Workstation security: Policies for proper workstation use
  • Device and media controls: Policies for device and media management

Breach Notification

Business Associate shall:

  • Identify and report breaches of unsecured PHI without unreasonable delay
  • Provide Covered Entity with all relevant information about the breach
  • Cooperate with Covered Entity in breach notification requirements
  • Maintain documentation of breach notifications for 6 years

Timeline: Business Associate must notify Covered Entity no later than 60 days after discovery of a breach.

Term and Termination

This Agreement shall remain in effect as long as Business Associate creates, receives, maintains, or transmits PHI on behalf of Covered Entity.

Upon termination:

  • Business Associate shall return or destroy all PHI
  • Business Associate shall provide written certification of compliance
  • Business Associate may retain limited PHI for legal requirements
  • Obligations under this Agreement shall survive termination

HIPAA Compliance Contact

For HIPAA compliance matters, breach notifications, or security concerns:

HIPAA Compliance

compliance@sentinelhealthai.com

Response Time: Within 24 hours

Security Incident Reporting

Report suspected security incidents immediately to ensure timely breach notification requirements.

Agreement Acceptance

By using the Sentinel Health AI platform, you acknowledge and agree to:

  • Be bound by the terms of this Business Associate Agreement
  • Comply with all applicable HIPAA requirements
  • Implement appropriate safeguards for PHI
  • Report breaches and security incidents promptly
  • Cooperate in compliance and audit activities

This Agreement constitutes a legally binding contract under HIPAA regulations.