The Health Insurance Portability and Accountability Act (HIPAA) Business Associate Agreement (BAA) helps ensure you meet HIPAA compliance.

Paola Vidulich avatar
Written by Paola Vidulich
Updated over a week ago


What is HIPAA?

HIPAA is the Health Insurance Portability and Accountability Act. It’s a set of physical, technical and administrative standards intended to secure the sharing of medical data – also known protected health information (PHI).

HIPAA is relevant to customers and clients based in the United States.

Why is Dreamaker.io HIPAA compliant?

In September of 2013, the Final Omnibus Rule Update was passed. It expanded the applicability of HIPAA from the traditional entities like hospitals and insurers to anyone who stores, manages or transmits PHI. These entities are now called Business Associates. So, companies like Dreamaker.io.

Do I need HIPAA compliance?

All Covered Entities need to be HIPAA compliant. A Covered Entity is anyone who provides treatment, payment and operations in healthcare. This includes clinics, hospitals, independent practices, home health agencies, pharmacies and insurance companies. The fines for HIPAA violations can be pretty severe, up to $50,000 for a single incident. 

How does the Business Associates Agreement (BAA) work?

A Business Associate is a vendor or subcontractor who has access to PHI transmitted or stored by a covered entity. So, if you’re a therapist or counselor and you upload client data through Dreamaker.io, you’re a Covered Entity and we’re a Business Associate.

If you are based in the United States, signing the BAA will ensure that we uphold our end of safeguarding and managing client data properly. It will also clearly outline what services you should expect us to render, and what we are responsible for. A BAA is necessary for you to complete your HIPAA compliance.

If you signed up for a HIPAA BAA ready plan & are interested in signing a BAA with us, contact us to discuss your options.

Did this answer your question?