Business Associate Agreement

What is a BAA?

A Business Associate Agreement (BAA) is a legally binding contract required by HIPAA between a covered entity (you, the clinician) and a business associate (us, Speechtherapist.app) that handles Protected Health Information (PHI) on your behalf. The BAA establishes the permitted uses and disclosures of PHI and requires the business associate to implement appropriate safeguards.

Our BAA

By subscribing to Speechtherapist.app's Professional plan, a BAA is automatically in effect between you and SpeechLP, Inc. Our BAA covers:

• Permitted uses and disclosures of PHI
• Obligations to safeguard PHI
• Breach notification procedures (within 60 days of discovery)
• Requirements for sub-contractors (sub-business associates)
• Return or destruction of PHI upon termination
• Individual rights to access and amend PHI
• Accounting of disclosures

Requesting a Custom BAA

If your organization requires a custom BAA or has specific contractual requirements, please contact us at compliance@speechtherapist.app. We accommodate custom BAAs for practices, clinics, and hospital systems.

Our Sub-Processors

We maintain BAAs with all sub-processors that may access PHI:

PHI Data Flow

When you use Speechtherapist.app, PHI flows through these systems:

1. Recording: Audio captured in your browser is encrypted (AES-256-GCM) before upload to Firebase Storage
2. Transcription: Audio streams to Deepgram via encrypted WebSocket for real-time transcription
3. AI Processing: Transcripts and patient context are sent to Anthropic's API via TLS for note generation
4. Storage: All clinical data is stored in user-scoped Firestore documents with server-side access controls

Contact

For BAA requests or compliance questions: compliance@speechtherapist.app