BAA Requirement: A Business Associate Agreement is required ONLY when processing Protected Health Information (PHI). If your use of ABV involves only de-identified or non-PHI healthcare data, a BAA is not necessary.
ABV serves as a Business Associate when you use our platform to process or store PHI. We enter into a Business Associate Agreement (BAA) with you and implement appropriate safeguards to protect PHI.
ABV’s HIPAA Compliance
Business Associate Agreement (BAA)
Business Associate Agreement (BAA)
A BAA is legally required under HIPAA before sending any PHI to ABV. If you’re unsure whether your data qualifies as PHI, consult your compliance or legal team. The BAA defines how we handle PHI, outlines security safeguards, establishes breach notification procedures, and provides audit rights.To request a BAA, contact [email protected].
Dedicated HIPAA Infrastructure
Dedicated HIPAA Infrastructure
Enterprise plans include dedicated HIPAA infrastructure with isolated environments, enhanced access controls, comprehensive audit logging, and dedicated AWS regions. Contact sales to learn more.
Security Safeguards
Security Safeguards
ABV implements HIPAA-required safeguards:
- Technical: Access controls, audit logging, integrity controls, encryption (TLS 1.2+ in transit, AES-256 at rest)
- Administrative: Security management, workforce training, contingency planning (validated by ISO 27001)
- Physical: AWS HIPAA-compliant data centers with facility access controls
Your Responsibilities
Execute a BAA
Contact [email protected] to execute a Business Associate Agreement before sending PHI.
Configure Security
- Use RBAC to limit PHI access
- Enable Enterprise SSO with MFA
- Configure data masking to redact PHI
- Set data retention policies
Monitor Access
Regularly review audit logs and have a breach response plan. Contact [email protected] if you suspect an incident.