HIPAA Safeguards & BAA Portal
DocReport operates under strict administrative, physical, and technical controls. Execute a legally binding Business Associate Agreement (BAA) with us instantly online.
AES-256 & TLS 1.3 Encryption
All Protected Health Information (PHI) is encrypted at rest using AES-256 keys and in transit using secure TLS 1.3 protocols. Your data is never transmitted unencrypted.
Isolated US Cloud Region
All processing and databases are hosted in isolated, dedicated Google Cloud Platform (GCP) data centers located strictly within the United States (US-East/US-West regions).
Zero Model Training on PHI
We sign strict agreements with our clinical AI providers ensuring zero retention. Your patient records, encounter notes, and audios are never stored or used to train public LLM models.
Audit Logs & Access Controls
Strict, immutable access logs track every single data touchpoint. Access is restricted under role-based controls (RBAC) ensuring only authorized systems handle active clinical files.
Execute BAA Instantly
Fill out your practice parameters. The legal contract on the right will dynamically compile.
Live Contract Sheet
Be Smart Global, LLC Standard BAA v2.1
BUSINESS ASSOCIATE AGREEMENT
Executed pursuant to HIPAA regulations
This Business Associate Agreement ("Agreement") is entered into and made effective as of the date of execution ("Effective Date") by and between:
[Legal Clinic Name]
Representative: [Authorized Representative]
Title: [Representative Title]
Email: [Email Address]
Be Smart Global, LLC (dba DocReport)
Delaware File Number: 10620833
Registered Agent: Legalinc Corporate Services Inc.
Address: 131 Continental Dr, Newark, DE 19713
Covered Entity and Business Associate are collectively referred to as the "Parties." This Agreement regulates the treatment of Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and the HITECH Act.
Terms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms in the HIPAA Privacy and Security Rules (45 CFR Parts 160 & 164).
Business Associate shall process, compile, and structure Protected Health Information (PHI) solely to perform services for Covered Entity as described in the Terms of Service. Business Associate shall not use or disclose PHI in a manner that would violate HIPAA rules if performed by Covered Entity.
Business Associate agrees to implement comprehensive administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of electronic PHI that it creates, receives, maintains, or transmits on behalf of Covered Entity, in accordance with the HIPAA Security Rule.
In accordance with HITECH Act standards, Business Associate shall report any suspected or confirmed security breach, unauthorized access, or leakage of unsecured PHI to Covered Entity within **seventy-two (72) hours** of discovery. The notification shall contain all known metrics, including details of affected patients and steps taken to mitigate the leak.
Upon termination of the Terms of Service, Business Associate shall immediately return or securely destroy all PHI received from, or created on behalf of, Covered Entity. Zero data retention models shall be executed across all storage databases. If destruction is impossible, the protections of this BAA shall extend indefinitely.
EXECUTION & SIGNATURE BLOCK
By: __________________________
Title: __________________________
Date: __________________________
By: Be Smart Global, LLC
Title: Managing Director (dba DocReport)
Date: __________________________