BAA Details

A Business Associate Agreement (BAA) is a legal contract required by HIPAA whenever a third party handles Protected Health Information on behalf of a healthcare provider. SOAP Note Buddy has BAA coverage in place for its cloud infrastructure.

Google Cloud BAA

All AI processing and cloud data storage runs on Google Cloud, which is covered by a HIPAA Business Associate Agreement. This BAA covers:

• Google Vertex AI — the service that powers note generation
• Google Firestore — the database that stores your synced patient data
• Google Cloud Run — the backend service that handles API requests

Google’s BAA ensures that all data processed through these services is handled in accordance with HIPAA requirements for security, privacy, and breach notification.

BAA Acceptance in the Extension

Before you can use SOAP Note Buddy, you must accept the BAA within the extension. This acceptance is presented when you add your first patient. You cannot proceed without agreeing to the terms.

If you need to review the BAA terms, they are available at soapnotebuddy.com/hipaa.

What the BAA Covers

The BAA establishes that:

• Data is encrypted in transit and at rest
• Access is restricted to authorized services only
• Google will notify us of any security breaches
• Data handling follows HIPAA’s minimum necessary standard
• Audit controls and logging are maintained

Your Practice’s BAA

SOAP Note Buddy’s BAA with Google covers the technology infrastructure. Depending on your practice’s compliance requirements, you may also need a BAA between your organization and SOAP Note Buddy. Contact [email protected] to discuss your specific needs.