Medreception AIMedreception AI
Medreception AI
Client Portal

HIPAA Compliance & Business Associate Agreements (BAA)

Medreception AI is built from the ground up for medical practices. We follow HIPAA requirements for protecting PHI, sign BAAs with our clients, and work only with vendors that support HIPAA-compliant use.

Our Role as a Business Associate

Medreception AI acts as a Business Associate to covered entities such as medical practices, clinics, and hospitals. We enter into a Business Associate Agreement (BAA) that describes:

  • How we use and protect Protected Health Information (PHI)
  • Permitted uses of PHI for scheduling, messaging, and operations
  • Our responsibilities in the event of an incident or breach
  • Retention and destruction of PHI when services end

Signing a BAA with Medreception AI

Every customer using Medreception AI in a way that involves PHI will receive a BAA as part of onboarding. The agreement can be:

  • Reviewed and e-signed during implementation
  • Stored in your account records for compliance audits
  • Updated if your scope of services, locations, or entities change

If you need a copy of our standard BAA for legal review, let us know on your discovery or implementation call.

PHI Handling & Minimum Necessary Use

Our AIs only collect and use the minimum PHI required to perform tasks like scheduling, routing, documenting calls, and sending reminders. Examples include:

  • Patient name and contact information
  • Appointment details and provider info
  • Basic complaint / reason for visit or referral
  • Insurance and authorization details when needed

We do not sell or use PHI for unrelated marketing. PHI is used only to support your practice's operations as described in the BAA.

Third-Party HIPAA Assessment

Medreception AI works with an independent HIPAA compliance partner to review policies, procedures, and technical safeguards. This third-party attestation helps ensure our controls align with HIPAA requirements and industry best practices.

Incident Response & Breach Notification

We maintain a documented incident response plan. In the unlikely event of a security incident involving PHI, we will:

  • Investigate and contain the issue as quickly as possible
  • Document impact and affected data to the extent known
  • Notify you in accordance with HIPAA timelines and the BAA terms

GET STARTED

Ready to transform your practice with AI?

Get started with our AI Medical Receptionists today and experience the future of patient care and engagement.