Business Associate Agreement

Business Associate Agreement

Last updated: February 13, 2026

Overview

This Business Associate Agreement ("BAA") summary describes the standard HIPAA terms between Peerakeet, Inc. ("Business Associate") and healthcare organizations or business associates that use Peerakeet services ("Covered Entity" or "Customer").

This public page is a summary for transparency. The full signable BAA is provided through Peerakeet's admin workflow.

Definitions

  • Protected Health Information (PHI): Individually identifiable health information transmitted or maintained in any form.
  • Electronic Protected Health Information (Electronic PHI): PHI transmitted or maintained in electronic form.
  • Security Incident: Attempted or successful unauthorized access, use, disclosure, modification, or destruction of PHI, or interference with system operations.
  • Breach: Unauthorized acquisition, access, use, or disclosure of PHI that compromises the security or privacy of PHI, as defined by HIPAA.
  • Unsecured PHI: PHI that has not been rendered unusable, unreadable, or indecipherable through approved methods.

Obligations of Business Associate

Peerakeet agrees to:

  • Use and disclose PHI only as permitted by the BAA and applicable law.
  • Implement administrative, physical, and technical safeguards to protect PHI and Electronic PHI.
  • Apply minimum necessary standards for use and disclosure of PHI, as applicable.
  • Report Security Incidents involving Customer PHI without unreasonable delay.
  • Report Breaches of Unsecured PHI without unreasonable delay and in accordance with HIPAA notification requirements.
  • Ensure subcontractors handling PHI are bound by written terms that are no less protective than the BAA.
  • Support Customer obligations for access, amendment, and accounting of disclosures under HIPAA.
  • Make relevant records available to HHS for HIPAA compliance review when required.
  • Return or destroy PHI at termination when feasible, or continue protections if return or destruction is infeasible.

Permitted Uses and Disclosures

Peerakeet may use or disclose PHI:

  • To provide services under the applicable services agreement.
  • For proper management and administration of Peerakeet, where permitted by law and the BAA.
  • To carry out legal responsibilities as required by law.
  • For Data Aggregation and other HIPAA-permitted operations.
  • To report violations of law to appropriate federal or state authorities, as permitted by HIPAA.

De Identified Data

Peerakeet may de identify PHI in accordance with HIPAA requirements (45 CFR § 164.514(a) and (b)). Once data is de identified, it is no longer PHI and may be used for lawful purposes, including service operations, quality improvement, security, and product development.

Security Measures

Peerakeet maintains safeguards designed to protect PHI and Electronic PHI, including:

  • Encryption for PHI in transit and at rest.
  • Access controls and role-based permissions.
  • Audit logging and monitoring.
  • Policies, procedures, and workforce training aligned with HIPAA obligations.

Breach Notification

If Peerakeet discovers a Breach of Unsecured PHI, Peerakeet will notify Customer without unreasonable delay and in no case later than the deadline set in the executed BAA, consistent with 45 CFR § 164.410.

Notification includes, to the extent known, affected individuals, incident timing, types of information involved, mitigation steps, and contact information.

Term and Termination

The BAA remains in effect for the term of the underlying services agreement unless terminated earlier according to its terms. Upon termination, PHI is returned or destroyed when feasible, and protections continue for retained PHI where return or destruction is infeasible.

Request a Signed BAA

To request a signed Business Associate Agreement for your organization:

Contact Peerakeet

Email: support@peerakeet.com

Please include your organization name, contact information, and any specific requirements for your BAA.