Business Associate Agreement

We sign a BAA with every practice.

Before any protected health information (PHI) flows through DentalOps, we sign a Business Associate Agreement with your practice. This is non-negotiable, and it's the bar your compliance officer expects.

Need our BAA right now? Email hello@dentalops.dev with your practice name and we'll send the executable PDF within one business day.

What's a BAA?

Under HIPAA, a covered entity (your dental practice) must execute a Business Associate Agreement with any vendor that creates, receives, maintains, or transmits PHI on its behalf. The BAA contractually obligates the vendor (DentalOps, in this case) to safeguard PHI to the same standards the covered entity is required to meet.

Our standard BAA covers

Permitted usesLimited to the services described in your DentalOps subscription. No PHI used for marketing, analytics, training, or model development.
SafeguardsAdministrative, physical, and technical safeguards meeting the HIPAA Security Rule.
SubcontractorsEach downstream subprocessor with potential PHI access has its own executed BAA. See the list.
Breach notification60-day window to notify your practice of any reportable breach, with the breach details required by 45 CFR 164.410.
Audit rightsYou can request our security documentation, audit log exports, and quarterly access reviews at any time.
TerminationReturn or destruction of all PHI within 30 days of contract end, with written attestation.
IndemnificationMutual, scoped to gross negligence and willful misconduct.

How signing works

Email us. We send the BAA PDF, pre-filled with DentalOps as Business Associate.
Your compliance officer or attorney reviews. We're happy to take redlines; most reasonable changes are accepted same-day.
You sign first via DocuSign. We countersign within one business day.
Both parties get an executed PDF copy. No PHI flows until both signatures are in place.

Common questions

Will you accept our standard BAA instead of yours?

Yes, in most cases. Our team reviews your form within two business days. We may propose light edits to align with our subprocessor stack (Anthropic, AWS, Twilio, Stripe).

Do you charge for the BAA?

No. The BAA is included with every paid subscription, including the design-partner cohort.

What about a Data Processing Addendum (DPA)?

For practices with non-PHI data flows (general business data, employee information), we can also execute a standard DPA. Mention it in your initial email and we'll bundle both.

Can I see the agreement before I commit?

Yes. Email us and we'll share a redacted preview copy under mutual NDA. Practices in the design-partner cohort get the full unredacted agreement up front.

Request our BAA template →

Last updated: 2026-05-01