What is a Business Associate Agreement (BAA) and why do I need to sign one?
In order to comply with HIPAA, every covered entity must have a written agreement with each of its business associates.
The BAA is an assurance from Digital Wellness Group, LLC that we will safeguard your data in the same ways you as a covered entity are required to. It also clarifies and limits how we use and disclose PHI. Finally, it highlights the appropriate safeguards necessary to prevent unauthorized use or disclosure of PHI. If a company will not sign a BAA with your organization or practice, then you should not trust them with your clients’ PHI. Pacifica Labs is proud to have vetted its BAA against HIPAA regulations. We maintain a comprehensive agreement that ensures full compliance between the covered entity (the clinician) and the business associate (Pacifica).
How is Digital Wellness Group, LLC HIPAA Compliant?
In accordance with HIPAA laws, we have established the appropriate safeguards to ensure that data stored and transmitted through Pacifica for Clinicians and the mobile app is kept completely secure to protect user privacy.
Our servers are hosted in a secure data center at Amazon Web Services, with whom we have a business associate agreement (BAA) on file. AWS’s services and data centers have multiple layers of operational and physical security to help ensure the integrity and safety of customer data. Dedicated Instances physically isolate data, layered Security Groups and private subnets prevent undesirable data transmission, and Virtual Private Clouds allow for access and security restrictions. Lastly, all Pacifica employees’ devices are centrally managed, adhere to defined security policies, and can be remotely wiped.
We work closely with Amazon Solutions Architects to securely process, maintain and store Protected Health Information (PHI). Your data is encrypted everywhere, whether on our servers or on a mobile device. Pacifica ensures that all devices used to connect to Pacifica for Clinicians adhere to the HIPAA Security Rule, enforcing both in-transit and at-rest encryption, as well as requiring device-specific passcodes. In addition, unsafe ciphers, including early versions of TLS (and thus, older Android devices), are prevented from connecting to Pacifica for Clinicians due to security vulnerabilities.
We have comprehensive policies in place to ensure that electronic protected health information (ePHI) is handled with industry-standard security best practices. Every staff member is HIPAA trained and certified. To ensure that your data remains safe and secure, we have BAAs with all third party providers, subcontractors, and agents.