Business Associate Agreement
Required for all agencies accessing PHI through AegisSage.
01. PHI Handling
AegisSage Intelligence Inc. acts as a Business Associate under HIPAA. We process Protected Health Information (PHI) solely to provide services outlined in your subscription agreement. PHI is encrypted at rest using AES-256-GCM and in transit via TLS 1.3.
02. Subcontractors
We engage HIPAA-compliant subcontractors — Supabase (database + storage), Vercel (hosting), SRFax (HIPAA-compliant fax dispatch) — under equivalent BAA terms. No PHI is shared with any third party outside of these agreements without explicit agency consent.
03. Breach Notification
In the event of a breach affecting PHI, AegisSage will notify the Covered Entity within 60 calendar days of discovery in accordance with 45 CFR § 164.410. Incident reports include nature of breach, PHI involved, and remediation steps taken.
04. Execute Your BAA
To execute a Business Associate Agreement with AegisSage Intelligence Inc., email compliance@aegissage.com with your agency name and NPI number. We will return a countersigned BAA within 2 business days. A signed BAA is required before transmitting any Protected Health Information through our platform.
AegisSage Intelligence Inc. | Compliance Division | HIPAA