HIPAA COMPLIANCE

Business Associate Agreement

DDSVPN offers a BAA to all paying customers. Here's what it covers and how to request one.

What is a BAA?

A Business Associate Agreement is a legal contract required by HIPAA when a third-party service provider may come into contact with Protected Health Information (PHI). It establishes the responsibilities of both parties in protecting Patient Data.

Does DDSVPN need a BAA?

DDSVPN operates as a network conduit — we create an encrypted tunnel between your staff and your Office network. We do not store, process, view, or have access to any Patient Data flowing through the tunnel. Under HIPAA's Conduit Exception (45 CFR 160.103), transmission-only services may not require a BAA.

However, because we handle authentication credentials and connection metadata for healthcare workers, many of our clients prefer to have a BAA in place. We're happy to sign one.

What Our BAA Covers

  • DDSVPN will not access, use, or disclose PHI except as permitted
  • DDSVPN will implement appropriate safeguards (encryption, access controls, audit logging)
  • DDSVPN will report any security incidents within 48 hours
  • DDSVPN will return or destroy any PHI upon termination (N/A — we don't store PHI)

How to Request a BAA

Email compliance@ddsvpn.com with your practice name and we'll send a signed BAA within 2 business days. BAAs are included at no additional cost on all paid plans.

Request a BAA