Aurin SolutionsAurin Solutions← Back to Home

Business Associate Agreement (BAA)

Last updated: February 8, 2026

What is a BAA?

A Business Associate Agreement (BAA) is a legally binding contract required under the Health Insurance Portability and Accountability Act (HIPAA). It establishes the permitted uses and disclosures of Protected Health Information (PHI) by a business associate—such as Aurin Solutions—on behalf of a covered entity like a home care agency.

Our Commitment

Aurin Solutions is committed to safeguarding PHI in compliance with HIPAA regulations. We offer a BAA to all customers who are covered entities or business associates under HIPAA.

Our BAA covers the following key obligations:

  • Use & Disclosure Restrictions: PHI will only be used and disclosed as permitted by the agreement and HIPAA regulations.
  • Safeguards: We implement administrative, physical, and technical safeguards to protect PHI against unauthorized use or disclosure.
  • Breach Notification: We will promptly notify you in the event of any breach of unsecured PHI, in accordance with HIPAA Breach Notification Rules.
  • Subcontractor Compliance: We ensure that any subcontractors who access PHI agree to the same restrictions and conditions.
  • Access & Amendment: We will make PHI available for access and amendment as required under HIPAA.
  • Accounting of Disclosures: We maintain records required to provide an accounting of disclosures.
  • Return or Destruction: Upon termination of the agreement, we will return or destroy all PHI, where feasible.

Security Measures

Our platform is designed with HIPAA-aligned security controls that support BAA compliance:

  • AES-256 encryption for all data at rest.
  • TLS 1.2+ encryption for all data in transit.
  • Role-based access controls (RBAC) and multi-factor authentication.
  • Immutable audit logging for all PHI access and modifications.
  • Automatic session management and inactivity timeouts.
  • Regular vulnerability assessments and penetration testing.

For full details, see our Security Overview.

Who Needs a BAA?

If your organization is a HIPAA-covered entity (such as a home care agency, home health provider, or healthcare organization) or a business associate that handles PHI, you will need a BAA in place before using the Aurin Solutions platform to process PHI.

How to Request a BAA

We provide our BAA to eligible customers at no additional cost. To request a BAA or learn more about our HIPAA compliance capabilities:

Contact our compliance team:

Email: customer@aurinsolutions.com

Please include your organization name, contact information, and a brief description of your use case.

Frequently Asked Questions

Is a BAA included with all plans?

A BAA is available for all customers on our Professional and Enterprise plans. Contact us for details on plan eligibility.

How quickly can a BAA be executed?

Our standard BAA can typically be executed within 1–3 business days. Custom BAA provisions may take longer depending on requirements.

Does Aurin Solutions conduct independent security assessments?

We perform regular internal security assessments and recommend independent third-party audits for formal compliance certification. We are happy to share our security documentation upon request.