Business Associate Agreement (BAA)

HIPAA rules technically apply only to "covered entities"—health plans, clearinghouses, and certain health care providers. Many of these covered entities engage other businesses, called "business associates", to help carry out their day-to-day business functions. 

The HIPAA Privacy Rule allows for protected health information to be disclosed to business associates only if assurances are made that the business associate will adhere to specific guidelines to safeguard and avoid misuse of the shared PHI. These assurances can be made through a business associate agreement (BAA). For more information about business associates and BAAs, visit

TherapyNotes, as a business associate for your practice, has developed a BAA to help you adhere to these HIPAA guidelines. This must be signed and uploaded in order for practices using TherapyNotes to remain HIPAA compliant.

Role Required: Practice Administrator

To download, sign, and upload the Business Associate Agreement:

  • Click the User Icon > Settings > TherapyNotes Subscription
  • Under Practice Documents and Agreements, click To be HIPAA compliant, a BAA must be signed. Additional instructions will appear.

  • Click the download our Business Associate Agreement link to download a PDF of our BAA.
  • Electronically sign the BAA using your preferred PDF reader, or print, sign, and scan the signed BAA.
Tip: The maximum file size for uploading a scanned BAA is 25MB. To stay below the maximum file size, we recommend scanning your document at no higher than 150 dpi. For more information, read  Tips for Scanning Documents and Reducing File Size.
  • Click the Upload Signed BAA button and upload the signed BAA.

TherapyNotes autofills your practice name on the BAA. To change the name that appears on the BAA, click the User Icon > Settings > Practice Information and edit the Practice Name field.

Still need help? Contact Us Contact Us