HIPAA Compliance & Business Associate Agreement (BAA)
Smart Automated Business Solutions LLC
Effective: 7/15/2025
⸻
Our Commitment to HIPAA Compliance:
At SAB Solutions, we take data privacy and compliance seriously. We understand the importance of protecting Protected Health Information (PHI) and have implemented systems and processes designed to meet the administrative, technical, and physical safeguard requirements outlined under the Health Insurance Portability and Accountability Act (HIPAA).
HIPAA-compliant features are available for clients subscribed to our Professional and Premium service plans. These features include:
• Encrypted communications and secure lead forms
• Role-based user access controls
• Secure cloud data storage
• Audit logs and access monitoring
• HIPAA-compliant messaging workflows
• Optional compliant CRM, voice, and calendar tools
⸻
Business Associate Agreement (BAA)
This Business Associate Agreement (“Agreement”) is made between the Client (“Covered Entity”) and Smart Automated Business Solutions LLC (“Business Associate”).
By engaging SAB Solutions for services under a Professional or Premium plan, Client acknowledges and agrees to the following terms:
⸻
1. Definitions
• Covered Entity: A health care provider, health plan, or health care clearinghouse subject to HIPAA regulations.
• Business Associate: SAB Solutions, which provides services that involve the use or disclosure of PHI.
• PHI: Protected Health Information — individually identifiable health information held or transmitted in any form.
⸻
2. Permitted Uses and Disclosures
SAB Solutions may use or disclose PHI only:
• To perform agreed-upon services on behalf of the Client
• For proper management and administration of SAB Solutions
• As required by law
SAB Solutions will not sell PHI or use it for marketing, data mining, or any purpose unrelated to the services agreed upon.
⸻
3. Safeguards
SAB Solutions will:
• Maintain appropriate safeguards to protect PHI from misuse or disclosure
• Implement security protocols in line with 45 CFR §§ 164.308, 164.310, and 164.312
• Regularly review and update access controls, encryption, and audit logs
⸻
4. Reporting Breaches
If SAB Solutions becomes aware of any unauthorized use or disclosure of PHI or a breach of unsecured PHI, it will:
• Notify the Client within 5 business days
• Provide all details known at the time
• Cooperate with the Client on mitigation and any required reporting steps
⸻
5. Subcontractors
SAB Solutions ensures that any subcontractors who may handle PHI agree in writing to the same restrictions and conditions as stated in this Agreement.
⸻
6. Client Responsibilities
The Client (Covered Entity) agrees to:
• Use SAB Solutions’ HIPAA features only for legitimate health care-related purposes
• Refrain from storing PHI on non-HIPAA plan tiers
• Immediately notify SAB Solutions of any unauthorized access to their account
⸻
7. Term & Termination
This BAA is effective upon engagement of services and remains in effect for the duration of the Client’s subscription.
If either party determines that the other has violated a material term of this Agreement, it may terminate the agreement immediately upon written notice.
Upon termination, SAB Solutions will return or securely destroy all PHI, unless otherwise required by law.
⸻
8. Governing Law
This BAA shall be governed by and construed in accordance with the laws of the State of Florida, and applicable HIPAA and HITECH statutes.
⸻
Questions or requests related to HIPAA compliance or this BAA may be directed to:
Support@sabsolutions.ai