Business Associate Agreement

Last updated: March 1, 2026 · Standard BAA v2.0

What Is a BAA?

A Business Associate Agreement (BAA) is a contract required under HIPAA between a Covered Entity (your dental practice) and a Business Associate (DDSFAX) that establishes the terms under which the Business Associate may receive, create, maintain, or transmit Protected Health Information (PHI) on behalf of the Covered Entity.

When You Need a BAA

If your dental practice uses DDSFAX to send or receive faxes that contain any patient health information — including insurance claims, referrals, patient records, lab results, or treatment plans — you need a BAA in place with DDSFAX. This applies regardless of your practice size.

Summary of Our BAA Terms

Permitted Uses of PHI

DDSFAX may use and disclose PHI only as necessary to:

• Perform fax transmission services as described in our Terms of Service
• Fulfill our obligations under the BAA
• Comply with applicable law

Our Obligations

Under the BAA, DDSFAX agrees to:

• Implement appropriate safeguards to prevent unauthorized use or disclosure of PHI
• Report any unauthorized use, disclosure, or security incident
• Ensure that any subcontractors who access PHI agree to the same restrictions
• Make PHI available to the Covered Entity as required for individuals' access rights
• Make our internal practices and records available to the Secretary of HHS for compliance determination
• Return or destroy all PHI upon termination of the agreement, where feasible
• Maintain audit logs and documentation for a minimum of 6 years

Breach Notification

We will notify you of any breach of unsecured PHI without unreasonable delay and no later than 60 days after discovery. The notification will include:

• A description of the breach and the types of PHI involved
• The steps we are taking to investigate and mitigate the breach
• Contact information for your questions

Termination

The BAA terminates when your DDSFAX subscription ends, or if either party materially breaches the agreement. Upon termination, we will return or destroy all PHI in our possession, except where retention is required by law.

How to Get Your BAA

There are two ways to obtain your executed BAA:

Option 1: Automatic (Recommended)

When you activate a paid DDSFAX subscription, you automatically agree to our standard BAA as part of the Terms of Service. Your BAA is effective immediately upon subscription activation. A copy is available for download from your account settings.

Option 2: Custom BAA

If your practice or compliance team requires a customized BAA or has specific provisions they need included, contact our HIPAA team:

• Email: hipaa@ddsfax.com

Custom BAA requests are typically processed within 5 business days.

Frequently Asked Questions

Does the free trial include a BAA?

The standard BAA takes effect when you activate a paid subscription. During the free trial, we recommend using the service with non-PHI test faxes. If you need a BAA during the trial period, contact us and we will accommodate your request.

Do you charge extra for the BAA?

No. A signed BAA is included with every DDSFAX subscription at no additional cost. We believe HIPAA compliance is a baseline requirement, not a premium feature.

Is one BAA enough for my entire practice?

Yes. A single BAA covers all users and fax numbers under your DDSFAX account, regardless of how many staff members access the dashboard or how many fax numbers you have.

What if I need my organization's BAA template instead?

We are happy to review and sign your organization's BAA template. Send it to hipaa@ddsfax.com and our compliance team will review it within 5 business days.

Contact

For BAA requests or HIPAA compliance questions:

• HIPAA Officer: hipaa@ddsfax.com
• General support: support@ddsfax.com