Business Associate Agreement information
Covered entity and business associate customers should complete vendor review and execute a Business Associate Agreement before using DictaFlow Medical with PHI.
What the BAA covers
The customer BAA should cover use and disclosure of PHI needed to provide dictation, transcription, voice-editing, sync, account, subscription, support, and security operations for DictaFlow Medical.
Subprocessors
DictaFlow Medical maintains a subprocessor list and uses BAA-covered subprocessors for PHI-bearing provider routes in the Medical production workflow. See the subprocessor list for current categories and roles.
Customer responsibilities
- Review DictaFlow Medical before use with PHI.
- Execute any required BAA and follow organization policies.
- Control device access, MDM, local backups, EHR permissions, and user termination.
- Review dictated output before it is entered, signed, billed, or relied on for care.
- Avoid PHI in ordinary support tickets, marketing forms, payment metadata, or email subject lines.
Request a BAA
For BAA review, vendor review, or security questionnaire requests, contact ryan@dictaflow.io.