Business Associate
Agreement

Under HIPAA, a Business Associate Agreement (BAA) is a legally required contract between a Covered Entity (your hospital, health system, or physician practice) and a Business Associate (Vizier) that receives, processes, or stores protected health information (PHI) on your behalf.

The BAA defines the permitted and required uses of PHI, establishes that Vizier will implement appropriate safeguards to protect PHI, and outlines breach notification obligations. Without a signed BAA, uploading PHI to any third-party platform is a HIPAA violation.

The BAA protects your patients and your organization. It is not a formality — it is the contractual foundation for handling sensitive healthcare data.

Included on All Tiers

Practice ($497/month), Health System ($1,497/month), and Enterprise ($3,997/month) all include a standard BAA. No additional fee. No separate contract required.

Execution Timeline

• Standard BAA: Executed within 1 business day of request
• Custom BAA terms: Available for Enterprise tier; timeline depends on scope of modifications
• Questions: Contact legal@vizier.health

What the BAA Covers

• Permitted uses and disclosures of PHI
• Vizier's safeguard obligations under HIPAA Security Rule
• Subcontractor and subprocessor obligations
• Breach notification (72-hour notification to covered entity)
• Individual rights access obligations
• Termination and data return/destruction provisions
• HITECH Act compliance obligations