Have questions about whether Clinic Sites is HIPAA‑compliant or if a Business Associate Agreement (BAA) is needed? You’ve come to the right place. In this FAQ, we clarify how Clinic Sites handles (or doesn’t handle) protected health information (PHI), and what that means for HIPAA compliance requirements.
If you don’t find the information you need below, don’t hesitate to reach out to us at support@clinicsites.co.
Things to know
Clinic Sites is built not to store, transmit, or process Protected Health Information (PHI). That keeps things simple, but it also means HIPAA and BAAs don’t apply in our case.
Is Clinic Sites HIPAA compliant?
Clinic Sites does not handle any PHI, so we are not required to be HIPAA‑compliant. That being said, we do take privacy and security seriously and follow standard best practices to help protect your data.
Do I need a BAA?
Nope, since Clinic Sites never handles PHI, there’s no need for a Business Associate Agreement (BAA) between your clinic and Clinic Sites.
Note
The above information applies because Clinic Sites does not process, transmit, or store PHI. If you’re using another service or tool that does handle PHI, you’ll need to check whether a BAA is required for that particular vendor.
That’s it! Clinic Sites keeps things PHI-free, so there's no need for HIPAA compliance or a BAA.
If you still have questions or need help understanding how this works with your Clinic Sites website, reach out to us at support@clinicsites.co .