Business Associate Agreement
HIPAA-grade protection for healthcare AI calling
What is a BAA?
A Business Associate Agreement (BAA) is a legal contract required under HIPAA between a Covered Entity (such as a healthcare provider) and a Business Associate (such as Phone Stack) that handles Protected Health Information (PHI) on their behalf.
The BAA establishes the permitted uses and disclosures of PHI, requires appropriate safeguards, and outlines breach notification obligations.
Who Needs a BAA?
You need a BAA with Phone Stack if:
- You are a healthcare provider, health plan, or healthcare clearinghouse (a "Covered Entity")
- You are a Business Associate of a Covered Entity
- Your use of Phone Stack involves any Protected Health Information — including patient names, phone numbers, appointment details, or health-related information discussed during calls
If you're unsure whether you need a BAA, we recommend consulting with your compliance officer or legal counsel.
What Phone Stack's BAA Covers
How to Get a BAA
BAAs are available for Enterprise plan customers.
To request a BAA:
- Contact our sales team at sales@phonestack.com
- We'll review your use case and compliance requirements
- We'll provide our standard BAA for your legal team's review
- Once executed, your account will be configured for HIPAA-eligible operation
Current Enterprise customers can request a BAA by contacting their account manager.
Enterprise Security Features
What Enterprise includes beyond standard plans:
- Signed Business Associate Agreement
- Dedicated account manager
- Priority support with SLA
- Custom data retention policies
- Advanced audit log access
- Annual security review