When you create your team, you'll be be prompted to agree to the terms of the Business Associate Agreement (BAA). This is necessary for HIPAA compliance, so you must agree to the terms in order to create your team.
A Business Associate is a vendor or subcontractor who has access to PHI (protected health information) transmitted or stored by a covered entity. So, if you’re a medical clinic and you send patient information through Stitch, you’re a Covered Entity and we’re a Business Associate. The BAA will ensure that we uphold our end of safeguarding and managing patient data properly. It will also clearly outline what services you should expect us to render, and what we are responsible for. The BAA only needs to be signed once, by one individual. It is up to your organization to determine who has the authority to sign a BAA.