🔒 HIPAA Compliance

Business Associate Agreement
Request Form

A Business Associate Agreement (BAA) is required under HIPAA when sharing Protected Health Information (PHI) with a vendor. CriteriaIQ provides a BAA to all Enterprise plan customers. Complete the form below and we will send your BAA within 1 business day.

🔒
What is a BAA?

A Business Associate Agreement is a HIPAA-required contract between a covered entity (your facility) and a business associate (CriteriaIQ) that defines how Protected Health Information is handled, protected, and reported.

📋
Who needs one?

Any behavioral health treatment facility using CriteriaIQ to analyze patient chart data containing PHI is considered a covered entity under HIPAA and requires a signed BAA before using the service with real patient data.

How long does it take?

Once you submit this form, we will review your request and send a completed BAA to your email within 1 business day. Enterprise plan customers receive priority processing.

Request Your BAA
Enterprise plan customers only. We will respond within 1 business day.

By submitting this form you agree to receive the BAA document via email.
Questions? Email support@criteriaiq.com

What CriteriaIQ's BAA covers
🔒
PHI Protection
CriteriaIQ agrees to implement appropriate safeguards to prevent unauthorized use or disclosure of PHI beyond what is permitted by the agreement.
📋
Permitted Uses
PHI is used only for the purposes of providing the CriteriaIQ service — clinical authorization documentation. It is never sold, shared, or used for marketing.
Breach Notification
In the event of a security breach involving PHI, CriteriaIQ will notify you within 60 days of discovery as required by HIPAA.
🗑
Data Deletion
Upon termination of the agreement, CriteriaIQ will destroy or return all PHI received from or created on behalf of your facility.
📎
Subcontractors
Any subcontractors (such as Anthropic for AI processing) who access PHI are required to agree to the same restrictions and conditions.
HIPAA Compliance
CriteriaIQ agrees to comply with all applicable requirements of the HIPAA Privacy Rule and Security Rule as they apply to business associates.
⚠ Important Note
CriteriaIQ uses the Anthropic Claude API for AI processing. We are actively pursuing a BAA with Anthropic. Until that BAA is in place, we recommend de-identifying patient data where possible and using CriteriaIQ as a documentation guide reviewed by a licensed clinician before submission to any payer. This tool is not a replacement for clinical judgment.
✓ Enterprise Plan Includes
  • Signed BAA provided within 1 business day
  • Up to 15 seats at flat facility rate
  • All 19 analysis buttons — every framework & LOC
  • Facility admin dashboard
  • Priority support from Steven Cavan directly
Upgrade to Enterprise →