HIPAA
Business Associate Agreement
BAAs are available to TigerScribe Team-plan customers via written request, subject to conditions below. HIPAA compliance is a posture maintained jointly by you (the covered entity) and us (the business associate); this page explains what we contribute to that posture.
Last updated · May 4, 2026
1. Who this is for
A Business Associate Agreement is required when a HIPAA-covered entity (clinics, therapists, healthcare-adjacent organizations) shares Protected Health Information with a vendor. If your work involves PHI in audio recordings — therapy sessions, clinical interviews, medical research — you need a BAA with us before sending any PHI through the Service.
2. The conditions
We sign a BAA with Team-plan customers when all of the following are true:
- You are on the Team plan or have agreed to upgrade as part of the BAA execution.
- You have completed identity and entity verification in your account.
- Your stated use case is reviewable and not on our prohibited use list.
- Our subprocessor BAA chain (audio storage, speech-recognition vendor, hosting) is in place for the regions your data flows through.
3. How to request a BAA
Email baa@tigerscribe.com with:
- Your account email.
- The legal name of the contracting entity (covered entity).
- A brief description of the use case (e.g., "outpatient therapy session transcription").
- Anticipated PHI volume and regions where the data originates.
We respond within 3 business days with our BAA template, our subprocessor BAA chain status, and a counter-sign timeline.
4. What our BAA includes
- Permitted uses and disclosures of PHI.
- Required safeguards — encryption, access controls, audit logging.
- Subcontractor obligations — flow-down BAA terms to every subprocessor with access to PHI.
- Breach notification — within 24 hours of discovery.
- Termination handling — return or destruction of PHI within 30 days.
- Audit rights — annual third-party audit reports available under NDA.