Skip to main content
DataVibe
SolutionsPricingResearchDocsAbout
Log inBook a DemoRequest API Access

Legal · BAA

Business Associate Agreement

Effective date: 2026-05-14 · Version 1.0

Enterprise customers only. This BAA is available to Enterprise plan customers on request. To request a signed copy, email [email protected] with your organization name and a description of your use case.

1. Definitions

"Business Associate" means DataVibe (operated by DataVibe Inc.) when it performs services for a Covered Entity that involve the creation, receipt, maintenance, or transmission of Protected Health Information (PHI).

"Covered Entity" means the healthcare provider, health plan, or healthcare clearinghouse that has executed an Enterprise Agreement with DataVibe.

"PHI" has the meaning given in 45 C.F.R. § 160.103 — individually identifiable health information transmitted or maintained in any form.

"Services" means the AI execution interception, policy enforcement, and audit services described in the Order Form.

2. Obligations of Business Associate

  • Not use or disclose PHI other than as permitted by this BAA or as required by law.
  • Use appropriate administrative, physical, and technical safeguards to prevent unauthorized use or disclosure of PHI.
  • Report any use or disclosure of PHI not permitted by this BAA to the Covered Entity without unreasonable delay, and in no case later than 60 calendar days of discovery.
  • Ensure that subcontractors who handle PHI on behalf of DataVibe agree to the same restrictions and conditions.
  • Make its internal practices, books, and records available to the Secretary of HHS for audit purposes.
  • Return or destroy all PHI upon termination of the Agreement, where feasible.

3. Permitted uses and disclosures

DataVibe may use PHI only to perform the Services described in the Order Form (policy evaluation, interception routing, audit log storage). DataVibe shall not use PHI for its own management, administration, or data aggregation without explicit written consent.

4. Term and termination

This BAA is effective as of the Effective Date and terminates when the underlying Enterprise Agreement terminates. Either party may terminate this BAA immediately upon written notice if the other party materially breaches a provision of this BAA and fails to cure within 30 days.

5. Compliance

This BAA is intended to comply with the requirements of HIPAA, the HITECH Act, and the HIPAA Omnibus Rule (45 C.F.R. Parts 160 and 164). In the event of a conflict between this BAA and any other agreement between the parties, the terms of this BAA shall govern with respect to PHI.

6. Request a signed BAA

To receive a countersigned copy of this agreement for your files, email [email protected] with: (1) your organization name and EIN, (2) the name and title of your authorized signatory, and (3) confirmation that you are on an Enterprise plan or are evaluating Enterprise.

Response time: 2 business days.

Request signed BAAAll legal documentsTrust & compliance
DataVibe

DataVibe is AI output governance infrastructure — the layer between AI systems and business operations. Runtime policy gates, human oversight, immutable evidence, public certification, and Enterprise Shield indemnification for valid claims.

Need help? Use our contact form.

Product

Agentic AIEU AI ActEnterprise ShieldGovernancePricing

Resources

Integration guideBlogCase StudiesChangelog

Company

AboutContactStatusSecurity

Legal

TermsPrivacyDPASLA

Get started

Request API AccessBook a DemoContact

© 2026 DataVibe

Trust CenterStatusArchitecturePrivacy PolicySecurityTerms Of UseCookie PolicyDPA