BAA Request This section is designed for publication as a web page, intake form, or customer-facing policy explaining when and how SaraMedico enters into a Business Associate Agreement. · Business Associate Agreements are available for eligible customers that use SaraMedico to create, receive, maintain, or transmit protected health information on behalf of a covered entity or business associate. · Submission of a BAA request does not itself create HIPAA obligations for SaraMedico. A BAA becomes effective only when it has been reviewed, approved, and fully executed by both parties. · SaraMedico may limit BAA availability to paid plans, enterprise plans, or specific configurations that meet our operational, security, and compliance requirements.

1. Who Should Request a BAA A BAA request should be submitted by healthcare providers, clinics, hospitals, medical groups, business associates, or implementation partners that intend to use SaraMedico with PHI and require HIPAA business associate terms before launch or procurement.
2. Information Required From the Requesting Organization The request form should ask for at least the following information: legal entity name, DBA if any, primary contact, title, business email, organization type, number of users, requested go-live date, purchased or proposed plan, anticipated product modules, whether PHI will be uploaded or recorded, whether integrations are required, and whether the requester has a preferred BAA template.
3. Review Criteria SaraMedico may review BAA requests based on customer plan, intended use case, security configuration, feature set, technical scope, implementation timeline, data categories involved, and whether a separate enterprise or order form is needed.
4. Standard BAA Position To streamline contracting, SaraMedico may require use of its standard BAA template as the starting point. Customer-provided templates may be reviewed at SaraMedico's discretion and may require additional legal review time.
5. Processing Timeline SaraMedico will use commercially reasonable efforts to review complete BAA requests in the order received. Expedited review is not guaranteed. Incomplete submissions may be returned for clarification before legal review begins.
6. When a BAA Is Not Required A BAA generally is not required for organizations evaluating only public website content, using the Services without PHI, or accessing product demonstrations that do not include customer PHI. SaraMedico may decline BAA requests that are premature, duplicative, or unrelated to an actual PHI use case.
7. Recommended Customer Notice Until a BAA is fully executed, customers should not upload PHI to SaraMedico unless SaraMedico has expressly authorized a controlled evaluation environment in writing. Suggested Web Form Fields Field Required Notes Organization legal name Yes Use exact contracting entity name. Primary legal/compliance contact Yes Name, title, and email. Customer plan or expected purchase Yes Standard, Premium, Clinic Team, or Enterprise. Intended PHI workflow Yes Upload, OCR, recording, transcription, note generation, exports, or integrations. Requested go-live date Yes Helps prioritize contracting. Preferred BAA template No State whether customer will accept SaraMedico template or send its own. Security questionnaire required No Identify whether procurement review is also needed. Additional notes No Use for special retention, residency, or deployment needs.

Suggested Closing Text for Web Page For BAA requests, contact [saramedico.com] or submit the BAA request form. Please include your organization name, requested plan, planned use of PHI, and target timeline. Do not send patient information through the public contact form.