As required by HIPAA, LuxSci has explicit Business Associate Agreements in place with all of its vendors that could come into contact with your ePHI. They include:
LuxSci customers with HIPAA accounts are required to read, agree to, sign, and return LuxSci's HIPAA Business Associate Agreement and Account Restrictions Agreement. This version is updated with the provisions required by the Omnibus Final Rule.
Customers with HIPAA accounts can read these agreements and fill out the form to signify their agreement to these terms of service and to include their written signature, captured using LuxSci's Ink Signature technology.
Who should sign? To ensure HIPAA compliance, an officer of your organization with legal right to enter into a HIPAA Business Associate Agreement should be the one to sign. If you have someone without sufficient authority sign (e.g. some webmaster), then you may be failing to properly meet your obligations under HIPAA.
Can I modify the BAA? LuxSci does not accept customer-suggested modifications to its HIPAA BAA. LuxSci ensures that its BAA is consistent across all customers so that LuxSci can consistently abide by the terms of the BAA without needing to reference many various contracts for every situation that may arise.