AlignSure

Business Associate Agreement

AlignSure is built for organizations that handle protected health information. We execute BAAs with every customer whose use of the platform involves PHI.

BAA Availability

Newf Technology, Inc. will execute a Business Associate Agreement with any customer whose use of AlignSure involves the creation, receipt, maintenance, or transmission of protected health information (PHI) as defined under HIPAA.

What Our BAA Covers

  • Permitted uses and disclosures of PHI
  • Safeguards (administrative, physical, technical) per HIPAA Security Rule
  • Breach notification obligations aligned to HITECH Act timelines
  • Subcontractor obligations and downstream BAA requirements
  • PHI return or destruction upon termination
  • Individual rights support (access, amendment, accounting of disclosures)
  • HHS audit cooperation

Our Security Posture

Microsoft Entra ID authentication for all platform access
Tenant isolation — customer data is never commingled
Encryption at rest (AES-256) and in transit (TLS 1.2+)
Audit logging of all PHI access and actions
US-based data residency
View full security details →

Request a BAA

Contact our compliance team to initiate BAA execution. We typically complete the process within 5 business days.

By submitting, you agree to our Privacy Policy and Terms of Service.

Related

HIPAA & BAA Compliance

See how AlignSure manages the full HIPAA compliance lifecycle including BAA tracking.

Security Posture

Encryption, tenant isolation, and data protection measures underlying our BAA commitment.

AlignSure for Healthcare

Healthcare-specific compliance workflows built on HIPAA and BAA foundations.

Frequently Asked Questions

Do I need a BAA to use AlignSure?

If your use involves PHI, yes. If you use AlignSure exclusively for non-PHI compliance workflows (COI tracking, job validation without health data), a BAA may not be required. We will assess during onboarding.

How long does BAA execution take?

Typically 5 business days from initial request.

Can we use our own BAA template?

We are willing to review customer BAA templates. Our standard BAA is based on HHS model BAA language and satisfies OCR audit requirements.

Does the BAA cover subprocessors?

Yes. Our BAA addresses downstream subcontractor obligations per HIPAA requirements. A current list of subprocessors is available upon request.