The PathwayNotes Business Associate Agreement, also called a BAA, explains HIPAA-related responsibilities when a covered entity uses PathwayNotes in connection with protected health information.

Who the BAA applies to

The BAA applies to covered entities, such as clinicians or organizations, using PathwayNotes with protected health information.

The BAA identifies:

• Minds Awakened, LLC, operator of PathwayNotes, as the Business Associate
• The accepting provider or organization as the Covered Entity

Why the BAA matters

A BAA is used when a covered entity works with a service provider that may create, receive, maintain, or transmit protected health information on its behalf.

In PathwayNotes, PHI may be involved through journaling, messaging, summaries, assessments, client profiles, and other clinical workflows.

What the BAA covers

The BAA includes terms related to:

• Protected Health Information, or PHI
• Electronic Protected Health Information, or ePHI
• Permitted uses and disclosures
• HIPAA-related responsibilities
• Administrative, physical, and technical safeguards
• Breach and security incident reporting
• Subcontractors
• Access, amendment, and accounting of disclosures
• Termination, data return, destruction, and export
• AI and machine-learning-related provisions

Security safeguards

The BAA states that PathwayNotes uses reasonable and appropriate safeguards, including encryption of ePHI in transit and at rest, access controls, audit logging, workforce training, and a written information security program.

Full agreement

This article is a plain-language summary. Clinicians and practice administrators should review the official BAA before using PathwayNotes with PHI:

https://pathwaynotes.app/baa/