Keragon offers a streamlined HIPAA Business Associate Agreement (BAA) process for users on paid plans. A BAA is essential for healthcare organizations that handle protected health information (PHI). With Keragon, you can easily generate and sign your BAA right after checkout - no back-and-forth emails or legal delay.
What is a BAA?
A Business Associate Agreement (BAA) is a legal contract required under HIPAA between a covered healthcare entity and a vendor (business associate) that may access, store, transmit, or process Protected Health Information (PHI). Its purpose is to ensure that both parties agree to safeguard PHI and comply with HIPAA privacy and security standards.
When is a BAA available to Keragon users?
The Keragon BAA process is available only to users on paid subscription plans. As part of our HIPAA compliance, we offer Business Associate Agreements (BAAs) to ensure the appropriate safeguarding of protected health information (PHI). BAAs are provided to customers with active accounts under Keragon’s paid tiers.
BAA During Your Trial Period
If you’re currently on a Keragon trial, here’s what you need to know about HIPAA compliance and handling patient data during the evaluation period.
Do I need a BAA during my trial?
A BAA is required before any Protected Health Information (PHI) flows through Keragon. This applies regardless of whether you are on a trial or a paid plan. If you plan to test with real patient data during your trial, you must sign a BAA first.
Our recommendation: use dummy data during your trial
To move quickly during your evaluation, we recommend testing your workflows with dummy (synthetic) data rather than real PHI. This approach lets you:
- Start building and testing workflows immediately without waiting for a BAA to be executed.
- Validate your integration logic, triggers, and data mapping without compliance risk.
- Move to production confidently once you upgrade to a paid plan and have your BAA in place.
What counts as dummy data?
Dummy data is any test data that does not contain information about real patients. Examples include:
- Fictional patient names, dates of birth, and contact information.
- Test records created in a sandbox or staging environment of your EHR.
- Sample payloads that mirror real data structure but contain no actual PHI.
Important: Never route real PHI through any integration platform without an executed BAA in place. This is a core HIPAA requirement.
How to sign a BAA with Keragon once you are ready to go live
Signing a BAA with Keragon is simple and integrated directly into your account setup:
-
Choose a Paid Plan – Select your Keragon subscription and proceed with payment as usual.
-
Check Your Email – After your payment is completed, you will receive an email from Keragon.
- Receive Your Keragon ID – This email will include your unique Keragon ID, which links your account to the BAA process.
-
Complete BAA Form – The email also contains a DocuSign webform link.
-
Fill in Your Information – Enter your legal details into the DocuSign webform. You will receive your Keragon ID on the BAA email, to use on the form.
-
Instant BAA Generation – Docusign instantly generates your personalized Business Associate Agreement for review.
-
Sign Electronically – Review and sign your BAA electronically with DocuSign.
- Receive the signed BAA – Once you submit the Docusign webform, a signed version of the Keragon BAA will be sent to your email.
Once completed, you’ll have a fully executed BAA on file that helps support your HIPAA compliance efforts while using Keragon’s platform.
Enterprise-Specific BAA Options
Custom BAA Terms
Custom Business Associate Agreement (BAA) terms are available only for Enterprise tier customers. These options allow for negotiated or modified contractual terms beyond Keragon’s standard BAA.
For more information, please reach out to Keragon Support or contact sales@keragon.com.
If you have questions about your BAA status or need support with the signing process, visit Keragon Support in the Help Center or contact our team for assistance.