HIPAA BAA Generation
If your AI systems process Protected Health Information (PHI), HIPAA requires a Business Associate Agreement between covered entities and their business associates. Igris automates BAA creation, PDF generation, and signature tracking.Creating a BAA
- Go to Compliance → HIPAA BAA
- Click Create BAA
- Fill in the required fields:
- Covered Entity — name of the healthcare organization
- Business Associate — name of the AI service provider (your organization)
- Effective Date — when the agreement takes effect
- Permitted Uses — how PHI may be used (e.g., “AI-assisted clinical decision support”)
- Safeguards — security measures in place (auto-populated from your governance setup)
- Click Generate
Required Fields
| Field | Description |
|---|---|
coveredEntity | Legal name of the HIPAA covered entity |
businessAssociate | Legal name of the business associate |
effectiveDate | Agreement start date (ISO 8601) |
permittedUses | Description of permitted PHI uses |
safeguards | Security safeguards description |
PDF Generation
Once created, Igris generates a formatted PDF BAA document. Click Download PDF on the BAA detail page in the dashboard. The PDF includes all BAA fields, standard HIPAA BAA clauses, and signature blocks.Signature Workflow
BAAs support a two-party signature workflow:- Draft — BAA is created, PDF generated
- Pending Signature — sent for signature
- Partially Signed — one party has signed
- Fully Executed — both parties have signed
- Expired — past the termination date
Status Tracking
View all BAAs and their signature status in Compliance → HIPAA BAA. Filter by status to find BAAs needing attention.Auto-Populated Safeguards
When creating a BAA, Igris can auto-populate the safeguards section based on your actual governance configuration:- Number of active governance policies
- Policy enforcement mode (deny/alert)
- Audit logging coverage
- Access control roles configured
- Encryption status