Last updated March 22, 2026
A Business Associate Agreement (BAA) is available for licensed practices that require formal HIPAA documentation. This agreement outlines the responsibilities of both parties with respect to Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
A BAA is required if your practice is a HIPAA-covered entity (e.g., a healthcare provider that transmits health information electronically) and you consider Rorshack to be a Business Associate under HIPAA. Given Rorshack's architecture — where client PHI is not transmitted to or stored on our servers — many practices may determine a BAA is not required. However, we offer one for practices that require it as a matter of policy or for compliance documentation.
Our standard BAA addresses:
To request a Business Associate Agreement, email us at hello@rorshack.com with the subject line "BAA Request" and include:
We will send you a completed BAA for countersignature within 3 business days. Executed BAAs are stored securely and are available upon request.
Execution of a BAA with Rorshack does not guarantee that your practice is HIPAA-compliant. HIPAA compliance encompasses your entire practice, technology stack, and workflows. We strongly recommend consulting a HIPAA compliance officer or legal counsel to assess your obligations.
A BAA is available to licensed therapists, psychologists, social workers, and other licensed healthcare providers with active Rorshack subscriptions. BAA requests from individuals without active accounts will not be processed.
BAA requests and compliance questions: hello@rorshack.com