top of page

HIPAA Business Associate Agreement & Notice of Use

Applies to all doctors and practices using the ChiroScript.AI platform

Effective Date: May 1, 2024

 

Notice to Covered Entities (Doctors/Practices)

By creating an account and using the ChiroScript.AI platform, you acknowledge and agree to the following HIPAA requirements. This document serves both as:

  1. A Notice explaining how patient information is handled on the platform, and
     

  2. A Business Associate Agreement (BAA) between you (Covered Entity) and ChiroScript.AI (Business Associate).
     

Use of the app constitutes acceptance of this Agreement.

 

1. How ChiroScript.AI Handles Patient Information

  • All information entered into the app is de-identified before AI note generation.
     

  • Data is securely stored in Google Firebase (with Google’s HIPAA-compliant BAA in place).
     

  • Two-Factor Authentication (2FA) is required for all accounts.
     

  • PHI is encrypted in transit and at rest.
     

 

2. Permitted Use of Information

ChiroScript.AI will only use PHI for the following purposes:

  • Providing AI scribe and documentation services.
     

  • De-identifying PHI to create clinical notes.
     

  • System monitoring and HIPAA compliance.
     

ChiroScript.AI will never use PHI for marketing, resale, or any purpose unrelated to patient care.

 

3. Responsibilities of Covered Entities (Doctors/Practices)

  • Ensure that patient data entered into the app is accurate and appropriate.
     

  • Avoid entering unnecessary identifiers beyond what is required for documentation.
     

  • Maintain HIPAA compliance within your practice when exporting, storing, or sharing notes generated by ChiroScript.AI.
     

 

4. ChiroScript.AI Safeguards & Security

ChiroScript.AI maintains:

  • Administrative safeguards – HIPAA training, role-based access, breach response plan.
     

  • Technical safeguards – 2FA, encryption, access logging.
     

  • Physical safeguards – secure system infrastructure and restricted data access.
     

 

5. Breach Notification

  • ChiroScript.AI will notify you of any data breach or unauthorized disclosure of PHI within 15 days of discovery.
     

  • ChiroScript.AI will assist in mitigation and required reporting.
     

 

6. Subcontractors

ChiroScript.AI requires subcontractors (such as Google Firebase) to sign and maintain their own HIPAA-compliant BAAs.

 

7. Termination of Use

If you stop using the app:

  • You may request deletion of all stored PHI.
     

  • ChiroScript.AI will return or destroy PHI unless retention is required by law.
     

 

8. Agreement

By using the ChiroScript.AI platform, you acknowledge this HIPAA Business Associate Agreement and agree to comply with these requirements.

bottom of page