Business Associate Agreement

Ryva Forge LLC ("Business Associate") offers a Business Associate Agreement (BAA) to covered entities and business associates under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations.

A signed BAA is required before transmitting, processing, or storing any Protected Health Information (PHI) through the Ryva platform. The BAA establishes the permitted uses and disclosures of PHI, the safeguards Business Associate must apply, and the obligations of both parties under 45 C.F.R. Parts 160 and 164.

What the BAA Covers

• Permitted uses and disclosures of Protected Health Information (PHI) and electronic PHI (ePHI)
• Administrative, physical, and technical safeguards required under the HIPAA Security Rule
• Breach notification obligations under the HIPAA Breach Notification Rule
• Subcontractor and downstream business associate obligations
• Individual rights, including the right to access and amend PHI
• Term and termination, including disposition of PHI upon termination

Eligibility

BAAs are available to customers on the Enterprise plan. If you are on a lower tier and require HIPAA compliance, please contact our sales team to discuss an upgrade.

How to Execute a BAA

1. Contact us at sales@ryvaforge.com with the subject line "BAA Request".
2. Include your organization name, the name and title of the authorized signatory, and your Ryva account email.
3. We will send a draft BAA for review within two (2) business days.
4. Upon mutual execution, the BAA takes effect immediately and remains in force for the duration of your Ryva subscription.

Subprocessors

Ryva Forge LLC engages the following subprocessors that may handle ePHI under an active BAA:

Each subprocessor is subject to data processing agreements that include HIPAA-appropriate safeguards prior to any processing of ePHI.

Questions

For questions about HIPAA compliance, data handling, or to request our Security & Compliance documentation, contact us at sales@ryvaforge.com.