DRAFT — These documents are provided for informational purposes during our beta and have not been reviewed by legal counsel. They do not constitute a binding agreement. Please review with a qualified attorney before relying on them.

Business Associate Agreement (BAA)

Medna, LLC

A Business Associate Agreement ("BAA") is a contract required under HIPAA between a covered entity (such as a therapist or clinic) and a business associate (such as Medna) that processes protected health information ("PHI") on its behalf.

Status

We are finalizing our standard BAA. Until a BAA is executed between you and Medna, you must not submit real patient information to the Service. During the beta program, the Service must be used with fictitious or fully de-identified data only.

What the BAA will cover

When available, our BAA will address the obligations HIPAA requires of a business associate, including:

  • Permitted uses and disclosures of PHI.
  • Safeguards to protect PHI (administrative, physical, and technical).
  • Reporting of security incidents and breaches.
  • Obligations of subcontractors that may access PHI.
  • Return or destruction of PHI on termination.

Request a BAA

To request our BAA or ask about the timeline, contact privacy@medna.io.

Last updated: June 8, 2026