Skip to main content
For healthcare organizations handling Protected Health Information (PHI), RevDesk offers a Business Associate Agreement to ensure HIPAA compliance.

What it does

  • Legal coverage - BAA establishes compliant data handling
  • PHI protection - Appropriate safeguards for health information
  • Audit support - Documentation for compliance audits
  • Peace of mind - Clear responsibilities and protections

Who needs this

A BAA is required if you:
  • Are a healthcare provider - Doctors, dentists, therapists, clinics
  • Handle PHI - Patient names, conditions, appointments
  • Transmit health info - Via calls, texts, or emails
  • Are a business associate - Handle PHI for covered entities

What’s covered

The BAA covers RevDesk’s handling of:
Data typeExamples
Patient identifiersNames, phone numbers, addresses
Health informationConditions mentioned in calls
Appointment dataMedical appointments, providers
Communication recordsCall transcripts, voicemails

How to get a BAA

1

Email support

Email support@revdesk.com with subject “HIPAA BAA Request”. Include your legal entity name, the workspace that will handle PHI, and a primary compliance contact.
2

Verify eligibility

Confirm you’re a covered entity or business associate
3

Review agreement

We send our standard BAA within 2 business days. Customers who can sign as-is get same-day activation; legal markup typically closes in 5–10 business days.
4

Execute agreement

Sign electronically and receive countersigned copy
5

Enable HIPAA mode

We record baaSignedAt on your workspace and flip hipaa_enabled = true. Runtime controls activate immediately.

HIPAA mode features

When BAA is active, RevDesk enables:
  • Enhanced encryption - Additional data protection
  • Restricted access - Tighter access controls
  • Audit logging - Detailed access logs
  • Data retention controls - Configurable retention policies
  • Secure transmission - PHI-appropriate communication channels

Compliance responsibilities

RevDesk responsibilities

  • Secure data storage and transmission
  • Access controls and authentication
  • Breach notification
  • Subcontractor agreements

Your responsibilities

  • Authorized use of RevDesk
  • User access management
  • Minimum necessary data sharing
  • Patient authorization when required

Pricing

HIPAA compliance and BAA provisioning are included on the Outreach plan and above at no extra cost. No add-on fee, no setup fee.

Platform-wide HIPAA for channel partners

If you’re a partner placing healthcare customers on RevDesk at consistent volume, we offer a platform-wide HIPAA posture at $5,000/month. The per-workspace add-on is waived, every account becomes HIPAA-compatible by default, and we sign BAAs with your downstream customers individually as they need them. Every account becomes HIPAA-compatible by default regardless of plan tier. Email support@revdesk.com to scope it.

Requirements

  • Outreach RevDesk plan or higher
  • Signed BAA before handling PHI
  • HIPAA training for your staff
  • Compliance policies in place

FAQ

No. BAAs are only required when handling PHI. General business use doesn’t require one.
Yes, with an active BAA. RevDesk can send appointment reminders that include patient information.
RevDesk will notify you within 24 hours of discovering any potential breach, as required by the BAA.
The BAA covers call handling and scheduling. For video visits, ensure your telehealth platform is also compliant.

Request BAA

Email support@revdesk.com to get started