Business Associate Agreement.
Included on every plan.

What is a BAA and why do you need one?

Under HIPAA, when a dental practice (a “Covered Entity”) shares Protected Health Information with a third-party vendor (a “Business Associate”), a signed Business Associate Agreement is legally required before any PHI is shared.

When a patient calls your practice and Frontis answers, that call may involve PHI — the patient’s name, date of birth, symptoms, insurance details. That makes Frontis your Business Associate, and a BAA must be in place before the first call.

This is non-negotiable under HIPAA. We will not go live with any practice without a signed BAA.

What our BAA covers

• Permitted uses of PHI: Frontis may only use patient PHI to provide the agreed services. No other uses are permitted.
• Safeguards: We commit to appropriate administrative, technical, and physical safeguards consistent with the HIPAA Security Rule.
• Breach notification: We will notify you within 60 days of discovering any breach of PHI, as required by law.
• Subcontractors: We maintain signed BAAs with all subcontractors who handle PHI on our behalf — Vapi, Twilio, and AWS.
• Return or destruction of PHI: On termination, we will return or destroy PHI as directed.

Our HIPAA-compliant infrastructure

How to get your BAA signed

Your BAA is sent automatically as part of onboarding. If you need it ahead of time, contact us at hello@frontis.ai and we will send the DocuSign link within one business day.