Business Associate Agreement
This page explains our BAA and how to request one. The BAA itself is a signed agreement executed with each customer — its terms will be reviewed by your counsel before signing.
Care agencies that use TimeGrid to handle protected health information (PHI) are "covered entities" under HIPAA, and TimeGrid — provided by GomyDev LLC — acts as your Business Associate. HIPAA requires a Business Associate Agreement (BAA) between you and any vendor that creates, receives, maintains, or transmits PHI on your behalf.
We provide a signed BAA
We offer a signed BAA to every customer that handles PHI on TimeGrid — at no additional cost. It's part of onboarding, and it's in place before any real client data enters the platform.
What our BAA covers
- Permitted uses: we use and disclose PHI only to provide the Service and as your agreement permits or the law requires.
- Safeguards: administrative, physical, and technical safeguards consistent with the HIPAA Security Rule — encryption in transit and at rest, access controls with multi-factor authentication, database-level tenant isolation, and audit logging.
- Subcontractors: any subcontractor that touches PHI is bound to equivalent obligations.
- Breach notification: we notify you of a breach of unsecured PHI as required by HIPAA.
- Return or destruction of PHI on termination, where feasible.
How to request a BAA
Ask for a BAA during your demo or onboarding, or email privacy@gomydev.com and we'll send our current agreement for your review.