The Privacy Rule allows a covered entity (you) to use a business associate (ChiroUp) to perform functions or activities on behalf of, or provide services to, the covered entity that involves the use or disclosure of personal health information (PHI), provided the covered entity obtains satisfactory assurances, through a contract or agreement, that the business associate will appropriately safeguard the information. (See 45 C.F.R. §§ 164.502(e), 164.504(e).)
Upon initial registration, ChiroUp automatically provides subscribers with a valid Business Associate Agreement stating that ChiroUp is “a business associate with whom covered entities are permitted to share PHI” and that ChiroUp will provide “all assurances and appropriate safeguards” for the records created. You will be able to find a copy of your BAA under User settings.