Lina'la Health

What Is a Business Associate Agreement (BAA)?

Under HIPAA, any vendor that handles Protected Health Information (PHI) on behalf of a covered entity (hospital, clinic, or individual provider) must sign a BAA. The BAA defines how PHI may be used, how it must be protected, and what happens in the event of a breach.

Lina'la operates as a Business Associate under HIPAA. We are prepared to sign a BAA with any covered entity or their business associates that use our platform.

How to Request a BAA

Email admin@linahla.com with the subject line HIPAA BAA Request. Include your organization name and the name and title of the signatory. We will return a completed BAA within 2 business days.

Our Technical Safeguards

Encryption in transit: All data transmitted to and from Lina'la uses TLS 1.2+
Encryption at rest: Patient data is encrypted at rest in our database
Access controls: Row-level security ensures patients can only access their own data; providers can only access patients who have connected with them
Audit logging: Key data access events are logged
Minimum necessary: The platform only requests and stores information needed to provide care

Sub-Processors and BAA Status

Vendor	Purpose	BAA
Supabase	Database & authentication	✅ Available
Anthropic	Translation & health guidance	✅ Available
AssemblyAI	Voice transcription	✅ Signed
Stripe	Payment processing (no PHI)	N/A
Resend	Transactional email	✅ Available

Breach Notification

In the event of a breach involving PHI, Lina'la will notify affected covered entities within the timeframes required by HIPAA (no later than 60 days of discovery). We will provide the information required under 45 CFR §164.410.

Questions