Business Associate Agreement.
HIPAA requires a signed BAA between Lily and any covered entity or business associate we work with. We've signed hundreds. Here's how it works.
What is a BAA?
A Business Associate Agreement is a contract required by HIPAA that defines how Lily handles Protected Health Information (PHI) on behalf of your organization.
Who needs one?
Any health plan, employer health program, healthcare provider, or business associate that shares PHI with Lily. This includes organizations using Lily Admin and all practitioner accounts.
Our standard BAA
Lily's standard BAA covers: permitted uses of PHI, safeguard obligations, breach notification, subcontractor requirements, and data return/destruction at termination.
Turnaround time
We return executed BAAs within two business days. For modified or negotiated BAAs, allow 5–7 business days. Enterprise agreements include BAA as a standard exhibit.
Ready to request your BAA?
Send us a message and our compliance team will have it back to you within two business days.