Business Associate Addendum

Aduvera's Google Cloud HIPAA Business Associate Addendum is now in place. For eligible US covered entities and business associates that require HIPAA contractual coverage, Aduvera makes a separate customer BAA available.

The customer BAA is handled at the organization level and is separate from the standard website and product clickwrap.

Aduvera's BAA is intended for eligible covered entities, business associates, and similar healthcare organizations that require HIPAA contractual coverage for permitted use of the service.

• Permitted and required uses and disclosures of PHI.
• Administrative, technical, and physical safeguards.
• Subcontractor flow-down obligations.
• Breach and security-incident notification cooperation.
• Return or destruction of PHI when the relationship ends, subject to law.
• Reasonable support for access, amendment, and accounting obligations where applicable.

A cloud-provider BAA does not, by itself, make every customer workflow HIPAA-compliant. Customers remain responsible for their own policies, workforce training, patient notices, role-based access, minimum-necessary use, and whether a separate customer BAA is legally required for the relationship.

BAA and HIPAA-readiness inquiries may be sent to [email protected].