Book a demo

HIPAA Business Associate Agreement

Trenchant Cyber LLC  ·  For Healthcare Customers  ·  Requires Execution Prior to PHI-Adjacent Deployment

REQUIRED NOTICE: Customers deploying Trenchant Cyber's local AI platform in environments where Protected Health Information (PHI) may be processed must execute a HIPAA Business Associate Agreement (BAA) with Trenchant Cyber LLC prior to deployment. This page describes the BAA process. To obtain the current BAA template, contact info@trenchantcyber.com. This page is not a substitute for an executed agreement.

ATTORNEY REVIEW NOTICE: The BAA template is being finalized with qualified HIPAA legal counsel. Contact info@trenchantcyber.com to receive the current draft and initiate the execution process.

What is a HIPAA BAA?

Under the Health Insurance Portability and Accountability Act (HIPAA), a Covered Entity (CE) — such as a hospital, clinic, health plan, or healthcare clearinghouse — must execute a Business Associate Agreement with any vendor ("Business Associate" or "BA") that creates, receives, maintains, or transmits Protected Health Information (PHI) on its behalf.

Trenchant Cyber LLC is classified as a Business Associate when its platform is deployed in environments where PHI may be present — for example, clinical note drafting, chart summarization, or prior-authorization assistance workflows.

Trenchant Cyber's HIPAA Architecture

Our platform is architecturally designed to minimize HIPAA risk through on-premise deployment:

  • All AI inference runs on hardware you control, within your HIPAA security boundary.
  • No PHI is transmitted to Trenchant Cyber's servers or any external cloud service during steady-state operation.
  • Audit logs remain within your environment under your control.
  • The Agentic Firewall can enforce PHI redaction policies inline before any external traffic is permitted.

However, on-premise architecture alone does not satisfy HIPAA requirements. A BAA must still be executed, and your organization retains responsibility for configuring and maintaining a compliant deployment environment.

BAA Key Terms (Summary)

The Trenchant Cyber BAA template covers:

  • Definitions of Covered Entity, Business Associate, and PHI consistent with 45 CFR §160.103.
  • Permitted and required uses of PHI by Trenchant Cyber LLC (limited to providing contracted services).
  • Safeguards required by Trenchant Cyber LLC to protect PHI.
  • Breach notification obligations consistent with 45 CFR §164.410.
  • Customer audit rights.
  • Subcontractor and sub-BA obligations.
  • Term, termination, and PHI return/destruction procedures.

Compliance Notice

Trenchant Cyber LLC cannot guarantee HIPAA compliance in any customer environment without a completed, site-specific risk assessment. Deployment of our platform does not automatically satisfy HIPAA Security Rule or Privacy Rule requirements for your organization. Each covered entity is responsible for conducting and documenting its own risk analysis under 45 CFR §164.308(a)(1).

How to Execute a BAA

  1. Contact info@trenchantcyber.com to request the current BAA template.
  2. Have your legal counsel review and mark up the template.
  3. Return the redlined version for Trenchant Cyber LLC review.
  4. Execute the final agreement before any PHI-adjacent deployment begins.