Legal & Compliance
Everything you need to evaluate MediChatApp for HIPAA and enterprise procurement: BAA, Privacy, Terms, Subprocessors, Data Retention, and more.
Everything you need to evaluate MediChatApp for HIPAA and enterprise procurement: BAA, Privacy, Terms, Subprocessors, Data Retention, and more.
Standard terms and compliance materials for Covered Entities and Business Associates.
HIPAA-compliant terms governing PHI when MediChatApp acts as a Business Associate.
View BAAExplains what information we collect, how we use it, and your choices.
Read Privacy PolicyOur approach to HIPAA, SOC 2 Type II alignment, encryption, access control, and audit logging.
View Security OverviewList of third parties that may process PHI/PII to deliver our services.
See SubprocessorsHow MediChatApp protects and uses health information when supporting healthcare organizations.
View NPPHow long we retain data, and how deletion requests are handled.
Retention PolicyContractual GDPR/CCPA commitments when we act as a processor.
View DPARules to keep messaging safe, compliant, and respectful for patients and staff.
Read AUPHow to report a security issue to our team securely and responsibly.
Report a VulnerabilityRequest controlled access to our latest audit report under NDA.
Request AccessQuick answers for compliance and procurement teams.
Yes. We countersign BAAs for Covered Entities as part of onboarding.
Yes—encryption in transit and at rest, with strong key management.
Yes. See the live list on our Subprocessors page; we provide notice before changes.
Yes—immutable logs with time, actor, action, and context; export available.
We work with legal and security teams to finalize BAAs, DPAs, and enterprise terms.