HQ BaselineHIPAA
HQ Baseline is HIPAA-aligned and is designed to handle protected health information (PHI) on behalf of covered entities — sports medicine clinics, hospital-affiliated athletic programs, school-based health programs, and similar organizations.
Business Associate Agreement
We sign BAAs with covered entities. Our standard BAA is available on request. We can review yours for incorporation on enterprise plans.
Safeguards we implement
- Administrative: workforce training, access policies, incident response procedures
- Physical: production data hosted in SOC 2 / ISO 27001 cloud facilities
- Technical: encryption, audit logging, access control, automatic logoff
What we ask of you
- Use SSO and MFA where available
- Onboard and offboard staff promptly
- Restrict access by role to the minimum necessary
- Report suspected security incidents promptly
Get a BAA
Email contracts@headquarters.health to request our BAA.