What Is HIPAA and Why It Matters for Billing
The Health Insurance Portability and Accountability Act (HIPAA) establishes federal standards for protecting sensitive patient health information. When a therapist or mental health practice engages an outside billing company, that company becomes a Business Associate under HIPAA — a third party that creates, receives, maintains, or transmits Protected Health Information (PHI) on behalf of a covered entity. HIPAA requires that a formal written agreement — the Business Associate Agreement (BAA) — be in place before any PHI changes hands. Engaging a billing partner without a signed BAA is a HIPAA violation, regardless of how secure that partner's practices are.
What Our BAA Covers
Logicware LLC signs a Business Associate Agreement with every practice before accessing any patient records or beginning claims work. Our BAA specifies: the permitted uses of PHI (limited to the billing, credentialing, and revenue cycle services outlined in your service agreement); our obligation to implement appropriate safeguards; our duty to report any breach or security incident to you without unreasonable delay; the process for returning or destroying PHI upon termination of the agreement; and our obligation to ensure that any subcontractors we use also sign BAAs. You will receive a signed copy of the BAA before your onboarding is complete.
How We Protect Protected Health Information
Logicware LLC implements the administrative, technical, and physical safeguards required by the HIPAA Security Rule for all electronic PHI (ePHI) we handle on your behalf. This includes access controls limiting PHI access to authorized billing staff assigned to your account; encrypted data transmission for all ePHI sent between our systems and yours, payer clearinghouses, and insurance portals; audit logging of ePHI access and activity; and a documented incident response procedure for detecting, reporting, and mitigating any security event. We do not transmit PHI via standard email. All patient data is handled through HIPAA-compliant channels.
Minimum Necessary Standard
Under HIPAA's Minimum Necessary standard, covered entities and their business associates may use or disclose only the PHI needed to accomplish the intended purpose. In practice, this means Logicware LLC requests only the patient information required to submit claims, post payments, and manage denials — not entire medical records. Our staff access is scoped to the specific accounts and functions each team member handles.
Breach Notification
If Logicware LLC discovers a breach of unsecured PHI, we are required to notify you without unreasonable delay and in no case more than 60 days after discovery. Our notification will include the nature of the breach, the PHI involved, the individuals affected, what we are doing to investigate and mitigate the breach, and steps you can take. We maintain a documented breach assessment and notification procedure, and all staff are trained on breach identification and reporting obligations.
Your Responsibilities as a Covered Entity
As a mental health provider, you are a HIPAA covered entity and are responsible for your own compliance obligations independent of our BAA. This includes your own Notice of Privacy Practices for patients, maintaining the security of PHI within your own systems and practice, ensuring that any other business associates you engage (EHRs, clearinghouses, practice management tools) have signed BAAs with you, and training your staff on HIPAA requirements applicable to your practice.
Subcontractors and Downstream BAAs
Logicware LLC may use clearinghouses, secure transmission services, and other vendors to perform specific functions within the billing workflow. Any subcontractor that handles PHI on our behalf is required to sign a BAA with Logicware LLC before accessing any patient data. We vet these vendors for HIPAA compliance and do not engage subcontractors who cannot demonstrate appropriate security practices.
Requesting a Copy of Our BAA
If you are evaluating Logicware LLC as a billing partner and would like to review our BAA template before signing a service agreement, we are happy to provide it. Contact us at contact@logicware.tech and reference "BAA review" in your message. We can typically provide the document within one business day.
Ready to review our BAA?
We provide our BAA template to all prospective clients before onboarding. Contact us and we will send it within one business day.
Request BAA