THERASNAP HIPAA BUSINESS ASSOCIATE AGREEMENT
Last Updated: 11-27-2025
IMPORTANT: AGREEMENT REQUIRED FOR USE
By using TheraSnap, you acknowledge and agree to the following HIPAA compliance requirements and professional responsibilities:
═══════════════════════════════════════════════════════════════════
1. PROFESSIONAL QUALIFICATIONS
You represent and warrant that:
• You are a licensed healthcare professional OR a trainee working under appropriate supervision
• You are authorized to handle Protected Health Information (PHI) in your jurisdiction
• You maintain active professional licensure or credentials as required by your state/country
• You will use TheraSnap only for legitimate clinical/therapeutic purposes
═══════════════════════════════════════════════════════════════════
2. HIPAA COMPLIANCE OBLIGATIONS
As a user of TheraSnap, you agree to:
PROTECTED HEALTH INFORMATION (PHI):
• Handle all client information as Protected Health Information under HIPAA regulations
• Understand and comply with your obligations under HIPAA regarding PHI protection
• Use appropriate safeguards to maintain client confidentiality at all times
• Access PHI only on a minimum-necessary basis for treatment purposes
• Your voice memos and dictated notes contain PHI and must be treated accordingly
APPROPRIATE USE OF RECORDING FEATURE:
• TheraSnap is designed for YOU (the therapist) to record voice memos and dictation AFTER sessions end
• TheraSnap is NOT designed or intended to record actual therapy sessions with clients present
• You agree NOT to use TheraSnap to record conversations between you and your clients
• Time limits are in place to prevent recording of full therapy sessions
• If you choose to record actual client sessions (against our recommendations), you are solely responsible for:
– Obtaining proper written informed consent from clients
– Complying with all state and federal recording laws (including two-party consent requirements)
– Any legal liability arising from such recordings
BREACH REPORTING:
• Report any suspected data breaches or unauthorized access immediately to support@therasnap.ai
• Cooperate with breach investigations and remediation efforts
• Maintain your own breach notification procedures as required by HIPAA
BUSINESS ASSOCIATE AGREEMENT (BAA):
• Acknowledge that this agreement constitutes our Business Associate Agreement under HIPAA
• TheraSnap acts as your Business Associate for the purpose of providing AI transcription and note generation services
• You retain all responsibilities as the Covered Entity or Business Associate to your clients
═══════════════════════════════════════════════════════════════════
3. THERASNAP SECURITY MEASURES
TheraSnap implements industry-standard security measures to protect your data:
ENCRYPTION:
• End-to-end encryption for all audio recordings
• AES-256 encryption for data at rest
• TLS 1.3 for all data transmitted over networks
• Encrypted cloud storage using Google Cloud Platform
ACCESS CONTROLS:
• Multi-factor authentication options
• Biometric authentication support
• Session management and automatic timeouts
• User access logging and audit trails
INFRASTRUCTURE SECURITY:
• HIPAA-compliant cloud hosting (Google Cloud Platform)
• Regular security audits and penetration testing
• Automated backup systems with encryption
• Disaster recovery and business continuity procedures
DATA ISOLATION:
• Each user’s data is isolated and encrypted separately
• No cross-user data access or sharing
• Strict access controls for TheraSnap personnel
• Regular compliance monitoring and assessments
═══════════════════════════════════════════════════════════════════
4. PROFESSIONAL RESPONSIBILITY
CLINICAL JUDGMENT:
• AI-generated notes are TOOLS to assist documentation and must be reviewed for accuracy
• You retain FULL professional responsibility for all clinical decisions and documentation
• AI output should never replace your clinical judgment or assessment
• All clinical notes must be reviewed, edited, and approved before finalizing
NO MEDICAL ADVICE:
• TheraSnap does not provide medical advice, diagnosis, or treatment recommendations
• AI-generated content is for documentation assistance only
• You are solely responsible for the accuracy and completeness of all clinical documentation
• Final clinical notes are your professional work product
ACCURACY VERIFICATION:
• Review all AI-generated transcriptions and notes for accuracy
• Correct any errors or omissions before saving or using notes
• Ensure notes accurately reflect the session content and your clinical judgment
• Do not rely solely on AI output without verification
═══════════════════════════════════════════════════════════════════
5. STATE AND LOCAL COMPLIANCE
PROFESSIONAL LICENSING:
• Comply with all professional licensing requirements in your jurisdiction
• Follow your profession’s ethical guidelines regarding documentation
• Maintain appropriate professional liability insurance
• Adhere to your professional board’s standards of practice
TELEHEALTH REGULATIONS:
• If conducting sessions via telehealth, comply with applicable telehealth regulations
• Ensure clients are in jurisdictions where you are licensed to practice
• Follow HIPAA requirements for telehealth platforms and communications
RECORDING LAWS (IF YOU RECORD ACTUAL SESSIONS):
• If you choose to use TheraSnap to record actual client sessions (not recommended):
– You are solely responsible for knowing and complying with your state’s recording laws
– Some states require two-party consent for recording (e.g., California, Florida, Pennsylvania)
– Other states require only one-party consent
– You must obtain proper written consent from clients before any recording
– Failure to comply with recording laws may result in criminal or civil liability
• TheraSnap disclaims all liability for unauthorized or illegal recording of client sessions
═══════════════════════════════════════════════════════════════════
6. DATA OWNERSHIP AND RETENTION
YOUR DATA:
• You retain full ownership of all client information, recordings, and notes
• You control access to your data at all times
• You may export or delete your data at any time
THERASNAP’S USE:
• We use your data ONLY to provide the services you request
• We may use de-identified, anonymized data to improve AI models
• We will NEVER share, sell, or use identifiable PHI for any purpose other than providing services
• We will NEVER use PHI for marketing or advertising
DATA RETENTION:
• You control how long data is retained in your account
• Upon account termination, you have 30 days to export your data
• After 90 days, all data is permanently deleted from our systems
• Backup systems are purged within 180 days of deletion
═══════════════════════════════════════════════════════════════════
7. YOUR RESPONSIBILITIES
As a TheraSnap user, you agree to:
ACCOUNT SECURITY:
• Maintain the confidentiality of your login credentials
• Use strong passwords and enable two-factor authentication
• Not share your account with others
• Log out when using shared or public devices
• Report any unauthorized access immediately
DEVICE SECURITY:
• Keep your devices secure with passwords/biometrics
• Use up-to-date operating systems and security patches
• Install reputable antivirus/security software
• Encrypt devices that access PHI when possible
APPROPRIATE USE:
• Use TheraSnap only for legitimate clinical purposes
• Use TheraSnap for post-session voice memos and dictation, not for recording client sessions
• Not attempt to circumvent security measures or time limits
• Not reverse engineer or tamper with the application
• Comply with all applicable laws and regulations
CLIENT SAFETY:
• Prioritize client safety and welfare in all uses of the application
• Maintain appropriate boundaries and professional standards
• Not use the application in ways that could harm clients
• Seek consultation or supervision when appropriate
═══════════════════════════════════════════════════════════════════
8. LIMITATIONS AND DISCLAIMERS
ACCURACY:
• While our AI technology is advanced, it is not perfect
• Transcriptions may contain errors or omissions
• You must verify all content for accuracy
• We are not liable for errors in AI-generated content
SERVICE AVAILABILITY:
• We strive for high availability but cannot guarantee 100% uptime
• Scheduled maintenance may temporarily interrupt service
• You should maintain backup documentation methods
• We are not liable for service interruptions
THIRD-PARTY SERVICES:
• We use third-party services (Google Cloud, Firebase, OpenAI) under strict agreements
• These services are HIPAA-compliant and covered by Business Associate Agreements
• We carefully vet all third-party providers for security and compliance
RECORDING DISCLAIMER:
• TheraSnap is designed for therapist voice memos, NOT for recording client sessions
• We are not liable for any misuse of the recording feature
• You are solely responsible for compliance with recording laws if you record client sessions
• Time limits are in place to discourage recording of full therapy sessions
═══════════════════════════════════════════════════════════════════
9. TERM AND TERMINATION
AGREEMENT TERM:
• This agreement is effective when you accept it
• It remains in effect for one (1) year from acceptance
• You will be prompted to re-accept annually to ensure ongoing awareness
• Continued use after expiration constitutes acceptance of the current terms
TERMINATION:
• You may terminate by deleting your account
• We may terminate for violations of these terms
• Upon termination, data retention policies (section 6) apply
═══════════════════════════════════════════════════════════════════
10. UPDATES TO THIS AGREEMENT
• We may update this agreement from time to time
• Material changes will be communicated via email and in-app notification
• Continued use after notification constitutes acceptance
• You may review the current agreement at any time in Settings
═══════════════════════════════════════════════════════════════════
11. CONTACT INFORMATION
For questions about HIPAA compliance or this agreement:
Email: info@therasnap.ai
Privacy Officer: info@therasnap.ai
Security Issues: support@therasnap.ai
General Support: support@therasnap.ai
═══════════════════════════════════════════════════════════════════
ACKNOWLEDGMENT
By accepting this agreement, you acknowledge that:
✓ You have read and understand this entire HIPAA Business Associate Agreement
✓ You are a qualified healthcare professional authorized to handle PHI
✓ You understand TheraSnap is designed for post-session voice memos, NOT for recording client sessions
✓ If you choose to record client sessions, you are solely responsible for consent and legal compliance
✓ You understand your obligations under HIPAA and applicable laws
✓ You will use TheraSnap in accordance with professional standards
✓ You accept full professional responsibility for your clinical documentation
✓ You understand the limitations of AI-generated content
✓ You agree to comply with all terms outlined in this agreement
Failure to comply with these terms may result in:
• Immediate termination of your account
• Legal liability for HIPAA violations
• Professional disciplinary action
• Civil or criminal penalties under applicable law
═══════════════════════════════════════════════════════════════════
This agreement should be read in conjunction with our Terms of Service and Privacy Policy, which are incorporated by reference.