BAA Registry
Date: 2026-05-14 Format: Vendor · BAA Status · Date Signed · Renewal · Notes
Every vendor that touches PHI must have a signed BAA, or a documented "non-PHI scope" justification.
1. Vendor BAA Status Table
| Vendor | BAA Status | Date Signed | Renewal | Notes |
|---|---|---|---|---|
| AWS | Executed | 2025 | Auto-renews | Account-level BAA, us-east-2AWS region07.2 AWS Infrastructure Memo · single-region ECS / RDS / S3 in us-east-2 HIPAA-eligible services only, covers AWS BedrockAI provider chain07.3 AI Architecture · AWS Bedrock under BAA → Anthropic Claude Haiku 4.5 under BAA → Rōvn ECS Claude executor traffic |
| AWS BedrockAI provider chain07.3 AI Architecture · AWS Bedrock under BAA → Anthropic Claude Haiku 4.5 under BAA → Rōvn ECS | Executed (via AWS BAA) | 2025 | Auto-renews | Production AI chain: AWS BedrockAI provider chain07.3 AI Architecture · AWS Bedrock under BAA → Anthropic Claude Haiku 4.5 under BAA → Rōvn ECS under BAA → Anthropic Claude (Haiku 4.5)Model identity07.3 AI Architecture · Haiku 4.5 chosen for cost + latency + BAA chain under BAA → Rōvn backend on ECS, Claude model traffic stays inside AWS BAA boundary |
| Anthropic | Executed | 2026-Q1 | Annual | Claude model provider relationship via Bedrock + Opus 4.7 advisor beta tool, ZDR-eligible |
| Persona | Executed | 2026-Q1 | Annual | IAL2 identity verification |
| Checkr | Executed | 2026-Q1 | Annual | Background checks |
| Drata | Executed | 2026-Q1 | Annual | Compliance evidence platform |
| WorkOS | Standard BAA terms in MSA | 2026-Q1 | Auto-renews | Hospital SSO; no PHI flows through normal use |
| Stripe | N/A, PCI only | n/a | n/a | Billing metadata only; no PHI |
| Sentry | Scrubbing engaged; BAA TBD if PHI inadvertently observed | n/a | n/a | Error tracking with PHI-aware scrubbing |
| Cloudflare | N/A | n/a | n/a | Marketing surface only; no PHI |
| Platform engineering partner (named under NDA) | Engineering services agreement with BAA | Available on request through diligence room access | Annual | Strategic partnership |
2. BAA expiration and renewal schedule
| Vendor | Next renewal review | Owner |
|---|---|---|
| Anthropic | Q1 2027 | Founder + outside counsel |
| Persona | Q1 2027 | Founder |
| Checkr | Q1 2027 | Founder |
| Drata | Q1 2027 | Founder |
| AWS | Auto-renews; review on account changes | founder + platform engineering partner under NDA |
3. Customer-facing BAA template
| Item | Status |
|---|---|
| Template draft | Outside counsel to provide signed PDF , available on request through diligence room access |
| Standard terms | OCR / Office for Civil Rights baseline + Rōvn-specific PHI scope |
| Customer signature workflow | Manual today; e-sign integration roadmap |
| Storage of executed BAAs | AWS S3 (with Object Lock for evidence retention), bucket policy under counsel review |
4. Non-vendor BAA flow
When a design-partner facility signs a BAA with Rōvn: 1. Rōvn customer BAA executed (this is the top of the cascade) 2. Sub-processor flow-down clauses notify customer of the vendor list 3. Customer can request specific sub-processor opt-out (e.g., specific AWS region preference), process documentation under counsel review 4. Rōvn maintains audit trail of every BAA executed in S3 audit bucket
5. Audit trail
Every BAA execution and every sub-processor BAA change is logged in the hash-chained audit log under audit_actor='compliance_officer' with a reference to the PDF artifact in S3.
End of BAA registry.