HIPAA & BAA · Patient communication / secure texting
Is OhMD HIPAA compliant?
Yes. OhMD provides a Business Associate Agreement for every user and publishes its BAA template, with the agreement covering texting, voice, video, forms, file sharing, and care coordination.
Key facts
- BAA available: Yes — with a signed BAA
- What it takes: BAA available to all users; arrange/confirm via OhMD (privacy@ohmd.com) or in-platform legal page
- Official source: OhMD — Business Associate Agreement — https://www.ohmd.com/baa/ (verified 2026-06)
How to use OhMD in a HIPAA-compliant way
- Create your OhMD account
- Access the current BAA from within the OhMD platform or the legal/agreements page
- Review the BAA terms (or contact privacy@ohmd.com with questions)
- Ensure the BAA is in force before transmitting PHI
- Configure platform settings and your own safeguards for HIPAA use
Important caveats
- Confirm the BAA is executed/in effect for your account before sending PHI
- OhMD provides safeguards, but your organization must still maintain its own HIPAA compliance program
- Verify the BAA scope covers all channels you intend to use directly with OhMD
The bottom line
No software is "HIPAA compliant" on its own. HIPAA compliance is a property of your organization, not a tool. Even with a signed BAA, you remain responsible for configuring OhMD correctly, limiting access to PHI, training staff, and maintaining your own safeguards. This page is general information, not legal advice; confirm current terms with OhMD.
Frequently asked questions
Does OhMD sign a BAA?
Yes. BAA available to all users; arrange/confirm via OhMD (privacy@ohmd.com) or in-platform legal page A signed BAA is required before any PHI is involved.
Is OhMD HIPAA compliant out of the box?
No software is "HIPAA compliant" by itself. Even when OhMD offers a BAA, you are responsible for signing it, configuring the product correctly, restricting access, and maintaining your own administrative, physical, and technical safeguards.
What should I check before using OhMD with PHI?
Confirm the BAA is executed/in effect for your account before sending PHI