HIPAA Compliance & Business Associate Agreement (BAA)

Last Updated: [12/18/2025]

Overview

Humbear Media, LLC (“Humbear,” “we,” “our”) provides technology, marketing, analytics, and automation services to healthcare providers, addiction treatment centers, mental health organizations, and related entities. We take privacy and security seriously and operate our platform using safeguards designed to align with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended by the HITECH Act.

This page explains:

1. How Humbear approaches HIPAA compliance
2. When a Business Associate Agreement (“BAA”) applies
3. The governing BAA terms used with Covered Entities

HIPAA Compliance Statement

Humbear Media maintains administrative, technical, and physical safeguards intended to protect the confidentiality, integrity, and availability of electronic data processed through our platform. These safeguards may include, where applicable:

• Encryption of data in transit and at rest
• Role-based access controls
• Secure authentication mechanisms
• Activity logging and monitoring
• Infrastructure security controls

Important clarification:
Humbear Media does not diagnose patients, provide medical treatment, or act as a healthcare provider. Our platform is designed to support operational, marketing, communications, and workflow needs. HIPAA compliance is a shared responsibility, and clients are responsible for configuring their accounts, workflows, and integrations in a manner consistent with their own compliance obligations.

Use of Tracking Technologies & Non-PHI Data

Humbear’s public websites and marketing tools may use cookies, pixels, tags, and analytics technologies for performance measurement, advertising, and service improvement purposes. These technologies are not intended to collect Protected Health Information (“PHI”) and must not be used to transmit PHI unless explicitly authorized under a separate, executed Business Associate Agreement.

Clients are responsible for ensuring that:

• PHI is only entered into secure, designated systems
• Tracking technologies are configured in compliance with applicable law
• Required disclosures and consents are provided to end users

When a Business Associate Agreement Applies

A Business Associate Agreement is required only when Humbear Media creates, receives, maintains, or transmits Protected Health Information (“PHI”) on behalf of a Covered Entity as defined under HIPAA.

A BAA does not automatically apply to:

• Public website visits
• Advertising traffic
• Aggregated or anonymized analytics
• Marketing performance data
• Non-identifiable lead attribution metrics

A BAA becomes effective only when executed in writing between Humbear Media and the Covered Entity.

Business Associate Agreement (Governing Terms)

The following terms govern any executed Business Associate Agreement between Humbear Media, LLC (“Business Associate”) and a Covered Entity.

1. Purpose

This Business Associate Agreement (“Agreement”) is entered into to comply with HIPAA and HITECH requirements and to protect the confidentiality, integrity, and availability of Protected Health Information (“PHI”) that may be accessed or processed by the Business Associate in the course of providing services.

2. Definitions

• Protected Health Information (PHI): Individually identifiable health information as defined in 45 C.F.R. §160.103.
• Electronic PHI (ePHI): PHI transmitted or maintained in electronic form.
• HIPAA Rules: The HIPAA Privacy Rule, Security Rule, Breach Notification Rule, and Enforcement Rule.

3. Obligations of Business Associate

The Business Associate agrees to:

• Use or disclose PHI only as permitted by this Agreement or as required by law
• Implement appropriate administrative, technical, and physical safeguards to protect PHI
• Report any impermissible use or disclosure of PHI, including breaches of unsecured PHI, without unreasonable delay
• Ensure that any subcontractors who access PHI agree to equivalent restrictions and safeguards
• Make PHI available to Covered Entity as required by HIPAA
• Maintain records of disclosures as required by HIPAA

4. Permitted Uses and Disclosures

Business Associate may use or disclose PHI solely to:

• Perform services for or on behalf of the Covered Entity
• Manage and administer its business where permitted by law and subject to confidentiality assurances

5. Obligations of Covered Entity

Covered Entity agrees to:

• Not request or permit Business Associate to use or disclose PHI in a manner that would violate HIPAA
• Notify Business Associate of any restrictions on PHI usage
• Notify Business Associate of any changes in patient authorization affecting PHI

6. Term and Termination

• Term: This Agreement remains in effect for the duration of services involving PHI
• Termination for Cause: Covered Entity may terminate this Agreement for material breach
• Effect of Termination: Upon termination, Business Associate shall return or securely destroy PHI, if feasible, or continue to protect it as required by HIPAA

7. Miscellaneous

• This Agreement is governed by applicable federal HIPAA regulations and state law
• Amendments must be in writing and signed by both parties
• No third-party beneficiaries are created by this Agreement

Execution of BAA

This page does not constitute execution of a Business Associate Agreement.

A binding BAA is executed only through a separate written agreement signed by authorized representatives of both parties.

Contact

Humbear Media, LLC
7400 Center Ave, Unit 528
Huntington Beach, CA 92647
Email: admin@humbearmedia.com

HIPAA-Conscious by Design

Humbear Media is committed to responsible data handling, transparency, and security. We work collaboratively with our healthcare partners to support compliance while recognizing the practical realities of modern marketing and technology.