Skip to content
Back to home

HIPAA & Business Associate Agreement

How Vortex Voice AI supports HIPAA-regulated customers and handles protected health information.

Effective date: June 7, 2026 · Vortex Voice AI is a product of EactiveNet, Inc.

This page describes how EactiveNet, Inc. supports customers subject to the U.S. Health Insurance Portability and Accountability Act of 1996, as amended by the HITECH Act, and its implementing regulations (collectively, "HIPAA"). It is informational and is supplemented by a separate executed Business Associate Agreement ("BAA") for eligible customers. Nothing on this page is legal advice.

1. When HIPAA Applies

If you are a Covered Entity or a Business Associate under HIPAA and you use the Services to create, receive, maintain, or transmit Protected Health Information ("PHI"), a BAA between you and EactiveNet is required before PHI is processed through the Services. You must not transmit PHI through the Services until a BAA is in effect.

2. Requesting a BAA

Eligible customers may request a BAA by contacting [email protected]. Once executed, the BAA governs the parties' respective obligations with respect to PHI and prevails over any conflicting term in the Terms of Service as to PHI.

3. Our Safeguards as a Business Associate

Under an executed BAA, EactiveNet commits to:

  • use and disclose PHI only as permitted by the BAA, applicable law, or as directed by you;
  • implement administrative, physical, and technical safeguards consistent with the HIPAA Security Rule, including encryption of PHI in transit and access controls based on least privilege;
  • operate the voice pipeline on a zero-retention basis — live audio, transcripts, and intermediate AI outputs are processed in volatile memory and are not written to persistent storage (see Security);
  • ensure that subcontractors that create, receive, maintain, or transmit PHI agree to restrictions and conditions at least as protective as those that apply to us;
  • make available information required for you to fulfill individuals' rights of access and amendment to the extent applicable; and
  • report to you any use or disclosure not provided for by the BAA, including Breaches of Unsecured PHI, without unreasonable delay and as required by the BAA.

4. Your Responsibilities

  • configure and use the Services in a HIPAA-compliant manner, including limiting the PHI you submit to the minimum necessary;
  • obtain any patient authorizations and provide any notices required by law, including for call recording or automated communications;
  • manage your users, credentials, and access rights; and
  • not include PHI in fields, file names, or metadata not intended for sensitive data.

5. Breach Notification

In the event of a Breach of Unsecured PHI for which EactiveNet is responsible, we will notify you in accordance with the BAA and applicable law and will cooperate reasonably in your breach- assessment and notification obligations.

6. No Warranty of Compliance

HIPAA compliance is a shared responsibility. The availability of safeguards and a BAA does not by itself make your overall use of the Services compliant; you remain responsible for your own compliance program. This page does not constitute legal advice — consult your counsel and compliance team.

7. Contact

For BAA requests or HIPAA questions, contact [email protected], EactiveNet, Inc.

Legal center

Terms of Service Privacy Policy Acceptable Use Policy Refund & Cancellation Policy HIPAA & Business Associate Agreement Security Cookie Policy

Copyright Vortex Voice AI 2026. All rights reserved. An EactiveNet, Inc. product