DEMO

You’re viewing AuditPilot with seeded data for Cedar Creek Family Medicine. Add Clerk + Neon environment variables to enable real multi-tenant data.

Vendor & Third-Party Management · AP-VM-001

BAA on file for every vendor handling PHI

Every third-party that creates, receives, maintains, or transmits PHI on the clinic's behalf has a current, signed Business Associate Agreement.

FailingCritical

Remediation guidance

Use the AuditPilot BAA tracker. Upload signed agreements, track expiration, and request renewals automatically.

Status

Last checked4 hours ago

Next check dueApr 27, 2026

Weight20

Severitycritical

Framework requirements satisfied

HIPAA

§164.308(b)(1)

Business Associate Contracts

SOC 2

CC9.2

Vendor Management

HITRUST

05.k

Addressing Security in Third Party Agreements

Linked evidence (0)

No evidence yet. Upload a screenshot, report, or signed document to mark this control as proven.