HIPAA & BAA Information — Cove Teams Inc.

Cove is built to support secure, collaborative pediatric therapy—while meeting the privacy requirements of the Health Insurance Portability and Accountability Act (“HIPAA”). We partner closely with therapy clinics, early intervention programs, and private practitioners to ensure Protected Health Information (PHI) remains safe and appropriately managed.

HIPAA Compliance at Cove

Cove maintains administrative, technical, and physical safeguards consistent with HIPAA requirements, including:

  • Encryption of PHI in transit and at rest
  • Role-based access controls
  • Data minimization and restricted internal access
  • Activity logging and audit trails
  • Secure and compliant hosting infrastructure
  • Regular security testing and monitoring

We do not use PHI for marketing, and we never sell PHI.

When Is a BAA Required?

If you are a HIPAA Covered Entity—including:

  • Occupational therapy clinics
  • Speech and language therapy clinics
  • Physical therapy practices
  • Early intervention agencies
  • Pediatric therapy groups
  • Any provider billing insurance for therapy services

—Cove will execute a Business Associate Agreement (BAA) with your organization.

What Our BAA Covers

Our BAA outlines:

  • How Cove safeguards PHI
  • Permitted uses and disclosures
  • Breach notification requirements
  • Security obligations
  • Subcontractor compliance
  • Termination and data return/destruction

You may request a copy of our standard BAA at any time.

How Cove Handles PHI

During normal use of the platform, PHI may include:

  • Child therapy goals
  • Parent-submitted videos or photos
  • Therapist notes, progress updates, or activity logs
  • Scheduling and documentation records

Cove uses this information only to provide the services you request and to support the care relationship between providers and families.

Request a BAA

To receive a copy of our Business Associate Agreement or request a signed version:

[email protected]

(630) 335-3583

We can typically turn around signed BAAs within 1–2 business days.

HIPAA for Parents & Caregivers

When parents use the platform directly:

  • PHI is shared only with the child’s authorized therapy team
  • Parents remain in control of what they upload or share
  • PHI is never visible to other families or users
  • Parents can request account deletion where legally permissible

Our Commitment to Privacy

HIPAA compliance is an ongoing effort. Cove continually enhances its security practices, trains staff, and updates policies to ensure we meet evolving standards for privacy protection.

If you have questions about HIPAA, PHI, or privacy, please contact our team anytime.

Last Updated: 12/2/2025