Skip to main content

Legal

Business Associate Agreement — Checkbox Acknowledgment

For Sign-Up Integration

Glass Box Solutions, Inc. — Adjudica.AI

Version: 1.0 Last Updated: 2026-02-23

Purpose

This document provides the UI text, legal language, and implementation guidance for the BAA checkbox acknowledgment displayed during user sign-up for Adjudica.AI products that handle Protected Health Information (PHI).

Implementation Requirements

When to Display

Display the BAA checkbox acknowledgment when:

Required Components

  1. Checkbox (unchecked by default, must be checked to proceed)
  2. Acknowledgment text with links to full documents
  3. Timestamp of acceptance stored in database
  4. User ID associated with acceptance
  5. IP address of user at time of acceptance (optional but recommended)

Checkbox UI Text

Primary Checkbox (Required)

☐ I acknowledge that I have read and understand the Business Associate Agreement
   (BAA) and AI Processing Addendum, and I agree to be bound by their terms.

   View full documents:
   • Business Associate Agreement [link]
   • AI Processing Addendum [link]

Alternative: Compact Version

☐ I have read and agree to the Business Associate Agreement and AI Processing
   Addendum governing the handling of Protected Health Information (PHI).
   [View BAA] [View AI Addendum]

Key Points Summary (Display Above Checkbox)

Display this summary to help users understand what they're agreeing to:

### Business Associate Agreement Summary

By checking the box below, you acknowledge and agree that:

**Data Protection**
• Glass Box Solutions will handle your clients' Protected Health Information (PHI)
  in compliance with HIPAA regulations
• PHI is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access to PHI is logged and auditable

**AI Processing**
• PHI may be processed by AI systems (Google Gemini) for document analysis,
  case summarization, and legal research
• Our AI provider (Google) is contractually prohibited from using your data for model training
• AI outputs must be verified by a licensed attorney before reliance

**Your Responsibilities**
• You must review all AI-generated content before use
• AI outputs do not constitute legal advice
• You are responsible for maintaining professional supervision over AI-assisted work

**Data Handling**
• PHI is retained only as long as necessary to provide services
• You may request deletion of your data at any time
• Breach notification will be provided within 10 calendar days of discovery

Full Legal Acknowledgment Text

For users who click "View Full Acknowledgment" or for legal records:

BUSINESS ASSOCIATE AGREEMENT ACKNOWLEDGMENT

By checking this box and clicking "Accept" (or proceeding with account creation),
I, on behalf of myself and my organization (the "Covered Entity"), acknowledge
and agree to the following:

1. AGREEMENT TO TERMS
   I have read, understand, and agree to be bound by:
   (a) The Business Associate Agreement between Glass Box Solutions, Inc. and
       Covered Entity; and
   (b) The AI Processing Addendum supplementing the Business Associate Agreement.

2. AUTHORITY TO BIND
   I represent and warrant that I have the legal authority to bind my organization
   to this Business Associate Agreement.

3. HIPAA COMPLIANCE
   I understand that Glass Box Solutions, Inc. is a Business Associate as defined
   under HIPAA and will handle Protected Health Information (PHI) in accordance
   with HIPAA regulations (45 CFR Parts 160 and 164).

4. AI PROCESSING ACKNOWLEDGMENT
   I understand and acknowledge that:
   (a) PHI may be processed using artificial intelligence technologies;
   (b) AI outputs may contain errors and must be verified before reliance;
   (c) AI outputs do not constitute legal advice;
   (d) A licensed attorney must supervise all AI-assisted legal work.

5. NO MODEL TRAINING
   I understand that Glass Box Solutions has obtained contractual commitments
   from our AI provider (Google) that my organization's PHI will not be used
   for AI model training.

6. DATA SECURITY
   I understand that PHI will be:
   (a) Encrypted in transit using TLS 1.3;
   (b) Encrypted at rest using AES-256;
   (c) Subject to access controls and audit logging;
   (d) Retained in accordance with the Data Retention Policy.

7. BREACH NOTIFICATION
   I understand that Glass Box Solutions will notify my organization of any
   breach of unsecured PHI within ten (10) calendar days of discovery.

8. PROFESSIONAL SUPERVISION REQUIREMENT
   I acknowledge the Professional Supervision Requirement set forth in Section
   1A of the End User License Agreement and agree to maintain appropriate
   attorney oversight of all AI-generated content.

9. ELECTRONIC SIGNATURE
   I agree that checking this box and completing account registration constitutes
   my electronic signature and acceptance of the Business Associate Agreement
   and AI Processing Addendum, with the same legal force and effect as a
   handwritten signature.

Acceptance Date: [Auto-populated timestamp]
User Email: [Auto-populated]
Organization: [Auto-populated if available]
IP Address: [Auto-populated]

Implementation Reference

Note: The following section contains engineering implementation guidance for developers integrating the BAA checkbox flow. This is not part of the legal agreement.

Database Schema

Store acceptance records with the following fields:

CREATE TABLE baa_acceptances (
  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
  user_id UUID NOT NULL REFERENCES users(id),
  organization_id UUID REFERENCES organizations(id),

  -- Document versions accepted
  baa_version VARCHAR(20) NOT NULL,           -- e.g., "1.0"
  ai_addendum_version VARCHAR(20) NOT NULL,   -- e.g., "1.0"

  -- Acceptance metadata
  accepted_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
  ip_address INET,
  user_agent TEXT,

  -- Legal record
  full_acknowledgment_text TEXT NOT NULL,     -- Store the exact text shown
  checkbox_text TEXT NOT NULL,                -- Store the checkbox label text

  -- Audit
  created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),

  CONSTRAINT unique_user_baa UNIQUE (user_id, baa_version, ai_addendum_version)
);

CREATE INDEX idx_baa_acceptances_user ON baa_acceptances(user_id);
CREATE INDEX idx_baa_acceptances_org ON baa_acceptances(organization_id);
CREATE INDEX idx_baa_acceptances_date ON baa_acceptances(accepted_at);

API Endpoint

// POST /api/legal/baa-acceptance
interface BAAAcceptanceRequest {
  userId: string;
  organizationId?: string;
  baaVersion: string;
  aiAddendumVersion: string;
  checkboxText: string;
  fullAcknowledgmentText: string;
}

interface BAAAcceptanceResponse {
  id: string;
  acceptedAt: string;
  baaVersion: string;
  aiAddendumVersion: string;
}

Document Links

Configure these URLs in your environment:

# Production URLs for BAA documents
BAA_DOCUMENT_URL=https://adjudica.ai/legal/business-associate-agreement
AI_ADDENDUM_URL=https://adjudica.ai/legal/ai-processing-addendum

# Or hosted document URLs
BAA_DOCUMENT_URL=https://docs.adjudica.ai/legal/baa
AI_ADDENDUM_URL=https://docs.adjudica.ai/legal/ai-addendum

React Component Example

// @Developed & Documented by Glass Box Solutions, Inc.

import { useState } from 'react';
import { Checkbox } from '@/components/ui/checkbox';
import { Button } from '@/components/ui/button';
import { ExternalLink } from 'lucide-react';

interface BAACheckboxProps {
  onAccept: (accepted: boolean) => void;
  baaUrl: string;
  aiAddendumUrl: string;
}

export function BAACheckbox({ onAccept, baaUrl, aiAddendumUrl }: BAACheckboxProps) {
  const [checked, setChecked] = useState(false);
  const [expanded, setExpanded] = useState(false);

  return (
    <div className="space-y-4 rounded-lg border border-gray-200 p-4">
      {/* Key Points Summary */}
      <div className="text-sm text-gray-600">
        <h4 className="font-semibold text-gray-900 mb-2">
          Business Associate Agreement Summary
        </h4>
        <ul className="space-y-1 list-disc list-inside">
          <li>Your clients' PHI will be handled in HIPAA compliance</li>
          <li>AI providers cannot use your data for model training</li>
          <li>AI outputs must be verified by a licensed attorney</li>
          <li>Breach notification within 10 days of discovery</li>
        </ul>
      </div>

      {/* Checkbox */}
      <div className="flex items-start gap-3">
        <Checkbox
          id="baa-acceptance"
          checked={checked}
          onCheckedChange={(value) => {
            setChecked(!!value);
            onAccept(!!value);
          }}
          className="mt-1"
        />
        <label htmlFor="baa-acceptance" className="text-sm cursor-pointer">
          I acknowledge that I have read and understand the{' '}
          <a
            href={baaUrl}
            target="_blank"
            rel="noopener noreferrer"
            className="text-blue-600 hover:underline inline-flex items-center gap-1"
          >
            Business Associate Agreement
            <ExternalLink className="h-3 w-3" />
          </a>{' '}
          and{' '}
          <a
            href={aiAddendumUrl}
            target="_blank"
            rel="noopener noreferrer"
            className="text-blue-600 hover:underline inline-flex items-center gap-1"
          >
            AI Processing Addendum
            <ExternalLink className="h-3 w-3" />
          </a>
          , and I agree to be bound by their terms.
        </label>
      </div>

      {/* Expand full acknowledgment */}
      <button
        type="button"
        onClick={() => setExpanded(!expanded)}
        className="text-xs text-gray-500 hover:text-gray-700 underline"
      >
        {expanded ? 'Hide' : 'View'} full legal acknowledgment
      </button>

      {expanded && (
        <div className="text-xs text-gray-600 bg-gray-50 p-3 rounded max-h-48 overflow-y-auto">
          {/* Full acknowledgment text here */}
          <p className="font-semibold mb-2">BUSINESS ASSOCIATE AGREEMENT ACKNOWLEDGMENT</p>
          <p>By checking this box, I acknowledge and agree to the terms...</p>
          {/* ... rest of full text ... */}
        </div>
      )}
    </div>
  );
}

Validation Requirements

Before allowing form submission:

  1. Checkbox must be checked — Display error: "You must accept the Business Associate Agreement to continue"
  2. Links must be functional — Test that BAA documents are accessible
  3. Timestamp must be recorded — Server-side, not client-side
  4. Version must be stored — Track which version of BAA was accepted

Re-Acceptance Triggers

Require users to re-accept the BAA when:

  1. BAA version changes — Material updates to the agreement
  2. AI Addendum version changes — Changes to AI processing terms
  3. New AI provider added — Per Section 4.3 of AI Addendum (30-day notice)
  4. User changes organization — New Covered Entity requires new acceptance
  5. Annual re-confirmation — Optional, for additional compliance assurance

Audit Trail Requirements

For HIPAA compliance, maintain:

  1. Immutable acceptance records — Never delete or modify
  2. Document version history — Store historical versions of BAA/Addendum
  3. Access logs — Who viewed/downloaded the full documents
  4. Re-acceptance history — Track all acceptance events per user

Related Documents

DocumentPathPurpose
Full BAAlegal/templates/BUSINESS_ASSOCIATE_AGREEMENT_TEMPLATE.mdComplete BAA template
AI Addendumlegal/final-documents/product/BAA_AI_ADDENDUM.mdAI processing terms
EULAlegal/final-documents/product/END_USER_LICENSE_AGREEMENT.mdEnd user license
Privacy Policylegal/final-documents/corporate/PRIVACY_POLICY.mdPrivacy practices
AI Transparencylegal/final-documents/product/AI_TRANSPARENCY_DISCLOSURE.mdAI capabilities/limitations

@Developed & Documented by Glass Box Solutions, Inc. using human ingenuity and modern technology