Legal request
BAA Request
If your organization needs to use MARCUS with protected health information, you must complete a contracting and deployment review before submitting PHI. This includes a signed Business Associate Agreement and an approved PHI-capable configuration.
Submitting a request does not authorize PHI use. PHI use is authorized only after the applicable agreements are signed and the workspace is explicitly approved for PHI-enabled use.
Request a Business Associate Agreement for an approved PHI-enabled MARCUS deployment.
MARCUS is PHI-off by default. Public demos, trial workspaces, and uncontracted deployments are not approved for protected health information, patient identifiers, or patient-specific clinical facts. Do not upload, type, paste, or transmit PHI into MARCUS unless your organization has executed a Business Associate Agreement with surgicAI and your workspace has been approved for PHI-enabled use.
Who should request this?
- Hospitals, health systems, clinics, physician groups, academic medical centers, residency programs, or healthcare institutions.
- HIPAA covered entities or business associates.
- Organizations planning to use MARCUS with PHI, ePHI, patient identifiers, or patient-specific clinical facts.
- Organizations requiring vendor security review for clinical or institutional deployment.
What happens next?
- We review the organization, use case, data flow, and deployment needs.
- We confirm whether MARCUS can support the requested PHI use case.
- We exchange legal and security documents as needed.
- If approved, the parties execute a BAA and any related agreements.
- We configure or approve a PHI-enabled workspace.
- PHI use may begin only after written approval.
Request details to include
This page is a conservative intake checklist. It does not transmit form data from the browser. Send the relevant details to the contact below and do not include PHI, credentials, secrets, or patient-specific facts.
| Field | Type | Required | Notes |
|---|---|---|---|
| Full name | Text | Yes | |
| Work email | Yes | ||
| Organization | Text | Yes | |
| Title / role | Text | Yes | |
| Organization type | Hospital, health system, academic medical center, clinic, residency program, business associate, or other | Yes | |
| Authority to request legal/security review | Yes / No | Yes | |
| Intended MARCUS use case | Long text | Yes | Do not include PHI. |
| Will users submit PHI or patient-specific facts? | Yes / No / Unsure | Yes | |
| Expected data categories | Institutional documents, policies, handbooks, protocols, schedules, PHI, ePHI, audit logs, or other | Yes | |
| Expected users | Number | No | |
| Required deployment type | Standard cloud, private cloud/VPC, on-premises, or unsure | Yes | |
| Required SSO | SAML, OIDC, none, or unsure | No | |
| Security review requirements | Long text | No | |
| Preferred legal contact | No | ||
| Requested start date | Date | No | |
| Additional notes | Long text | No | Do not include PHI. |
BAA requests
Send the request packet to legal@surgic.ai.