CAS takes confidentiality and compliance with HIPAA extremely seriously. All CAS clients must sign a Business Associate Agreement (BAA) agreeing to comply with HIPAA regulations in all respects, including the implementation of all necessary safeguards to prevent such disclosure, as well as the assurance that any subcontractors or agents to whom either party provided protected health information agree to the same restrictions and conditions.

The Health Insurance Portability and Accountability Act of 1996 (commonly known as "HIPAA") established national standards for electronic health care transactions in addition to strengthening health care privacy laws. Per, "Individuals, organizations, and agencies that meet the definition of a covered entity under HIPAA must comply with the Rules' requirements to protect the privacy and security of health information and must provide individuals with certain rights with respect to their health information. If a covered entity engages a business associate to help it carry out its health care activities and functions, the covered entity must have a written business associate contract or other arrangement with the business associate that establishes specifically what the business associate has been engaged to do and requires the business associate to comply with the Rules’ requirements to protect the privacy and security of protected health information."