BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

This Business Associate Agreement (“Agreement”), is effective upon signing this Agreement
and is entered into by and between (Insert Clinic Name) (“Covered Entity”) and VENDOR (the
“Business Associate”).

  1. Term
    This Agreement shall be renewed on a month to month basis and shall apply to all of the
    Services and/or Supplies delivered by the Business Associate pursuant to this Agreement. If any
    party wants to terminate the Agreement, they shall issue a 30 day termination notice to the other
    party.
  2. Compensation
    In consideration of the services provided, the Covered entity shall pay the Business Associate $
    299 monthly with a free trial for one month.
  3. HIPAA Assurances
    In the event Business Associate creates, receives, maintains, or otherwise is exposed to
    personally identifiable or aggregate patient or other medical information defined as Protected
    Health Information (“PHI”) in the Health Insurance Portability and Accountability Act of 1996
    or its relevant regulations (“HIPAA”) and otherwise meets the definition of Business Associate
    as defined in the HIPAA Privacy Standards (45 CFR Parts 160 and 164), Business Associate
    shall:
    (a) Recognize that HITECH (the Health Information Technology for Economic and Clinical
    Health Act of 2009) and the regulations thereunder (including 45 C.F.R. Sections 164.308,
    164.310, 164.312, and 164.316), apply to a business associate of a covered entity in the same
    manner that such sections apply to the covered entity;
    (b) Not use or further disclose the PHI, except as permitted by law;
    (c) Not use or further disclose the PHI in a manner that had (Insert Clinic Name) done so, would
    violate the requirements of HIPAA;
    (d) Use appropriate safeguards (including implementing administrative, physical, and technical
    safeguards for electronic PHI) to protect the confidentiality, integrity, and availability of and to
    prevent the use or disclosure of the PHI other than as provided for by this Agreement;
    (e) Comply with each applicable requirements of 45 C.F.R. Part 162 if the Business Associate
    conducts Standard Transactions for or on behalf of the Covered Entity;
    (f) Report promptly to (Insert Clinic Name ) any security incident or other use or disclosure of
    PHI not provided for by this Agreement of which Business Associate becomes aware;

(g) Ensure that any subcontractors or agents who receive or are exposed to PHI (whether in
electronic or other format) are explained the Business Associate obligations under this paragraph
and agree to the same restrictions and conditions;
(h) Make available PHI in accordance with the individual’s rights as required under the HIPAA
regulations;
(i) Account for PHI disclosures for up to the past six (6) years as requested by Covered Entity,
which shall include: (i) dates of disclosure, (ii) names of the entities or persons who received the
PHI, (iii) a brief description of the PHI disclosed, and (iv) a brief statement of the purpose and
basis of such disclosure;
(j) Make its internal practices, books, and records that relate to the use and disclosure of PHI
available to the U.S. Secretary of Health and Human Services for purposes of determining
Customer’s compliance with HIPAA; and
(k) Incorporate any amendments or corrections to PHI when notified by Customer or enter into a
Business Associate Agreement or other necessary Agreements to comply with HIPAA.

  1. Termination upon Breach of Provisions
    Notwithstanding any other provision of this Agreement, Covered Entity may immediately
    terminate this Agreement if it determines that Business Associate breaches any term in this
    Agreement. Alternatively, Covered Entity may give written notice to Business Associate in the
    event of a breach and give Business Associate five (5) business days to cure such breach.
    Covered Entity shall also have the option to immediately stop all further disclosures of PHI to
    Business Associate if Covered Entity reasonably determines that Business Associate has
    breached its obligations under this Agreement. In the event that termination of this Agreement
    and the Agreement is not feasible, Business Associate hereby acknowledges that the Covered
    Entity shall be required to report the breach to the Secretary of the U.S. Department of Health
    and Human Services, notwithstanding any other provision of this Agreement or Agreement to
    the contrary.
  2. Return or Destruction of Protected Health Information upon Termination
    Upon the termination of this Agreement, unless otherwise directed by Covered Entity, Business
    Associate shall either return or destroy all PHI received from the Covered Entity or created or
    received by Business Associate on behalf of the Covered Entity in which Business Associate
    maintains in any form. Business Associate shall not retain any copies of such PHI.
    Notwithstanding the foregoing, in the event that Business Associate determines that returning or
    destroying the Protected Health Information is infeasible upon termination of this Agreement,
    Business Associate shall provide to Covered Entity notification of the condition that makes
    return or destruction infeasible. To the extent that it is not feasible for Business Associate to
    return or destroy such PHI, the terms and provisions of this Agreement shall survive such

termination or expiration and such PHI shall be used or disclosed solely as permitted by law for
so long as Business Associate maintains such Protected Health Information.

  1. No Third Party Beneficiaries
    The parties agree that the terms of this Agreement shall apply only to themselves and are not for
    the benefit of any third party beneficiaries. Nothing express or implied in this Agreement is
    intended to confer upon any person, other than the Parties and their respective successors or
    assigns, any rights, remedies, obligations or liabilities whatsoever. This provision shall survive
    termination of this Agreement.
  2. De-Identified Data
    Notwithstanding the provisions of this Agreement, Business Associate and its subcontractors
    may disclose non-personally identifiable information provided that the disclosed information
    does not include a key or other mechanism that would enable the information to be identified.
  3. Amendment
    Business Associate and Covered Entity agree to amend this Agreement to the extent necessary to
    allow either party to comply with the Privacy Standards, the Standards for Electronic
    Transactions, the Security Standards, or other relevant state or federal laws or regulations created
    or amended to protect the privacy of patient information. All such amendments shall be made in
    a writing signed by both parties.
  4. Interpretation
    Any ambiguity in this Agreement shall be resolved in favor of a meaning that permits Covered
    Entity to comply with the then most current version of HIPAA and the HIPAA privacy
    regulations.
  5. Definitions
    Capitalized terms used in this Agreement shall have the meanings assigned to them as outlined in
    HIPAA and its related regulations.
  6. Survival
    The obligations imposed by this Agreement shall survive any expiration or termination of this
    Agreement.
  7. Governing Law
    This BAA is governed by the laws of Arizona. The federal and state courts located in Arizona
    will have jurisdiction to adjudicate any dispute arising out of or relating to this BAA. Each Party
    hereby consents to the jurisdiction of such courts and waives any right it may otherwise have to

challenge the appropriateness of such forums, whether on the basis of the doctrine of forum non
conveniens or otherwise.

  1. Independent Contractor
    Business Associate, including its directors, officers, employees and agents, is an independent
    contractor and not an agent of Covered Entity or a member of its workforce. Without limiting the
    generality of the foregoing, Covered Entity will have no right to control, direct, or otherwise
    influence Business Associate’s conduct in the course of performing the services, other than
    through the enforcement of this Agreement.

Insert Clinic Name VENDOR: _____________
Sign: _________________ Sign: __________________
Name: ________________ Name: _________________
Title: _________________ Title: __________________
Date: _________________ Date: __________________

At Legal writing experts, we would be happy to assist in preparing any legal document you need. We are international lawyers and attorneys with significant experience in legal drafting, Commercial-Corporate practice and consulting. In the last few years, we have successfully undertaken similar assignments for clients from different jurisdictions. If given this opportunity, The LegalPen will be able to prepare the legal document within the shortest time possible. You can send us your quick enquiry ( here )