Policies contact: firstname.lastname@example.org, Last updated: June 05, 2020
This Business Associate Agreement ("Agreement"), effective __________________, ("Effective Date"), is entered into by and between EdiNation, Inc. (the "Business Associate") and ___________________________, (the "Covered Entity").
Citations to the code of the Federal Regulations shall be read to include and require all subsequent, updated, amended or revised provisions.
Except as otherwise defined in this BAA, capitalized terms shall have the definitions set forth in HIPAA, and if not defined by HIPAA, such terms shall have the definitions set forth in the Agreement.
“Breach Notification Rule” means the Breach Notification for Unsecured Protected Health Information Final Rule.
“Business Associate” shall have the same meaning as the term “business associate” in 45 CFR § 160.103 of HIPAA.
“Covered Entity” shall have the same meaning as the term “covered entity” in 45 CFR § 160.103 of HIPAA.
“Customer”, for this BAA only, means ___________________________ and its Affiliates.
“HIPAA” collectively means the administrative simplification provision of the Health Insurance Portability and Accountability Act enacted by the United States Congress, and its implementing regulations, including the Privacy Rule, the Breach Notification Rule, and the Security Rule, as amended from time to time, including by the Health Information Technology for Economic and Clinical Health (“HITECH”) Act and by the Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules; Final Rule.
“EdiNation Online Services”, for this BAA only, means EdiNation's websites, software, and other services but explicitly excludes EdiNation's support portal, hosted in Zendesk and accessible at https://docs.edination.com/.
“Privacy Rule” means the Standards for Privacy of Individually Identifiable Health Information.
“Protected Health Information” shall have the same meaning as the term “protected health information” in 45 CFR § 160.103 of HIPAA, provided that it is limited to such protected health information that is received by EdiNation from, or created, received, maintained, or transmitted by EdiNation on behalf of, Customer through the use of the EdiNation Online Services.
“Security Rule” means the Security Standards for the Protection of Electronic Protected Health Information.
Performance of the Agreement for EdiNation Online Services. Except as otherwise limited in this BAA, EdiNation may Use and Disclose Protected Health Information for, or on behalf of, Customer as specified in the Agreement; provided that any such Use or Disclosure would not violate HIPAA if done by Customer, unless expressly permitted under paragraph b of this Section.
Management, Administration, and Legal Responsibilities. Except as otherwise limited in this BAA, EdiNation may Use and Disclose Protected Health Information for the proper management and administration of EdiNation and/or to carry out the legal responsibilities of EdiNation, provided that any Disclosure may occur only if: (1) Required by Law; or (2) EdiNation obtains written reasonable assurances from the person to whom the Protected Health Information is Disclosed that it will be held confidentially and Used or further Disclosed only as Required by Law or for the purpose for which it was Disclosed to the person, and the person notifies EdiNation of any instances of which it becomes aware in which the confidentiality of the Protected Health Information has been breached.
EdiNation’s Responsibilities. To the extent EdiNation is acting as a Business Associate, EdiNation agrees to the following:
This BAA is applicable to EdiNation Services Agreement. EdiNation may, from time to time, (a) include additional EdiNation online services and/or in the Online Services Terms incorporated into the Agreement, and (b) update the definition of EdiNation Services Agreementin this BAA accordingly, and such updated definitions will apply to Customer without additional action by Customer. It is Customer’s obligation to not store or process in an online service, or provide to EdiNation for performance of a professional service, protected health information (as that term is defined in 45 CFR § 160.103 of HIPAA) until this BAA is effective as to the applicable service.
The Term of this Agreement shall be effective as of the Effective Date, and shall continue in effect until the earlier of (1) termination by a Party for breach as set forth in Section 5b, below, or (2) expiration of EdiNation's Services Agreement with the Customer.
Termination for Breach. Upon written notice, either Party immediately may terminate the Agreement and this BAA if the other Party is in material breach or default of any obligation in this BAA. Either party may provide the other a thirty (30) calendar day period to cure a material breach or default within such written notice.
Return, Destruction, or Retention of Protected Health Information Upon Termination. Upon expiration or termination of this BAA, EdiNation shall return or destroy all Protected Health Information in its possession, if it is feasible to do so, and as set forth in the applicable termination provisions of the Agreement. If it is not feasible to return or destroy any portions of the Protected Health Information upon termination of this BAA, then EdiNation shall extend the protections of this BAA, without limitation, to such Protected Health Information and limit any further Use or Disclosure of the Protected Health Information to those purposes that make the return or destruction infeasible for the duration of the retention of the Protected Health Information.
Interpretation. The Parties intend that this BAA be interpreted consistently with their intent to comply with HIPAA and other applicable federal and state law. Except where this BAA conflicts with the Agreement, all other terms and conditions of the Agreement remain unchanged. Any captions or headings in this BAA are for the convenience of the Parties and shall not affect the interpretation of this BAA.
BAAs; Waiver. This BAA may not be modified or amended except in a writing duly signed by authorized representatives of the Parties. A waiver with respect to one event shall not be construed as continuing, as a bar to, or as a waiver of any right or remedy as to subsequent events.
No Third-Party Beneficiaries. Nothing express or implied in this BAA is intended to confer, nor shall anything in this BAA confer, upon any person other than the Parties, and the respective successors or assigns of the Parties, any rights, remedies, obligations, or liabilities whatsoever.
Severability. In the event that any provision of this BAA is found to be invalid or unenforceable, the remainder of this BAA shall not be affected thereby, but rather the remainder of this BAA shall be enforced to the greatest extent permitted by law.
No Agency Relationship. It is not intended that an agency relationship (as defined under the Federal common law of agency) be established hereby expressly or by implication between Customer and EdiNation under HIPAA or the Privacy Rule, Security Rule, or Breach Notification Rule. No terms or conditions contained in this BAA shall be construed to make or render EdiNation an agent of Customer.
Independent Contractor. The Business Associate is performing services pursuant to the Agreement and for all purposes hereunder, Business Associate’s status shall be that of an independent contractor.
If to Covered Entity, send notice to:
Attn: Privacy Officer
Phone number: ___________________________
If to Business Associate, to:
Attn: Kamen Nikolov,
Phone number: 0044 (0) 7534718840
Business Associate ____________________
Covered Entity ____________________