Business Associate Agreement

BUSINESS ASSOCIATE AGREEMENT

This Business Associate Agreement ("Agreement") is entered into by and between ClaimDuty LLC ("Covered Entity / Service Provider") and the undersigned firm ("Business Associate"), collectively referred to as the "Parties."

Effective Date: Upon execution of the Corporate subscription agreement.

1. DEFINITIONS

"Protected Health Information" (PHI) means individually identifiable health information created, received, maintained, or transmitted by Business Associate on behalf of Covered Entity, as defined under 45 CFR § 160.103.

"HIPAA Rules" means the Privacy, Security, Breach Notification, and Enforcement Rules at 45 CFR Parts 160 and 164.

2. OBLIGATIONS OF BUSINESS ASSOCIATE

Business Associate agrees to:

(a) Not use or disclose PHI other than as permitted by this Agreement or required by law.

(b) Use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to electronic PHI, to prevent use or disclosure of PHI other than as provided for by this Agreement.

(c) Report to Covered Entity any use or disclosure of PHI not provided for by this Agreement of which it becomes aware, including breaches of unsecured PHI as required by 45 CFR § 164.410.

(d) In accordance with 45 CFR §§ 164.502(e)(1)(ii) and 164.308(b)(2), ensure that any subcontractors that create, receive, maintain, or transmit PHI on behalf of Business Associate agree to the same restrictions, conditions, and requirements that apply to Business Associate with respect to such information.

(e) Make available PHI in a designated record set to Covered Entity as necessary to satisfy Covered Entity's obligations under 45 CFR § 164.524.

(f) Make any amendment(s) to PHI in a designated record set as directed or agreed to by Covered Entity pursuant to 45 CFR § 164.526.

(g) Maintain and make available the information required to provide an accounting of disclosures to Covered Entity as necessary to satisfy Covered Entity's obligations under 45 CFR § 164.528.

(h) To the extent Business Associate is to carry out one or more of Covered Entity's obligation(s) under Subpart E of 45 CFR Part 164, comply with the requirements of Subpart E that apply to Covered Entity in the performance of such obligation(s).

(i) Make its internal practices, books, and records available to the Secretary of the U.S. Department of Health and Human Services for purposes of determining compliance with the HIPAA Rules.

3. PERMITTED USES AND DISCLOSURES BY BUSINESS ASSOCIATE

(a) Business Associate may use or disclose PHI to perform functions, activities, or services for, or on behalf of, Covered Entity as specified in the Corporate subscription agreement, provided that such use or disclosure would not violate the HIPAA Rules if done by Covered Entity.

(b) Business Associate may use or disclose PHI as Required By Law.

(c) Business Associate agrees to make uses and disclosures and requests for PHI consistent with Covered Entity's minimum necessary policies and procedures.

4. OBLIGATIONS OF COVERED ENTITY

Covered Entity shall notify Business Associate of any limitation(s) in the notice of privacy practices of Covered Entity under 45 CFR § 164.520, to the extent that such limitation may affect Business Associate's use or disclosure of PHI.

5. TERM AND TERMINATION

(a) Term. This Agreement shall be effective as of the Effective Date and shall terminate on the date the Corporate subscription terminates, unless terminated earlier.

(b) Termination for Cause. Either party may terminate this Agreement if the other party has breached a material term of this Agreement and has not cured the breach within 30 days of written notice.

(c) Obligations of Business Associate Upon Termination. Upon termination of this Agreement, Business Associate shall return or destroy all PHI received from Covered Entity or created, maintained, or received by Business Associate on behalf of Covered Entity, if feasible.

6. MISCELLANEOUS

(a) Regulatory References. A reference in this Agreement to a section in the HIPAA Rules means the section as in effect or as amended.

(b) Amendment. The Parties agree to take such action as is necessary to amend this Agreement from time to time as is necessary for Covered Entity to comply with the requirements of the HIPAA Rules.

(c) Interpretation. Any ambiguity in this Agreement shall be resolved in favor of a meaning that permits Covered Entity to comply with the HIPAA Rules.

7. GOVERNING LAW

This Agreement shall be governed by the laws of the State of Illinois.

ClaimDuty LLC
6609 Golden Raintree, Edwardsville, IL 62025
info@claimduty.com

For questions regarding this BAA, contact: sales@claimduty.com